National Cybersecurity Workforce Framework

Today, there is little consistency in how cybersecurity work is defined and described throughout the nation. The lack of a common language to discuss and understand the work requirements of cybersecurity professionals hinders our nation's ability to:

Baseline capabilities,
Identify skill gaps,
Develop cybersecurity talent in the workforce, and
Prepare the pipeline of future talent.

Establishing and using a unified framework for cybersecurity work and workers is not merely practical but vital to the nation's cybersecurity. Much as other professions have defined their specialties (e.g., law, medicine), it is now time to forge a common set of definitions for the cybersecurity workforce.

The National Cybersecurity Workforce Framework offers a working taxonomy and common lexicon that can be overlaid onto any organization's existing occupational structure. This Framework was first released publicly in September 2011, and the NICE team appreciates the many individuals and organizations that have contributed comments to improve it. The many inputs to the Framework are now being analyzed, and the NICE team anticipates release of the next version of the Framework in the coming months of 2012.

Because of the rapid pace and evolution, the Cybersecurity Workforce Framework will be a living document with periodic updates. As such, please submit comments for Framework improvement at any time, and these comments will be captured for the next review cycle.

Documents

Email completed comments to NICEFrameworkComments@nist.gov

NICE Cube - Workforce Framework