Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8355 (2nd Public Draft)

NICE Framework Competencies: Assessing Learners for Cybersecurity Work

Date Published: December 2021
Comments Due: January 31, 2022 (public comment period is CLOSED)
Email Questions to: niceframework@nist.gov

Author(s)

Karen Wetzel (NIST)

Announcement

The National Initiative for Cybersecurity Education (NICE) has released a second draft of NISTIR 8355, NICE Framework Competencies: Assessing Learners for Cybersecurity Work. This supplemental content to the Workforce Framework for Cybersecurity (NICE Framework) elaborates on Competencies, which were re-introduced to the NICE Framework in 2020.

The first draft was released in March 2021 along with an initial list of proposed Competency Areas. Feedback received on that first draft, conversations with NICE community members, and insights from workshops that brought together subject matter experts have matured our understanding of NICE Framework Competencies. The adjustments to this document are the result. In addition, we will be working with community stakeholders to further refine the proposed list of Competency Areas for release in 2022. Any subsequent draft(s) may be further adjusted, including the Competency Areas, their descriptions, and associated Task, Knowledge, and Skill (TKS) statements.

The public comment period for the second draft of NISTIR 8355 is open through January 31, 2022. Feedback will be used to inform the next stage of work on the NICE Competencies. We value and welcome your input and look forward to your comments. 

NOTE: A call for patent claims is included on page v of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

competency; Competency Area; cyber; cybersecurity; cyberspace; education; knowledge; risk management; role; security; skill; task; team; training; workforce; work role.
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8355-draft2
Download URL

Supplemental Material:
List of Competencies (draft) (xlsx)
NICE Framework site

Document History:
03/17/21: IR 8355 (Draft)
12/15/21: IR 8355 (Draft)
06/21/23: IR 8355 (Final)