Cybersecurity Competency Model: Identifying Credential Competencies Worksheet

Cybersecurity Competency Model
Identifying Credential Competencies Worksheet

Use the worksheet to identify the knowledge, skills, or abilities to include in your credential. Subject matter
experts can rate the value of each competency. Alternately, you can use the worksheet as a check sheet to
indicate which competencies are not currently addressed by an existing credential. Value of Competency
Included in
Competencies (from model) Not Important Preferred Essential Credential
Requirements?
Tier 1: Personal Effectiveness Competencies

1.1 Interpersonal Skills: Displaying the skills to work effectively with others from diverse backgrounds.
1.1.1 Demonstrating sensitivity/empathy
1.1.1.1 Show sincere interest in others and their concerns
1.1.1.2 Demonstrate sensitivity to the needs and feelings of others
1.1.1.3 Look for ways to help people and deliver assistance
1.1.2 Demonstrating insight into behavior
1.1.2.1 Recognize and accurately interpret the verbal and nonverbal behavior of others
1.1.2.2 Recognize when relationships with others are strained
1.1.2.3 Show understanding of others’ behaviors and motives by demonstrating appropriate responses
1.1.2.4 Demonstrate flexibility for change based on the ideas and actions of others
1.1.3 Maintaining open relationships
1.1.3.1 Maintain open lines of communication with others
1.1.3.2 Encourage others to share problems and successes
1.1.3.3 Establish a high degree of trust and credibility with others
1.1.4 Respecting diversity
1.1.4.1 Interact respectfully and cooperatively with others who are of a different race, culture, or age, or have
different abilities, gender, or sexual orientation
1.1.4.2 Demonstrate sensitivity, flexibility, and open-mindedness when dealing with different values, beliefs,
perspectives, customs, or opinions
1.1.4.3 Value an environment that supports and accommodates a diversity of people and ideas
1.2 Integrity: Displaying strong moral principles and work ethic.
1.2.1 Behaving ethically
1.2.1.1 Abide by a strict code of ethics and behavior
1.2.1.2 Choose an ethical course of action and do the right thing, even in the face of opposition
1.2.1.3 Encourage others to behave ethically
1.2.1.4 Use company time and property responsibly
Employment and Training Administration, U.S. Department of Labor www.doleta.gov 1 of 38

Cybersecurity Competency Model -- Identifying Credential Competencies Worksheet
Included in
Requirements?
1.2.1.5 Perform work-related duties according to laws, regulations, contract provisions, and company policies
1.2.1.6 Understand that behaving ethically may go beyond what the law requires
1.2.2 Acting fairly
1.2.2.1 Treat others with honesty, fairness, and respect
1.2.2.2 Make decisions that are objective and reflect the just treatment of others
1.2.3 Taking responsibility
1.2.3.1 Take responsibility for accomplishing work goals within accepted timeframes
1.2.3.2 Accept responsibility for one’s decisions and actions and for those of one’s group, team, or department
1.2.3.3 Learn from mistakes

1.3 Professionalism: Maintaining a professional presence.
1.3.1 Demonstrating self-control
1.3.1.1 Maintain composure and keep emotions in check
1.3.1.2 Deal calmly and effectively with stressful or difficult situations
1.3.1.3 Accept criticism tactfully and attempt to learn from it
1.3.2 Maintaining a professional appearance
1.3.2.1 Maintain a professional demeanor
1.3.2.2 Dress appropriately for occupational and worksite requirements
1.3.2.3 Maintain appropriate personal hygiene
1.3.3 Social responsibility
1.3.3.1 Refrain from lifestyle choices which negatively impact the workplace and individual performance
1.3.3.2 Remain free from substance abuse
1.3.4 Maintaining a positive attitude
1.3.4.1 Project a professional image of oneself and the organization
1.3.4.2 Demonstrate a positive attitude towards work
1.3.4.3 Take pride in one’s work and the work of the organization
1.4 Initiative: Demonstrating a commitment to effective job performance by taking action on one’s own and following
through to get the job done.
1.4.1 Persisting
1.4.1.1 Pursue work with drive and a strong accomplishment orientation
1.4.1.2 Persist and expend extra effort to accomplish tasks even when conditions are difficult or deadlines are tight
1.4.1.3 Persist at a task or problem despite obstacles or setbacks

Included in
Requirements?
1.4.2 Taking initiative
1.4.2.1 Go beyond the routine demands of the job
1.4.2.2 Take initiative in seeking out new work challenges and increasing the variety and scope of one’s job
1.4.2.3 Seek opportunities to influence events and originate action

1.4.2.4 Assist others who have less experience or have heavy workloads
1.4.2.5 Provide suggestions for innovative approaches to improve processes or tasks
1.4.3 Setting challenging goals
1.4.3.1 Establish and maintain personally challenging but realistic work goals
1.4.3.2 Exert effort toward task mastery
1.4.3.3 Bring issues to closure by pushing forward until a resolution is achieved
1.4.4 Working independently
1.4.4.1 Develop one’s own ways of working effectively and efficiently
1.4.4.2 Perform effectively, even with minimal direction, support, or approval
1.4.4.3 Take responsibility for completing one’s own work assignments
1.4.5 Achievement motivation
1.4.5.1 Strive to exceed standards and expectations
1.4.5.2 Exhibit confidence in capabilities and an expectation to succeed in future activities
1.5 Adaptability and Flexibility: Displaying the capability to adapt to new, different, or changing requirements.
1.5.1 Entertaining new ideas
1.5.1.1 Remain open to considering new ways of doing things
1.5.1.2 Actively seek out and carefully consider the merits of new approaches to work
1.5.1.3 Embrace new approaches when appropriate and discard approaches that are no longer working
1.5.2 Dealing with change
1.5.2.1 Take proper and effective action when necessary without having all the necessary facts in hand
1.5.2.2 Easily adapt plans, goals, actions, or priorities in response to unpredictable or unexpected events, pressures,
situations, and job demands
1.5.2.3 Easily shift gears and change direction when working on multiple projects or issues
1.6 Dependability and Reliability: Displaying responsible behaviors at work.
1.6.1 Fulfilling obligations
1.6.1.1 Behave consistently and predictably
1.6.1.2 Is reliable, responsible, and dependable in fulfilling obligations
1.6.1.3 Diligently follow through on commitments and consistently complete assignments by deadlines

Included in
Requirements?
1.6.2 Attendance and punctuality
1.6.2.1 Come to work on time and as scheduled
1.6.2.2 Arrive on time for meetings or appointments
1.6.2.3 Dial in to phone calls and web conferences on time
1.6.3 Attending to details
1.6.3.1 Diligently check work to ensure that all essential details have been considered
1.6.3.2 Notice errors or inconsistencies, and take prompt, thorough action to correct them
1.6.4 Following directions
1.6.4.1 Follow written and verbal directions
1.6.4.2 Comply with organizational rules, policies, and procedures
1.6.4.3 Ask appropriate questions to clarify any instructional ambiguities
1.7 Lifelong Learning: Demonstrating a commitment to self-development and improvement of knowledge and skills.
1.7.1 Demonstrating an interest in learning

1.7.1.1 Demonstrate an interest in personal and professional lifelong learning and development
1.7.1.2 Seek feedback from multiple sources about how to improve and develop
1.7.1.3 Modify behavior based on feedback or self-analysis of past mistakes
1.7.1.4 Learn and accept help from supervisors and co-workers
1.7.2 Participating in training
1.7.2.1 Identify when it is necessary to acquire new knowledge and skills
1.7.2.2 Take steps to develop and maintain knowledge, skills, and expertise necessary to perform one’s role
successfully by participating in relevant training and professional development programs
1.7.2.3 Actively pursue opportunities to broaden knowledge and skills through seminars, conferences, professional
groups, reading publications, job shadowing, and/or continuing education
1.7.3 Anticipating changes in work
1.7.3.1 Anticipate changes in work demands and search for and participate in assignments or training that address
these changing demands
1.7.3.2 Treat unexpected circumstances as opportunities to learn
1.7.4 Identifying career interests
1.7.4.1 Take charge of personal career development by identifying occupational interests, strengths, options, and
opportunities
1.7.4.2 Make insightful career planning decisions based on integration and consideration of others’ feedback

Included in
Requirements?
1.7.5 Integrating and applying learning
1.7.5.1 Integrate newly-learned knowledge and skills with existing knowledge and skills
1.7.5.2 Use newly-learned knowledge and skills to complete tasks, particularly in new or unfamiliar situations
Tier 2: Academic Competencies

2.1 Reading: Understanding written sentences, paragraphs, and figures in work-related documents (with accommodation
if necessary).
2.1.1 Comprehension
2.1.1.1 Locate and understand written information in prose and in documents such as manuals, reports, memos,
letters, forms, graphs, charts, tables, calendars, schedules, signs, notices, applications, contracts, regulations, and
directions
2.1.1.2 Understand the purpose of written materials
2.1.1.3 Comprehend meaning and identify main ideas
2.1.2 Attention to detail
2.1.2.1 Note details and facts
2.1.2.2 Detect inconsistencies
2.1.2.3 Identify implied meaning and details
2.1.2.4 Identify missing information
2.1.3 Information analysis
2.1.3.1 Critically evaluate and analyze information in written materials
2.1.3.2 Review written information for completeness and relevance
2.1.3.3 Distinguish fact from opinion
2.1.3.4 Identify trends
2.1.3.5 Synthesize information from multiple written materials
2.1.4 Information integration
2.1.4.1 Integrate what is learned from written materials with prior knowledge
2.1.4.2 Use what is learned from written material to follow instructions and complete tasks
2.1.4.3 Apply what is learned from written material to new situations
2.2 Writing: Using standard (business) English to compile information and prepare written documents.
2.2.1 Organization and development
2.2.1.1 Create documents such as letters, directions, manuals, reports, graphs, and flow charts
2.2.1.2 Communicate thoughts, ideas, information, messages, and other written information, which may contain
technical material, in a logical, organized, and coherent manner
2.2.1.3 Present well developed ideas supported by information and examples

Included in
Requirements?
2.2.1.4 Proofread finished documents for errors
2.2.1.5 Tailor content to appropriate audience and purpose
2.2.1.6 Distribute written material appropriately for intended audience and purpose
2.2.2 Mechanics
2.2.2.1 Use standard syntax and sentence structure
2.2.2.2 Use correct spelling, punctuation, and capitalization
2.2.2.3 Use correct grammar (e.g., correct tense, subject-verb agreement, no missing words)
2.2.2.4 Write legibly
2.2.3 Tone
2.2.3.1 Use language appropriate for the target audience
2.2.3.2 Use a tone and word choice appropriate for the industry and organization (e.g., writing is professional and
courteous)
2.2.3.3 Show insight, perception, and depth in writing
2.3 Mathematics: Using principles of mathematics to express ideas and solve problems.
2.3.1 Quantification
2.3.1.1 Read and write numbers
2.3.1.2 Count and place numbers in sequence
2.3.1.3 Recognize whether one number is larger than another
2.3.1.4 Understand relationships between numbers
2.3.1.5 Identify and understand patterns
2.3.2 Computation
2.3.2.1 Add, subtract, multiply, and divide with whole numbers, fractions, decimals, and percents
2.3.2.2 Calculate averages, ratios, proportions, and rates
2.3.2.3 Convert decimals to fractions and fractions to decimals
2.3.2.4 Convert fractions to percents and percents to fractions
2.3.2.5 Convert decimals to percents and percents to decimals
2.3.3 Measurement and estimation
2.3.3.1 Take measurements of time, temperature, distances, length, width, height, perimeter, area, volume, weight,
velocity, and speed
2.3.3.2 Use and report measurements correctly
2.3.3.3 Correctly convert from one measurement to another (e.g., from English to metric or International System of
Units [SI], or Fahrenheit to Celsius)

Included in
Requirements?
2.3.4 Application
2.3.4.1 Translate practical problems into useful mathematical expressions
2.3.4.2 Use appropriate mathematical formulas and techniques to solve problems
2.4 Science and Technology: Using scientific rules and methods to express ideas and solve problems
2.4.1 Comprehension
2.4.1.1 Understand basic scientific principles and use appropriate technology
2.4.1.2 Understand the scientific method (i.e., identify problem, collect information, form opinion, and draw
conclusions)
2.4.1.3 Understand overall intent and proper procedures for set-up and operation of equipment
2.4.2 Application
2.4.2.1 Apply basic scientific principles and technology to complete tasks
2.4.3 Scientific Investigation
2.4.3.1 Formulate scientifically investigable questions, construct investigations, collect and evaluate data, and
develop scientific recommendations based on findings
2.4.3.2 Evaluate scientific constructs including: conclusions, conflicting data, controls, data, inferences, limitations,
questions, sources of errors, and variables.
2.5 Communication: Listening, speaking, and signaling so others can understand (with accommodation if necessary).
2.5.1 Listening or attending to information

2.5.1.1 Receive, attend to, understand, interpret, and respond to verbal messages and other cues
2.5.1.2 Recognize important information in verbal messages
2.5.1.3 Comprehend complex instructions
2.5.1.4 Identify feelings and concerns within verbal messages
2.5.1.5 Consider others’ viewpoints and alter opinion when it is appropriate to do so
2.5.1.6 Apply active listening skills using reflection, restatement, questioning, and clarification
2.5.1.7 Effectively answer questions of others or communicate an inability to do so and suggest other sources of
answers
2.5.2 Communicating (verbally, either directly, through assistive technology, or other accommodation)
2.5.2.1 Express relevant information appropriately to individuals or groups taking into account the audience and the
nature of the information (e.g., technical or controversial)
2.5.2.2 Convey information clearly, correctly, and succinctly
2.5.2.3 Use common English conventions including proper grammar, tone, and pace
2.5.2.4 Track audience responses and react appropriately to those responses
2.5.2.5 Effectively use eye contact and non-verbal expression
2.5.2.6 Ask questions or report problems or concerns to people in authority when information or procedures are
unclear or need improvement, or when feeling unsafe or threatened in the workplace

Included in
Requirements?
2.5.3 Persuasion/influence
2.5.3.1 Influence others
2.5.3.2 Persuasively present thoughts and ideas
2.5.3.3 Gain commitment and ensure support for proposed ideas
2.5.4 Observing carefully
2.5.4.1 Attend to nonverbal cues and respond appropriately
2.5.4.2 Attend to visual sources of information (e.g., video)
2.5.4.3 Ascertain relevant visual information and use appropriately
2.6 Critical and Analytic Thinking: Using logical thought processes to analyze information and draw conclusions.
2.6.1 Reasoning
2.6.1.1 Possess sufficient inductive, and deductive reasoning ability to perform job successfully
2.6.1.2 Critically review, analyze, synthesize, compare, and interpret information
2.6.1.3 Draw conclusions from relevant and/or missing information
2.6.1.4 Understand the principles underlying the relationship among facts and apply this understanding when
solving problems
2.6.1.5 Use logic and reasoning to identify strengths and weaknesses of alternate solutions or approaches to a
problem
2.6.2 Mental agility
2.6.2.1 Identify connections between issues
2.6.2.2 Quickly understand, orient to, and learn new assignments
2.7 Fundamental IT User Skills: Using a computer, communication devices, and related applications to input, retrieve, and
communicate information.
2.7.1 General Computer, Software, Information and Communication Technology Knowledge and Skills
2.7.1.1 Demonstrate familiarity with the fundamental capabilities of computers, software, information systems, and
communications systems
2.7.1.2 Demonstrate familiarity with the fundamental principles of accessible technology, including universal design,
as they relate to users of computerized content who have disabilities, sensory and/or functional limitations
2.7.1.3 Understand terminology and function of common computer, software, information and communication
technology devices, components, and concepts
2.7.1.4 Understand common terminology related to the use of technology by people with disabilities and/or sensory
and functional limitations, including accessible IT, assistive technology, and universal design
2.7.1.5 Understand and efficiently use common computer hardware (e.g., desktops, laptops, tablets, PC
components, cabling, wearable computing), software (e.g., operating systems, applications, communication,
collaboration, and productivity software), and communication devices (e.g., telephony, wireless devices, network, and
wireless systems) to perform tasks and communicate effectively

Included in
Requirements?
2.7.1.6 Understand capabilities and applications of network equipment including hubs, routers, switches, bridges,
servers, transmission media, and related hardware within data centers or the “cloud”
2.7.1.7 Understand network hardware devices and functions
2.7.1.8 Be able to connect common User devices to networks and secure them appropriately
2.7.1.9 Understand and be able to use with appropriate etiquette common communications media, including wired
and wireless telephones, wearable computing, audio conferences, videoconferences, and online collaboration tools
2.7.1.10 Use a computer to search for online information and interact with websites and web applications
(enterprise solutions, online stores, blogs, social networks, wikis)
2.7.1.11 Understand how to critically evaluate online information and be aware of relevant intellectual property,
patent, copyright, and data protection issues
2.7.1.12 Understand the characteristics of physical and virtual data storage media
2.7.1.13 Demonstrate ability to interpret and incorporate data from multiple tool sources
2.7.2 Digital Literacy
2.7.2.1 Demonstrate ability to create authentic meaningful written and artwork by reproducing and manipulating
preexisting digital text, visuals, and audio pieces
2.7.2.2 Demonstrate ability to construct knowledge by a nonlinear navigation through knowledge domains, such as
in the Internet and other hypermedia environments
2.7.2.3 Demonstrate ability to critically evaluate the textual characteristics of digital media alongside their social,
economic, and cultural implications
2.7.2.4 Visualize graphic representation of concepts or data
2.7.3 Common IT Applications Use
2.7.3.1 Use word processing applications to compose, organize, and edit simple documents and other business
communications and produce accurate outputs to print or share electronically
2.7.3.2 Use standard formulas and functions, format and modify content, and demonstrate competence in creating
and formatting spreadsheets, graphs, or charts
2.7.3.3 Use spatial software to locate places and interpret spatial data
2.7.3.4 Use and manage electronic mail to communicate with appropriate etiquette
2.7.3.5 Use Internet applications to search for information
2.7.3.6 Use presentation software to effectively share information and ideas
2.7.3.7 Use spreadsheet, database, and presentation software both independently and in an integrated fashion
2.7.3.8 Use audio and video recording equipment and software to produce digital audio and video records and
communications
2.7.3.9 Use file storage applications to store, retrieve, and sort documents
2.7.3.10 Understand social media and their appropriate workplace uses and non-workplaces uses, and the impact
that various social media activities can have upon one’s personal and professional life
2.7.3.11 Double check work carefully and identify/correct typographical, grammatical, and other errors

Included in
Requirements?
2.7.4 Information and Research Literacy
2.7.4.1 Define: Be able to define a problem that needs information in order to be solved
2.7.4.2 Access: Search, find, and retrieve appropriate information relative to the task
2.7.4.3 Manage: Apply an organizational or classification system to organize retrieved information
2.7.4.4 Evaluate: Be able to judge the quality, relevance, usefulness, efficiency, and adequacy of information and
information sources for the defined purpose (including authority, bias, and timeliness of information)
2.7.4.5 Integrate: Interpret and represent data and information gathered, using quality management tools to
organize, compare, contrast, summarize, and synthesize information from multiple sources
2.7.4.6 Create: Adapt, apply, design, or author information resulting from the research that describes the research
and its analysis and findings, facilitates decision-making, and develops conclusions and recommendations
2.7.4.7 Communicate: Communicate that research and its findings effectively and efficiently in person and through
written, visual, and digital media in a way that is appropriate for the intended audience
2.7.5 Hardware
2.7.5.1 Demonstrate competence with the following technology:
• Central processing unit (CPU)
• Memory - random-access memory (RAM) and read-only memory (ROM)
• Storage media, (e.g., internal hard disk, external hard disk, network drive, CD, DVD, USB, flash drive, memory
card)
• Input/output ports, (e.g., USB, serial, parallel, network port, FireWire)
• Input devices, (e.g., mouse; keyboard; trackball; scanner; touchpad; stylus; joystick; web camera; digital
camera; microphone; voice recognition; remote control; gesture/motion; haptics; and head, mouth, and eye
operated controllers)
• Output devices, (e.g., screens/monitors, printers, speakers, headphones, wearable computing)
• Assistive technology devices, (e.g., voice recognition software, screen reader, screen magnifier, on-screen
keyboard, closed captioning, gesture/motion, haptics, text-to-speech)
2.7.6 Database Management Systems
2.7.6.1 Understand the capabilities and functionality associated with various technologies for organizing and
managing information (e.g., databases, bookmarking engines)
2.7.6.2 Understand database management systems, query languages, table relationships, and views
2.7.6.3 Demonstrate skill in generating queries and reports
2.7.7 Operating Systems
2.7.7.1 Understand server and client operating systems
2.7.7.2 Understand systems administration concepts
2.7.7.3 Understand file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip)
2.7.7.4 Understand how to troubleshoot basic systems and identify operating systems-related issues

Included in
Requirements?
2.7.7.5 Demonstrate skill in identifying, modifying, and manipulating applicable system components (Windows
and/or Unix/Linux) (e.g., passwords, user accounts, files)
2.7.8 Systems Integration
2.7.8.1 Understand how system components are installed, integrated, and optimized
2.7.8.2 Understand technology integration processes
2.7.8.3 Understand web services, Service Oriented Architecture (SOA) and Application programming Interfaces
(APIs)
2.7.9 Technology Awareness
2.7.9.1 Understand new and emerging IT and information security technologies
2.7.9.2 Demonstrate skill in applying and incorporating information technologies into proposed solutions
2.7.9.3 Understand products and nomenclature of major vendors (e.g., security suites: Trend Micro, Symantec,
McAfee, Outpost, Panda, Kaspersky, etc.) and how differences affect exploitation/vulnerabilities
2.7.9.4 Understand the capabilities and functionality associated with various content creation technologies (e.g.,
wikis, social networking, blogs)
2.7.9.5 Understand the capabilities and functionality of various collaborative technologies (e.g., groupware,
SharePoint, wikis, blogs, web collaborations)
2.7.9.6 Understand industry indicators useful for identifying technology trends
Tier 3: Workplace Competencies

3.1 Teamwork: Working cooperatively with others to complete work assignments.
3.1.1 Acknowledging team membership and role
3.1.1.1 Accept membership in and commit to the goals of the team
3.1.1.2 Show loyalty to the team
3.1.1.3 Serve as a leader or a follower, depending on what is needed to achieve the team’s goals and objectives
3.1.1.4 Guide others in learning new skills

3.1.1.5 Encourage others to express their ideas and opinions
3.1.1.6 Identify and draw upon team members’ strengths and weaknesses to achieve results
3.1.1.7 Learn from other team members
3.1.2 Establishing productive relationships
3.1.2.1 Develop constructive and cooperative working relationships with others
3.1.2.2 Exhibit tact and diplomacy and strive to build consensus
3.1.2.3 Deliver constructive criticism and voice objections to others’ ideas and opinions in a supportive, non-
accusatory manner
3.1.2.4 Respond appropriately to positive and negative feedback

Included in
Requirements?
3.1.3 Identifying with the team and its goals
3.1.3.1 Work as part of a team, contributing to the group’s effort to achieve goals
3.1.3.2 Identify the goals, norms, values, and customs of the team
3.1.3.3 Choose behaviors and actions that best support the team and accomplishment of work tasks
3.1.3.4 Use a group approach to identify problems and develop solutions based on group consensus
3.1.3.5 Effectively communicate with all members of the group or team to achieve team goals and objectives
3.1.4 Resolving conflicts

3.1.4.1 Bring others together to reconcile differences
3.1.4.2 Handle conflicts maturely by exercising “give and take” to achieve positive results for all parties
3.1.4.3 Reach formal or informal agreements that promote mutual goals and interests, and obtain commitment to
those agreements from individuals or groups
3.2 Planning and Organizing: Planning and prioritizing work to manage time effectively and accomplish assigned tasks.
3.2.1 Planning
3.2.1.1 Approach work in a methodical manner
3.2.1.2 Plan and schedule tasks so that work is completed on time
3.2.1.3 Keep track of details to ensure work is performed accurately and completely
3.2.1.4 Anticipate obstacles to project completion and develop contingency plans to address them
3.2.1.5 Find new ways of organizing work areas or planning work to accomplish work more efficiently
3.2.2 Prioritizing
3.2.2.1 Prioritize multiple competing tasks
3.2.2.2 Perform tasks quickly, correctly, and efficiently according to their urgency
3.2.3 Managing projects
3.2.3.1 Estimate personnel and other resources needed for project completion (e.g., financial material or
equipment)
3.2.3.2 Manage activities to meet plans, allocating time and resources effectively
3.2.3.3 Keep track of and documents plans, assignments, changes, and deliverable
3.2.3.4 Plan for dependencies of one task on another
3.2.3.5 Coordinate efforts with all affected parties, keeping them informed of progress and all relevant changes to
project timelines
3.2.3.6 Take necessary corrective action when projects go off-track

Included in
Requirements?
3.3 Creative Thinking: Generating innovative and creative solutions.
3.3.1 Employing unique analyses
3.3.1.1 Use original analyses and generate new, innovative ideas in complex areas
3.3.1.2 Develop innovative methods of obtaining or using resources when insufficient resources are available
3.3.2 Generating innovative solutions

3.3.2.1 Integrate seemingly unrelated information to develop creative processes or solutions
3.3.2.2 Reframe problems in a different light to find fresh approaches
3.3.2.3 Entertain wide-ranging possibilities and perspectives to develop new solutions
3.3.2.4 Find new ways to add value to the efforts of a team and organization
3.3.3 Seeing the big picture
3.3.3.1 Understand the pieces of a system as a whole and appreciate the consequences of actions to other parts of
the system
3.3.3.2 Monitor patterns and trends to see a bigger picture
3.3.3.3 Modify or designs systems to improve performance
3.4 Problem Solving and Decision-Making: Generating, evaluating, and implementing solutions.
3.4.1 Identifying the Problem
3.4.1.1 Anticipate or recognize the existence of a problem
3.4.1.2 Identify the true nature of the problem and define critical issues
3.4.1.3 Evaluate the importance and criticality of the problem
3.4.1.4 Use all available reference systems to locate and obtain information relevant to understanding the problem
3.4.1.5 Recall previously learned information that is relevant to the problem

3.4.2 Locating, gathering, and organizing relevant information
3.4.2.1 Effectively use both internal resources (e.g., internal computer networks, company filing systems) and
external resources (e.g., internet search engines) to locate and gather information relevant to solving the problem
3.4.2.2 Examine information obtained for relevance and completeness

3.4.2.3 Recognize important gaps in existing information and take steps to eliminate those gaps
3.4.2.4 Organize/reorganize information as appropriate to gain a better understanding of the problem
3.4.3 Generating alternatives
3.4.3.1 Integrate previously learned and externally obtained information to generate a variety of high-quality
alternative approaches to the problem
3.4.3.2 Skillfully use logic and analysis to identify the strengths and weaknesses, the costs, and benefits, and the
short- and long-term consequences of different solutions or approaches

Included in
Requirements?
3.4.4 Choosing a Solution
3.4.4.1 Decisively choose the best solution after evaluating the relative merits of each possible option
3.4.4.2 Make difficult decisions even in highly ambiguous or ill-defined situations
3.4.5 Implementing the solution
3.4.5.1 Commit to a solution in a timely manner
3.4.5.2 Develop a realistic approach for implementing the chosen solution
3.4.5.3 Document the problem and corrective actions taken and their outcomes and communicate these to the
appropriate parties
3.4.5.4 Observe and evaluate the outcomes of implementing the solution to assess the need for alternative
approaches and to identify lessons learned
3.5 Working with Tools and Technology: Selecting, using, and maintaining tools and technology to facilitate work activity
(with accommodation when necessary).
3.5.1 Using tools
3.5.1.1 Operate tools, technology, and equipment in accordance with established operating procedures and safety
standards
3.5.1.2 Demonstrate appropriate use of tools and technology to complete work functions
3.5.2 Selecting tools
3.5.2.1 Select and apply appropriate tools or technological solutions to the problem at hand
3.5.3 Keeping current
3.5.3.1 Demonstrate an interest in learning about new and emerging tools and technologies
3.5.3.2 Adapt quickly to changes in process or technology
3.5.3.3 Seek out opportunities to improve knowledge of tools and technologies that may assist in streamlining work
and improving productivity
3.5.4 Troubleshooting and maintenance
3.5.4.1 Learn how to maintain and troubleshoot tools and technologies
3.5.4.2 Perform routine maintenance on tools, technology, and equipment
3.5.4.3 Determine causes of errors and take the appropriate corrective action
3.5.4.4 Develop alternatives to complete a task if desired tool or technology is not available
3.6 Business Fundamentals: Using information on basic business principles, trends, and economics.
3.6.1 Situational Awareness
3.6.1.1 Understand the mission, structure, and functions of the organization
3.6.1.2 Recognize one’s role in the functioning of the organization and understand the potential impact one’s own
performance can have on the success of the organization
3.6.1.3 Grasp the potential impact of the company’s well-being on employees

Included in
Requirements?
3.6.2 Business Ethics
3.6.2.1 Demonstrate respect for coworkers, colleagues, and customers
3.6.2.2 Act in the best interest of the company, the community, and the environment
3.6.2.3 Comply with applicable laws and rules governing work and report loss, waste, or theft of company property
to appropriate personnel
3.6.3 Business Practices
3.6.3.1 Understand fundamental and relevant business customer and supplier relationships
3.6.3.2 Use product improvement techniques
3.6.3.3 Comply with the norms of conventional business etiquette
3.6.3.4 Protect intellectual property and proprietary information
3.6.3.5 Demonstrate understanding of the importance of adding value to the enterprise
3.6.4 Global Awareness
3.6.4.1 Understand how IT supports globalization
3.6.4.2 Understand the impact of globalization on the business model
3.6.4.3 Interpret and adhere to global standards and standardization
3.6.5 Market knowledge
3.6.5.1 Understand market trends in the industry and company’s position in the market
3.6.5.2 Know who the company’s primary competitors are and stay current on organizational strategies to maintain
competitiveness
3.6.5.3 Uphold the organization through building and maintaining customer relations
3.6.5.4 Recognize major challenges faced by the organization and industry and key strategies to address challenges
3.7 Health and Safety: Supporting a safe and healthy workplace.

3.7.1 Maintaining a healthy and safe environment
3.7.1.1 Take actions to ensure the safety of self and others, in accordance with established personal and jobsite
safety practices
3.7.1.2 Anticipate and prevent work-related injuries and illnesses
3.7.1.3 Comply with federal, state, and local regulations, and company health and safety policies
3.7.1.4 Recognize common hazards and unsafe conditions that occur at work, their risks, and appropriate controls to
address them
3.7.1.5 Follow organizational procedures and protocols for workplace emergencies, including safe evacuation and
emergency response
3.7.1.6 Maintain a sanitary and clutter-free work environment
3.7.1.7 Administer first aid or CPR, if trained, and summon assistance as needed
3.7.1.8 Properly handle and dispose of hazardous materials

Included in
Requirements?
3.7.2 Safeguarding one’s person
3.7.2.1 Engage in safety training
3.7.2.2 Use equipment and tools safely
3.7.2.3 Use appropriate personal protective equipment
3.7.2.4 Recognize how workplace risks can affect one’s life and one’s family
3.7.2.5 Understand the legal rights of workers regarding workplace safety and protection from hazards
3.7.2.6 Report injuries, incidents, and workplace hazards to a supervisor as soon as safely possible
3.7.2.7 Contribute to discussions of safety concerns in the workplace, making suggestions as appropriate
[1]
Tier 4: Industry-Wide Technical Competencies
4.1 Cybersecurity Technology: The knowledge, skills, and abilities needed to understand the purpose and function of
cybersecurity technology, including tools and systems.
Critical Work Functions:
4.1.1 Cryptography
4.1.1.1 Explain the core concepts of cryptography and cryptographic key management concepts
4.1.1.2 Explain the concept of public key infrastructure (PKI)
4.1.1.3 Explain symmetric key rotation techniques and concepts
4.1.1.4 Describe encryption methodologies
4.1.2 Information Technology (IT) Architecture
4.1.2.1 Explain IT architectural concepts and frameworks
4.1.2.2 Explain security system design tools, methods, and techniques
4.1.2.3 Demonstrate knowledge of information theory
4.1.2.4 Demonstrate knowledge of communication methods, principles, and concepts
4.1.2.5 Explain parallel and distributed computing concepts
4.1.2.6 Explain remote access technology concepts
4.1.2.7 Describe how different file types can be used for anomalous behavior
4.1.2.8 Distinguish between data in use, data in motion (transit), and data at rest
4.1.2.9 Describe the capabilities of different electronic communication systems and methods
4.1.2.10 Understand system life cycle management principles, including software security and usability
4.1.3 Operational Technology (OT) Architecture
4.1.3.1 Explain typical OT architecture
4.1.3.2 Differentiate between IT and OT architectures and the operation of these architectures
4.1.3.3 Explain the typical communications network options and communications protocols used in OT
architectures, with their relative pros and cons

Included in
Requirements?
4.1.3.4 Identify the principal drivers of OT systems, particularly process safety and system availability
4.1.4 Networks
4.1.4.1 Explain computer networking concepts and protocols, and network security methodologies
4.1.4.2 Explain network design processes, to include understanding of security objectives, operational objectives,
and tradeoffs
4.1.4.3 Explain local area network (LAN) and wide area network (WAN) principles and concepts, including bandwidth
management
4.1.4.4 Explain service management concepts for networks and related standards (e.g., Information Technology
Infrastructure Library, v3 [ITL])
4.1.4.5 Identify the range of existing networks types
4.1.4.6 Explain how traffic flows across the network
4.1.4.7 Explain server administration and systems engineering theories, concepts, and methods
4.1.4.8 Identify host and network access control mechanisms (e.g., access control list)
4.1.4.9 Recognize the impact on OT systems of security hardware and software options such as encryption and
intrusion detection
4.1.4.10 Explain guidance on separation of OT and IT system networks and components
4.1.4.11 Describe basic system administration, network, and operating system hardening techniques
4.1.5.1 Demonstrate familiarity with the security features and functions of common operating systems
4.1.5.2 Explain virtualization technologies and virtual machine development and maintenance
4.1.5.3 Describe how to manage patches to IT and OT operating systems
4.1.5.4 Recognize the implications of installed patches to IT and OT systems
4.1.5.5 Demonstrate familiarity with Windows command line
4.1.5.6 Demonstrate familiarity with Unix/Linux operating system structure and internals (e.g., process
management, directory structure, installed applications)
4.1.5.7 Identify file system implementations
4.1.5.8 Demonstrate familiarity with Windows/Unix/Android, iOS, and Windows Mobile ports and services
4.1.6 Security Technology Awareness[2]
4.1.6.1 Understand emerging security issues, risks, and vulnerabilities
4.1.6.2 Identify emerging computer-based technology that has potential for exploitation by adversaries
4.1.6.3 Demonstrate skill in applying and incorporating new and emerging cybersecurity technologies and trends
into proposed solutions
4.1.6.4 Understand products and nomenclature of major IT security vendors and how differences affect
exploitation/vulnerabilities

Included in
Requirements?
4.1.7 Telecommunications
4.1.7.1 Explain basic concepts, terminology, and operations of a wide range of communications media
4.1.7.2 Describe transmission methods and jamming techniques that enable transmission of undesirable
information, or prevent installed systems from operating correctly
4.1.7.3 Describe the communications protocols used in OT architectures, with their relative pros and cons
4.1.7.4 Understand Voice over Internet Protocols (VoIPs)
4.1.8 Web Technologies
4.1.8.1 Explain web services, including service oriented architecture, Representational State Transfer (REST), Simple
Object Access Protocol (SOAP), and web service description language
4.1.8.2 Demonstrate Cloud-based knowledge management technologies and concepts related to security,
governance, procurement, and administration
4.1.8.3 Explain web filtering technologies
Technical Content Areas:
4.1.9 Cryptography
4.1.9.1 Core concepts and methodologies
• Encryption concepts (e.g., symmetric vs. asymmetric, transport encryption, digital signatures)
• Cryptographic tools and products (e.g., WEP, MD5, SHA)
• Public Key Infrastructure (PKI)
• Certificate authorities and digital certificates
• Recovery agent
• Registration
• Key escrow
• Trust models
4.1.10 IT Architecture
4.1.10.1 Electronic communication systems and methods
• E-mail
• Voice over Internet Protocol (VoIP)
• Instant Messenger (IM)
• Web forums
• Direct video broadcasts
4.1.10.2 Information theory
• Source coding
• Channel coding
• Algorithm complexity theory

Included in
Requirements?
• Data compression
4.1.10.3 Communication methods, principles, and concepts, such as
• Encoding
• Signaling
• Multiplexing
4.1.11 OT Architecture
4.1.11.1 Architecture concepts
• Sensors
• PLC/RTU
• Fieldbus
• Supervisory Control and Data Acquisition (SCADA)
• HMI
• DCS
• Historians
4.1.12 Networks
4.1.12.1 Architecture concepts
• Topology
• Components (e.g., firewalls, routers, switches)
4.1.12.2 Network Types, such as
• Local Area Networks (LANs)
• Wide Area Networks (WANs)
• Wireless Fidelity (Wi-Fi)
• Private Branching Exchange (PBX)
• Sensor networks
4.1.12.3 Network Protocols, such as
• Transmission Control Protocol and Internet Protocol (TCP/IP)
• Dynamic Host Configuration Protocol (DHCP)
• Domain Name System (DNS)
• IPv4 and IPv6
4.1.12.4 Hardening Techniques
• Hardware-based computer protection components (e.g., hardware firewalls, servers, routers)
• Software-based computer protection tools (e.g., software firewalls, anti-virus software, anti-spyware)

Included in
Requirements?
4.1.13.1 Common Operating Systems (OS)
• Windows
• Unix/Linux
• Mac OS
• Android
• iOS
• Windows Mobile
4.1.13.2 File system implementations, such as
• New Technology File System (NTFS)
• File Allocation Table (FAT)
• File Extension (EXT)
4.1.14 Telecommunications
4.1.14.1 Concepts
• Routing algorithms
• Fiber optics systems link budgeting
• Add/drop multiplexers
4.1.14.2 Communication media, such as
• Computer and telephone networks
• Satellite
• Fiber
• Wireless
4.1.14.3 Transmission methods, such as
• Bluetooth
• Radio Frequency Identification (RFID)
• Infrared Networking (IR)
• Wireless Fidelity (Wi-Fi)
• Cellular
• Satellite dishes
4.1.14.4 OT communication protocols, such as
• DNP3
• Modbus
• IEC60870

Included in
Requirements?
4.2 Information Assurance: The standards, procedures, and applications used to protect the confidentiality, integrity and
availability of information and information systems.
4.2.1 Information Assurance
4.2.1.1 Explain information assurance (IA) principles and organizational requirements that are relevant to
confidentiality, integrity, availability, authentication, and non-repudiation
4.2.1.2 Apply confidentiality, integrity, and availability principles
4.2.1.3 Demonstrate skill in determining how a security system should work (including its resilience and
dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes
4.2.1.4 Explain key concepts in security management (e.g., release management, patch management)
4.2.1.5 Explain how information assurance principles and methods apply to software development
4.2.1.6 Describe Security Assessment and Authorization (SA&A) process
4.2.2 Data Management
4.2.2.1 Explain data classification standards and methodologies based on sensitivity and other risk factors
4.2.2.2 Explain the importance of complying with data management policies
4.2.2.3 Explain the need for an organization to understand what its sensitive information is, where it resides, and
who needs access to it
4.2.2.4 Demonstrate knowledge of advanced data remediation security features in databases
4.2.2.5 Demonstrate ability to manage data stored within operational technology (OT) systems (e.g., time series data
stored in Supervisory Control and Data Acquisition [SCADA] and Historians)
4.2.2.6 Explain the need to track the movement of data across network boundaries both electronically and
physically
4.2.2.7 Explain the need to limit USB and other removable media reading and writing capabilities on organization
computers
4.2.2.8 Adhere to data administration and data standardization policies and standards
4.2.2.9 Explain data mining and data warehousing principles
4.2.2.10 Identify sources, characteristics, and uses of the organization’s data assets
4.2.3 Common Strategies for Ensuring Information
4.2.3.1 Demonstrate ability to produce copies of all data or information used in or generated by the organization
4.2.3.2 Demonstrate ability to backup and store data automatically on a separate hard disk, off-line removable
media, or online storage
4.2.3.3 Demonstrate ability to protect sensitive information when disposing of old computers and media
4.2.3.4 Explain the need to limit access or use of an organization’s computers, including laptops, to unauthorized
persons
4.2.3.5 Explain the concept of administrative privileges and administrative user accounts and why it is necessary to
restrict them to select individuals within the organization

Included in
Requirements?
4.2.3.6 Explain digital rights management
4.2.4 Identity Management and Authentication
4.2.4.1 Explain key authentication, authorization, and access control principles and methods
4.2.4.2 Explain the need for access authentication controls, including the need to disable expired user accounts and
regularly change passwords
4.2.4.3 Adhere to organizational information technology user security policies
4.2.4.4 Adhere to Personally Identifiable Information (PII) and Payment Card Industry (PCI) data security standards

4.2.5 Information Assurance
4.2.5.1 Principles of Information Assurance
• Asset value
• Confidentiality, integrity, and availability (the CIA triad)
• Principal of least privilege
• Access control
• Separation of duties
4.2.6 Data Management
4.2.6.1 Data mining and warehousing principles
• Data integrity
• Data protection (e.g., encryption, masking)
• Data loss prevention techniques and tools
• Privacy impact assessments
4.2.7 Common Strategies for Ensuring Information
4.2.7.1 Data and information to be safeguarded, such as
• Word processing documents
• Electronic spreadsheets
• Databases
• Financial files
• Human resources rules
• Accounts receivable and payable
4.2.7.2 Data management policies, such as those pertaining to
• Storage media
• Transmission archiving
• Retention requirements

Included in
Requirements?
• Data destruction
• Deduplication
• Data loss prevention
• Social network usage
• Information rights usage
4.2.8 Identity Management and Authentication
4.2.8.1 Key principles and concepts
• Identification vs. authentication
• Single factor authentication and authorization
• Multifactor authentication
4.2.8.2 Authentication controls, such as
• Biometrics
• Tokens
• Common access card
• Personal identification verification card
• Authentication services (e.g., RADIUS, TACAS, OpenID)
4.2.8.3 User security policies, such as
• Account creation
• Password rules
• Access controls
4.3 Risk Management: The systems, tools, and concepts used to minimize the risk to an organization’s cyberspace and
prevent a cybersecurity incident.
4.3.1 Business Continuity Planning
4.3.1.1 Explain and justify each step of the Business Continuity Planning process:
• Identify critical business practices (such as complex regional or global supply chain strategies) that may
adversely impact the entity’s ability to recover following a disaster event
• Clearly define resource requirements for the Business Continuity Plan (BCP) and solicit management support
and commitment for required resources
• Present and obtain management/leadership support, approval, and sponsors of BCP
• Work with management and any risk management/enterprise risk management groups within the entity to
gain agreement on a clear and standardized risk assessment methodology and to gain understanding of the
entity’s tolerance for risk
• Design a crisis communications plan that addresses the need for effective and timely communication between
the entity and all the stakeholders impacted by an event or involved during the response and recovery efforts

Included in
Requirements?
• Provide guidance within the plan to determine frequency of communications needed to each stakeholder
before an event, during the event itself, and following an event
• Identify and establish relationships with the internal departments and personnel and external agencies,
contractors, and others with responsibility for emergency preparedness and response
• Develop an incident response strategy and plan to limit incident effect and to repair incident damage
• Identify trigger points for key service and support areas to identify, escalate and execute strategies selected to
take advantage of key risks
• Develop formal reports and presentations focused on increasing the awareness and potential impact of risks to
the organization from a business continuity perspective
• Define organizational titles, roles, lines of authority, succession of authority, and responsibilities for internal
and external resources
• Establish an exercise, testing, maintenance, and audit program for the BCP to establish confidence in a
predictable and repeatable performance of recovery activities throughout the organization
• Coordinate, conduct, and or participate in training, drills, and exercises with first responders to comply with
regulations, as needed to establish required capabilities, and or as requested by first responders
• Conduct a debrief meeting immediately following training, drills and exercises and document actions to be
taken to improve emergency preparedness and response capabilities
• Design framework and define document structure for the plan documentation
• Define and obtain approval for criteria to be used to assess the impact on the entity’s operations including but
not limited to: customer impact; financial impact; regulatory impact; operational impact; reputational impact;
human impact
4.3.1.2 Understand the risks associated with operational technology (OT) systems and be able to identify practical
mitigation measures to manage these risks
4.3.2 Computer Defense
4.3.2.1 Identify cyber defense mitigation techniques and vulnerability assessment tools, including open source tools,
and their capabilities
4.3.2.2 Demonstrate skill in discerning the protection needs (i.e., security controls) of information systems and
networks
4.3.2.3 Describe the impact of computer defense techniques and tools on information technology (IT) and OT
systems and know when to use such techniques or tools
4.3.2.4 Explain computer network defense (CND) and vulnerability assessment tools, including open source tools,
and their capabilities
4.3.2.5 Identify common adversary tactics, techniques, and procedures (TTPs) in assigned area of responsibility
4.3.2.6 Explain application firewall concepts and functions

4.3.2.7 Adhere to cyber defense policies, procedures, and regulations
4.3.2.8 Demonstrate skill in collecting data from a variety of cyber defense resources
4.3.3 Contracting and Procurement
4.3.3.1 Describe critical IT and OT procurement requirements

Included in
Requirements?
4.3.3.2 Demonstrate skill in evaluating the trustworthiness of the supplier and/or product
4.3.3.3 Explain functionality, quality, and security requirements and how these will apply to specific items of supply
(i.e., elements and processes)
4.3.3.4 Define secure acquisitions
4.3.4 Enterprise/Organization
4.3.4.1 Explain organizational process improvement concepts and process maturity models
4.3.4.2 Recognize the nature and function of the relevant information structure
4.3.4.3 Identify enterprise/organization security models
4.3.4.4 Identify the organization’s Information Classification Program and procedures for level information loss
4.3.4.5 Recognize the specialized system requirements of OT systems

4.3.4.6 Explain the organization’s core business/mission processes, stakeholders, and users
4.3.4.7 Demonstrate an understanding of the services provided by the enterprise or organization and the elements
of the system that support the delivery of these services
4.3.4.8 Describe how information needs and collection requirements are translated, tracked, and prioritized across
the extended enterprise
4.3.4.9 Describe the Enterprise Network Defense provider reporting structure and processes within the organization
4.3.4.10 Explain the need for common metrics that measure the effectiveness of security measures with the
organization
4.3.4.11 Explain the need for continuous diagnostics and mitigation to test and validate the effectiveness of current
security measures
4.3.4.12 Explain the need for automated defenses
4.3.4.13 Identify local specialized system requirements (e.g., critical infrastructure systems that may not use
standard IT for safety, performance, and reliability)
4.3.5 Risk and Vulnerability Analysis
4.3.5.1 Demonstrate knowledge of system and application threats and vulnerabilities
4.3.5.2 Demonstrate ability to identify threats/risks and vulnerabilities taking into account the frequency,
probability, speed of development, severity, and reputational impact to achieve a holistic view of risk across the entity
4.3.5.3 Demonstrate ability to classify risks according to relevant criteria including, but not limited to:
• Risks under the entity’s control
• Risks beyond the entity’s control
• Risks with prior warnings (such as tornadoes and hurricanes)
• Risks with no prior warnings (such as earthquakes)
4.3.5.4 Demonstrate ability to identify the organization’s risk exposures from both internal and external sources
4.3.5.5 Explain the use of network analysis tools to identify software communications vulnerabilities

Included in
Requirements?
4.3.5.6 Explain the proper use of penetration testing and vulnerability scanning for vulnerability assessments
4.3.5.7 Explain the impact of penetration testing and vulnerability scanning on OT systems and know when to use
such techniques
4.3.6 Risk Management Strategies
4.3.6.1 Explain the rationale of and adhere to IT and OT supply chain security/risk management policies,
requirements, and procedures
4.3.6.2 Explain the need for antivirus and antispyware software on all computers used in an organization’s
operations and the need for continuous auto- or manual-update of this software
4.3.6.3 Explain the need to track/control/prevent/correct installation and execution of software on computers
based on an asset inventory of approved software
4.3.6.4 Explain the need to track/control/prevent/correct network access by devices (computers, network
components, printers, BYODs [Bring Your Own Devices], anything with IP addresses) based on an asset inventory of
which devices are allowed to connect to the organization’s network
4.3.6.5 Explain the need for formal configuration management and change control processes
4.3.6.6 Explain need for dispersing responsibility and access to data and systems, including financial, personnel,
inventory, and manufacturing, over multiple individuals (e.g., one employee should not be allowed to both initiate
and approve financial transactions)
4.3.6.7 Explain the importance of training an organization’s workers to use sensitive business information properly
and to protect the organization’s and its stakeholders’ information
4.3.6.8 Describe and practice safe internet behavior
4.3.6.9 Explain the risks associated with social media and the countermeasures available to address them
4.3.6.10 Explain the impact and proper use of environmental controls

4.3.6.11 Explain the need for security audit logging and analysis
4.3.7 Software Lifecycle
4.3.7.1 Describe the type and frequency of routine maintenance needed to keep equipment functioning properly
4.3.7.2 Demonstrate ability to install computer upgrades

4.3.7.3 Explain the operations and processes for diagnosing common or recurring system problems
4.3.7.4 Demonstrate ability to identify and anticipate server performance, availability, capacity, or configuration
problems
4.3.8 Enterprise/Organization Awareness
4.3.8.1 Process improvement concepts and process maturity models, such as
• Capability Maturity Model Integration (CMMI) for Development
• CMMI for Services
• CMMI for Acquisitions

Included in
Requirements?
4.3.8.2 Security models, such as
• Bell-LaPadula model
• Biba integrity model
• Clark-Wilson model
4.3.9 Computer Defense
4.3.9.1 Computer defense techniques and tools, such as
• Manual bypassing of electronic controls
• Monitoring system logs
• Physical security (e.g., locks, video surveillance, fencing)
• Hardening (e.g., disabling unnecessary services, protecting management interfaces and applications, disabling
unnecessary accounts)
• Port security
• Security postures
• Reporting
• Detection controls vs. prevention controls
4.3.9.2 Application firewall concepts and functions
• Single point of authentication/audit/policy enforcement
• Message scanning for malicious content
• Data anonymization for PCI and PII compliance
• Data loss protection
4.3.10 Risk and Vulnerability Analysis
4.3.10.1 System and application security threats and vulnerabilities, such as
• Buffer overflow
• Mobile code
• Cross-site scripting
• Procedural language/structures query language (PL/SQL) and injections
• Race conditions
• Covert channel
• Replay
• Return-oriented attacks
• Malicious code
4.3.10.2 Internal and external sources of risk:
• Natural
• Technological

Included in
Requirements?
• Man-made (e.g., distributed denial-of-service attack (DDoS), social engineering, wireless attacks, application
attacks)
• Accidental versus intentional
• Controllable exposures/risks versus those beyond the entity’s control
• Events with prior warnings versus those with no prior warnings
4.3.10.3 Risk impacts:
• Facility
• Security (both physical and logical)
• Reputational
• Legal
• Customer
• Procedural
• IT (including operational infrastructure)
• People
• Supply Chain (including transportation and outsourcing)
• Compliance
• Availability of personnel
• Network Communications technology
4.3.11 Risk Management Strategies
4.3.11.1 Risk management training topics
• Information security policies, including the use of computers, networks, and Internet connections
• Limitations on personal use of telephones, printers, and other business resources
• Differences between OT and IT systems
• Restrictions on accessing OT systems at home or outside the secure work areas of the business
• Restrictions on processing business data at home
4.3.11.2 Safe internet behavior
• Open only email that is expected and from a sender that is trusted
• Examine carefully web links in email, instant messages, social media, and other communications
• Do not access email or internet on OT system computers
• Do not install unauthorized software on OT system computers
• Close popup windows that request a response
• Conduct online business, commerce, and banking using a secure browser connection
• Visit only web sites with trusted reputations
• Download software only from trusted web sites

Included in
Requirements?
4.3.11.3 Risks associated with social media
• Data leakage
• Inappropriate posts
• Posts that violate laws or regulations
• Social engineering
• Spreading of false information
4.4 Incident Detection: The knowledge, skills, and abilities needed to identify threats or incidents.
4.4.1 Incident Detection
4.4.1.1 Describe what constitutes a network attack and the relationship to both threats and vulnerabilities
4.4.1.2 Explain the concepts of packet analysis and intrusion detection

4.4.1.3 Demonstrate ability to differentiate between attacks and normal user activity on a network
4.4.1.4 Identify intrusion detection methodologies and techniques for detecting host and network based intrusions
via intrusion detection technologies.
4.4.1.5 Demonstrate skill in identifying capturing, containing, and reporting malware
4.4.1.6 Demonstrate familiarity with Intrusion Detection System (IDS) tools and applications
4.4.1.7 Explain the need to analyze an entire network instead of a single device
4.4.1.8 Identify system diagnostic tools and fault identification techniques
4.4.1.9 Identify server diagnostic tools and fault identification techniques
4.4.1.10 Explain the concept of zero-day attacks
4.4.1.11 Describe general attack stages
4.4.1.12 Identify virtual machine aware malware, debugger aware malware, and packing
4.4.1.13 Explain malware analysis concepts and methodology
4.4.1.14 Identify malware analysis tools (e.g., Oily Debug, Ida Pro)
4.4.1.15 Describe network analysis methods
4.4.2 Incident Classification
4.4.2.1 Describe different classes of attacks
4.4.2.2 Demonstrate ability to identify the following characteristics of an incident:
• Origin or location (internal or external)
• Size or magnitude
• Area of impact
4.4.2.3 Demonstrate ability to categorize events (using the organization’s standard category definitions) and assign
events for further analysis, response, or disposition/closure

Included in
Requirements?
4.4.2.4 Report the pertinent information to the appropriate individual, group, or process
4.4.2.5 Determine the risk, threat level, or business impact of a confirmed incident
• Casualties
• Property damage
• Operational interruption or disruption
• Environmental contamination
4.4.2.6 Explain the importance of collecting incident data and intrusion artifacts (e.g., malware, logs) (to enable
mitigation of incidents)
4.4.2.7 Determine the risk of continuing operations
Technical Content Areas
4.4.3 Incident Detection
4.4.3.1 Intrusion detection tools
• Host Based Intrusion Detection Systems (HIDS)
• Network Based Intrusion Detection Systems (NIDS)
• Wireless Intrusion Detection Systems (WIDS)
4.4.3.2 Network monitoring resources, such as
• System logs
• History logs
• General logs
• Traffic analysis
• Network sniffer
4.4.3.3 Attack stages
• Footprinting and scanning
• Enumeration
• Gaining access
• Escalation of privileges
• Maintaining access
• Network exploitation
• Covering tracks
4.4.4 Incident Classification
4.4.4.1 Attack classes
• Passive
• Active
• Insider

Included in
Requirements?
• Close-in
• Distribution
4.5 Incident Response and Remediation: The knowledge, skills, and abilities needed to respond to and remediate an
incident, as well as restore functionality to the system or infrastructure.
4.5.1 Business Continuity Plan Implementation
4.5.1.1 Describe enterprise incident response program, roles, and responsibilities, including first responders
4.5.1.2 Explain and justify each step that occurs during Business Continuity Planning implementation:
• Identify the available continuity and recovery strategies for the entity’s operations that will meet the recovery
time objective and recovery point objectives identified during the Business Continuity Planning process
• Assess viability of alternative strategies against the results of business impact analysis/recovery time objectives
• Compare solutions
• Advantages
• Disadvantages
• Costs (startup, maintenance & execution)
• Mitigation capability and control options
• Ability to meet defined RTO and RPO
• Estimate the cost of implementing and maintaining recovery for the identified recovery strategies
• Validate that the recovery strategy being implemented is in line with the amount of business at risk
• Identify applicable emergency preparedness and response regulations

• Cooperate with other internal groups (e.g., information technology [IT], operational technology [OT],
management, compliance, legal, human resources, etc.) and external agencies according to applicable policies
and procedures
4.5.2 Criminal Law
4.5.2.1 Identify national and international laws, regulations, policies, and ethics as they relate to cybersecurity
4.5.2.2 Identify applicable laws and/or administrative/criminal legal guidelines and procedures relevant to work
performed
4.5.2.3 Explain legal rules of electronic evidence and court procedure (e.g., admissibility), such as the Federal Rules
of Evidence
4.5.2.4 Recognize legal trends that will impact cyber activities
4.5.2.5 Recognize the impact of technology trend data on laws, regulations, and/or policies

Included in
Requirements?
4.5.3 Crisis Communication
4.5.3.1 Identify relevant stakeholders that need to be contacted or that may have a vested interest or vital role in
communications about an organizational incident
4.5.3.2 Identify the appropriate communications protocols and channels (media and message) for each type of
stakeholder
4.5.3.3 Document communications produced during the incident
4.5.3.4 Provide notification service to other constituents (e.g., write and publish guidance or reports on incident
findings) to enable constituents to protect their assets and/or detect similar incidents
4.5.4 Forensics
4.5.4.1 Explain the concepts of data backup, types of backups, and recovery concepts and tools
4.5.4.2 Describe types of digital forensics data and how to recognize them
4.5.4.3 Explain deployable forensics
4.5.4.4 Recognize anti-forensics tactics, techniques, and procedures
4.5.4.5 Explain concepts and practices of processing digital forensic data
4.5.4.6 Identify which system files (e.g., log files, registry files, configuration files) contain relevant information and
where to find those system files
4.5.4.7 Describe investigative implications of hardware, operating systems, and network technologies
4.5.4.8 Explain the importance of collecting, processing, packaging, transporting, and storing electronic evidence to
avoid alteration, loss, physical damage, or destruction of data
4.5.4.9 Explain processes for seizing and preserving digital evidence (e.g., chain of custody)
4.5.5 Post Incident Activities and Analysis
4.5.5.1 Track and document incidents from initial detection through final resolution in support of future analytical
efforts and situational awareness
4.5.5.2 Assign and label data / information according to the appropriate class or category of sensitivity
4.5.5.3 Make appropriate changes to system security to ensure that vulnerabilities leading to incident have been
addressed (e.g., change passwords)
4.5.5.4 Explain the importance of validating system security prior to resumption of core activities and functions

4.5.6 Business Continuity Plan Implementation
4.5.6.1 Continuity and Recovery Strategies
• Identify internal dual usage space that could be equipped to support recovery (conference rooms, training
rooms, cafeterias, etc.)
• Contract with third party service providers / outsourcers
• Transfer staff and workload to an alternate site, considering
• Location
• Available space

Included in
Requirements?
• Suitability of space to need
• Communications capabilities (voice/data)
• Equipment available
• Availability of raw materials
• Hardness of the site (redundant power, water, etc.)
• Suspend operations that are not time sensitive in a surviving site and transfer people/workload from the
impacted site (displacement)
• Have staff work from home
• Prioritize customers
• Recover vital hard copy records and work in process to meet the RPO for these records and to ensure they are
accessible following a disaster (e.g., photocopy, scan, fiche)
• Outsource the entire technology environment (cloud computing, etc.), taking into account the limitations of
outsourcing OT systems
• Identify strategies for recovery of data in electronic form that meets the RPO established for these records and
ensures they are available following a disaster (e.g., physical and virtual tape backup, asynchronous replication,
synchronous replication)
4.5.7 Criminal Law
4.5.7.1 Applicable laws
• Electronic Communications Privacy Act
• Foreign Intelligence Surveillance Act
• Protect America Act
• Search and seizure laws
• Civil liberties and privacy laws
• US Statutes, (e.g., Titles 10, 18, 32, 50 in US Code)
• Presidential Directives
• Executive branch guidelines
4.5.8 Crisis Communication
4.5.8.1 Notification systems
• Email and group distribution lists
• Conference call
• Intranet
• Press conference
• Event information line
• Media sources
• Print

Included in
Requirements?
• Radio
• TV
• Internet
• Social media sites (e.g., Facebook, Twitter, LinkedIn)
4.5.9 Forensics
4.5.9.1 Types of backups
• Full
• Incremental
4.5.9.2 Forensic evidence formats, such as
• Hard drives
• Floppy diskettes
• Compact disc (CDs)
• Personal digital assistants (PDAs)
• Mobile phones
• Global positioning satellite devices (GPSs)
• All tape formats
4.5.9.3 Digital forensics data, such as
• Log files
• Registry files
• Configuration files
4.5.9.4 Basic forensic procedures
• Order of volatility
• Capture system image
• Network traffic and logs
• Capture video
• Record time offset
• Take hashes
• Screenshots
• Witnesses
• Track man hours and expense
4.5.10 Post Incident Activities and Analysis
4.5.10.1 Types of incident information to be documented
• Strategic, including succession planning

Included in
Requirements?
• Tactical
• Operational
• Emergency response
• Incident control and damage assessment
• Continuity and recovery
• Return-to-normal operations
Tier 5: Industry-Sector Functional Areas

5.1 Securely Provision (SP): Specialty Areas responsible for conceptualizing, designing, and building secure information
technology (IT) systems, with responsibility for aspects of system and network development.
5.1.1 Risk Management (RSK)
5.1.1.1 Authorizing Official/Designating Representative
5.1.1.2 Security Control Assessor
5.1.2 Software Development (DEV)
5.1.2.1 Software Developer
5.1.2.2 Secure Software Assessor
5.1.3 Systems Architecture (ARC)
5.1.3.1 Enterprise Architect
5.1.3.2 Security Architect
5.1.4 Technology R&D (TRD)
5.1.4.1 Research & Development Specialist
5.1.5 Systems Requirements Planning (SRP)
5.1.5.1 Systems Requirements Planner
5.1.6 Test and Evaluation (TST)
5.1.6.1 System Testing and Evaluation Specialist
5.1.7 Systems Development (SYS)
5.1.7.1 Information Systems Security Developer
5.1.7.2 Systems Developer
5.2 Operate and Maintain (OM): Specialty Areas responsible for providing the support, administration, and maintenance
necessary to ensure effective and efficient information technology (IT) system performance and security.
5.2.1 Data Administration (DTA)

5.2.1.1 Database Administrator
5.2.1.2 Data Analyst

Included in
Requirements?
5.2.2 Knowledge Management (KMG)
5.2.2.1 Knowledge Manager
5.2.3 Customer Service and Technical Support (STS)
5.2.3.1 Technical Support Specialist
5.2.4 Network Services (NET)
5.2.4.1 Network Operations Specialist
5.2.5 Systems Administration (ADM)
5.2.5.1 System Administrator
5.2.6 Systems Analysis (ANA)
5.2.6.1 Systems Security Analyst
5.3 Oversee and Govern (OV): Specialty Areas responsible for providing leadership, management, direction, or
development and advocacy so the organization may effectively conduct cybersecurity work.
5.3.1 Legal Advice and Advocacy (LGA)
5.3.1.1 Cyber Legal Advisor
5.3.1.2 Privacy Officer/Privacy Compliance Manager
5.3.2 Training, Education, and Awareness (TEA)
5.3.2.1 Cyber Instructional Curriculum Developer
5.3.2.2 Cyber Instructor
5.3.3 Cybersecurity Management (MGT)
5.3.3.1 Information Systems Security Manager
5.3.3.2 Communications Security (COMSEC) Manager
5.3.4 Strategic Planning and Policy (SPP)
5.3.4.1 Cyber Workforce Developer and Manager
5.3.4.2 Cyber Policy and Strategy Planner
5.3.5 Executive Cyber Leadership (EXL)
5.3.5.1 Executive Cyber Leadership
5.3.6 Program/Project Management (PMA) and Acquisition
5.3.6.1 Program Manager
5.3.6.2 IT Project Manager
5.3.6.3 Product Support Manager
5.3.6.4 IT Investment/Portfolio Manager
5.3.6.5 IT Program Auditor

Included in
Requirements?
5.4 Protect and Defend (PR): Specialty Areas responsible for identifying, analyzing, and mitigating threats to internal
information technology (IT) systems and networks.
5.4.1 Cyber Defense Analysis (CDA)
5.4.1.1 Cyber Defense Analyst
5.4.2 Cyber Defense Infrastructure Support (INF)
5.4.2.1 Cyber Defense Infrastructure Support Specialist
5.4.3 Incident Response (CIR)
5.4.3.1 Cyber Defense Incident Responder
5.4.4 Vulnerability Assessment and Management (VAM)
5.4.4.1 Vulnerability Assessment Analyst
5.5 Analyze (AN): Specialty Areas responsible for performing highly-specialized review and evaluation of incoming
cybersecurity information to determine its usefulness for intelligence.
5.5.1 Threat Analysis (TWA)
5.5.1.1 Threat/Warning Analyst
5.5.2 Exploitation Analysis (EXP)
5.5.2.1 Exploitation Analyst
5.5.3 All-Source Analysis (ASA)
5.5.3.1 All-Source Analyst
5.5.3.2 Mission Assessment Specialist
5.5.4 Targets (TGT)
5.5.4.1 Target Developer
5.5.4.2 Target Network Analyst
5.5.5 Language Analysis (LNG)
5.5.5.1 Multi-Disciplined Language Analyst
5.6 Collect and Operate (CO): Specialty Areas responsible for providing specialized denial and deception operations and
collection of cybersecurity information that may be used to develop intelligence.
5.6.1 Collection Operations (CLO)
5.6.1.1 All Source-Collection Manager
5.6.1.2 All Source-Collection Requirements Manager
5.6.2 Cyber Operational Planning (OPL)
5.6.2.1 Cyber Intel Planner
5.6.2.2 Cyber Ops Planner
5.6.2.3 Partner Integration Planner

Included in
Requirements?
5.6.3 Cyber Operations (OPS)
5.6.3.1 Cyber Operator
5.7 Investigate (IN): Specialty Areas responsible for investigating cybersecurity events or crimes related to information
technology (IT) systems, networks, and digital evidence.
5.7.1 Cyber Investigation (INV)
5.7.1.1 Cyber Crime Investigator
5.7.2 Digital Forensics (FOR)
5.7.2.1 Law Enforcement/Counterintelligence Forensics Analyst
5.7.2.2 Cyber Defense Forensics Analyst
[1]
A glossary of common Cybersecurity terms prepared by the National Initiative for Cybersecurity Careers and Studies (NICCS)
is available and contains many of the terms used in the model. The glossary is available online: http://niccs.us-
cert.gov/glossary
[2]
For general technology awareness, see the “Fundamental IT User Skills” block on Tier 2, page 12.

Cybersecurity Competency Model: Identifying Credential Competencies Worksheet

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cybersecurity Competency Model: Identifying Credential Competencies Worksheet

Uploaded by

Copyright:

Available Formats

Cybersecurity Competency Model

Identifying Credential Competencies Worksheet

Tier 1: Personal Effectiveness Competencies

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 1 of 38

1.2.3.3 Learn from mistakes

1.4.1.3 Persist at a task or problem despite obstacles or setbacks

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 2 of 38

1.4.2.3 Seek opportunities to influence events and originate action

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 3 of 38

1.7.1 Demonstrating an interest in learning

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 4 of 38

Tier 2: Academic Competencies

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 5 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 6 of 38

2.5.1 Listening or attending to information

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 7 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 8 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 9 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 10 of 38

Tier 3: Workplace Competencies

3.1.1.4 Guide others in learning new skills

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 11 of 38

3.1.4 Resolving conflicts

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 12 of 38

3.3.2 Generating innovative solutions

3.4.1.5 Recall previously learned information that is relevant to the problem

3.4.2.2 Examine information obtained for relevance and completeness

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 13 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 14 of 38

3.7 Health and Safety: Supporting a safe and healthy workplace.

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 15 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 16 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 17 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 18 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 19 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 20 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 21 of 38

Technical Content Areas:

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 22 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 23 of 38

4.3.2.6 Explain application firewall concepts and functions

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 24 of 38

4.3.4.5 Recognize the specialized system requirements of OT systems

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 25 of 38

4.3.6.10 Explain the impact and proper use of environmental controls

4.3.7.2 Demonstrate ability to install computer upgrades

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 26 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 27 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 28 of 38

4.4.1.2 Explain the concepts of packet analysis and intrusion detection

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 29 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 30 of 38

• Identify applicable emergency preparedness and response regulations

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 31 of 38

Technical Content Areas:

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 32 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 33 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 34 of 38

Tier 5: Industry-Sector Functional Areas

5.2.1 Data Administration (DTA)

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 35 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 36 of 38

Employment and Training Administration, U.S. Department of Labor www.doleta.gov 37 of 38