NICEFramework KSreview 11apr2022

NICE Framework Knowledge and Skill Statement Review (April 19, 2022)
In November 2020, the National Initiative for Cybersecurity Education (NICE), a program in the National Institute of Standards
U.S. Department of Commerce, released the first revision of the Workforce Framework for Cybersecurity (NICE Framework) (N
document updates the 2017 Cybersecurity Workforce Framework, which was largely based upon previous federal initiatives th
September 2012, codifying existing practices drawn from multiple federal government departments and agencies. As develop
Framework has evolved we recognize the need to broaden the Framework so it can serve as a national framework, intended f
levels, in the private sector, and in education and training. In the years since the 2017 publication was released, NICE has rece
national stakeholders as they’ve used the NICE Framework to describe and share information about cybersecurity work. That
that were incorporated in the 2020 revision, the most significant of which are:
• Deprecation of Specialty Areas
• Deprecation of Ability Statements
• Addition of Competency Areas
• Shifting NICE Framework data (Competencies, Work Roles, and Task, Knowledge, and Skill (TKS) statements) to live outside
These changes work together to ensure that the NICE Framework is agile, flexible, modular, and interoperable. Cybersecurity i
remains static -- it is ever-evolving and, in order to ensure an effective and capable cybersecurity workforce, the NICE Framew
the ability to adjust to meet current needs. This includes making sure that both the content accurately describes the cybersecu
Framework itself balances the need to be streamlined with offering enough complexity to be truly useful. The revision thus foc
the Task, Knowledge, and Skill (TKS) statements -- and their application via Work Roles and Competency Areas.
NICE is pleased to continue to refine and clarify this fundamental reference resource. A review of the deprecated Ability statem
2021; these were refactored and released in December 2021 for comment (some additional adjustments are being made as a
continues to refine and clarify the TKS statements by addressing unnecessary overlaps, unclear descriptions, and inconsistent
building blocks to be more measurable, meaningful, and useful. Accordingly, a review of existing Knowledge and Skill statemen
they follow the guidelines of the "Task, Knowledge, and Skill (TKS) Statements Authoring Guide for Workforce Frameworks" (T
further identified redundant content and addressed other issues that were brought forward in this process. The summary of
("NICE Framework Knowledge and Skill Statement Review: An Introduction and Summary of Updates") should be read prio
of this spreadsheet (see link below).
NIST enjoys a long-standing tradition of transparency, and NICE will be highly communicative of the proposed adjustments as
clarity and usability of the NICE Framework statements. Community feedback is welcome and we look forward to learning way
improve this resource.
PLEASE NOTE:
• The following spreadsheets identify related statements. Please note that not all related statements are identified for each sta
that have been marked as redundant, the related statements noted should be referred to in order to better understand the redu
• Additional review of the Knowledge and Skill statements, along with the refactored Ability statements shared earlier, will be d
comment period and prior to release.
• New statements that have been drafted as part of this review will be added to the identified Work Roles noted in the spreads
have been suggested for withdrawal due to redundancy, the related statements that are referenced will be added to Work Role
lose requirements.
• Following this work, a review of the Task statements and alignment of the Tasks to Knowledge and Skill statements will take
adjustments may be necessary as part of that process.
Links:
NICE Framework Knowledge and Skill Statement Review: An Introduction and Summary of Updates
National Initiative for Cybersecurity Education Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181r1
Task, Knowledge, and Skill (TKS) Statements Authoring Guide for Workforce Frameworks (TKS Authoring Guide)
NICE Framework Data Reference Spreadsheet (2017 Data)
NICE Framework Resource Center website
NICE Program website
Comments:
Send comments by 11:59 p.m. ET on June 3, 2022 to:
niceframework@nist.gov
ID Statement Updated statement
Skill in conducting vulnerability scans and recognizing

S0001 vulnerabilities in security systems. Skill in scanning for vulnerabilities.
Skill in conducting vulnerability scans and recognizing

S0001_1 vulnerabilities in security systems. Skill in recognizing vulnerabilities.
Skill in allocating storage capacity in the design of data
S0002 management systems. Skill in designing data storage solutions
Skill in allocating storage capacity in the design of data Skill in implementing data storage
S0002_1 management systems. solutions
Skill of identifying, capturing, containing, and reporting
S0003 malware. Skill in identifying malware.
S0003_1 malware. Skill in capturing malware.
S0003_2 malware. Skill in containing malware.
S0003_3 malware. Skill in reporting malware.
Skill in analyzing network traffic capacity and
S0004 performance characteristics. Withdraw
Skill in applying and incorporating information Skill in applying information technologies

S0005 technologies into proposed solutions. into proposed solutions.
Skill in applying confidentiality, integrity, and
S0006 availability principles. Withdraw
Skill in applying host/network access controls (e.g.,
S0007 access control list). Skill in applying host access controls.
Skill in applying host/network access controls (e.g.,
S0007_1 access control list). Skill in applying network access controls.
Skill in applying organization-specific systems analysis
S0008 principles and techniques. Skill in performing systems analysis
WITHDRAWN: Skill in assessing the robustness of
S0009 security systems and designs. (See S0027) Withdraw
Skill in conducting capabilities and requirements
S0010 analysis. Skill in performing capabilities analysis.
Skill in conducting capabilities and requirements
S0010_1 analysis. Skill in performing requirements analysis.
S0011 Skill in conducting information searches. Skill in conducting information searches.
Skill in conducting knowledge mapping (e.g., map of
S0012 knowledge repositories). Skill in creating knowledge maps.
Skill in conducting queries and developing algorithms
S0013 to analyze data structures. Skill in developing algorithms.
Skill in conducting queries and developing algorithms
S0013_1 to analyze data structures. Skill in performing data structure analysis.
S0014 Skill in conducting software debugging. Skill in debugging software.
S0015 Skill in conducting test events. Skill in conducting test events.
S0016 Skill in configuring and optimizing software. Skill in configuring software.

Skill in creating and utilizing mathematical or statistical
S0017 models. Skill in creating mathematical models.
Skill in creating and utilizing mathematical or statistical
S0017_1 models. Skill in creating statistical models.
Skill in creating policies that reflect system security
S0018 objectives. Skill in creating system security policies.
Skill in creating programs that validate and process
multiple inputs including command line arguments,
S0019 environmental variables, and input streams. Skill in implementing input validation.
S0020 Skill in developing and deploying signatures. Skill in developing signatures.
S0020_1 Skill in developing and deploying signatures. Skill in deploying signatures.
Skill in designing a data analysis structure (i.e., the
types of data a test must generate and how to analyze
S0021 that data). Skill in designing data analysis structures.
Skill in designing countermeasures to identified

S0022 security risks. Withdraw
Skill in designing security controls based on
S0023 cybersecurity principles and tenets. Skill in designing security controls.
Skill in designing the integration of hardware and Skill in designing the integration of
S0024 software solutions. hardware solutions.
Skill in designing the integration of hardware and Skill in designing the integration of
S0024_1 software solutions. software solutions.
Skill in detecting host and network based intrusions via Skill in detecting host- and network-based
S0025 intrusion detection technologies (e.g., Snort). intrusions.
S0025 Skill in detecting host and network based intrusions via Knowledge of intrusion detection tools and
K00** intrusion detection technologies (e.g., Snort). techniques.
Skill in determining an appropriate level of test rigor for Task: Determine appropriate level of test
S0026 a given system. rigor for a given system
Skill in determining how a security system should work

(including its resilience and dependability capabilities)
and how changes in conditions, operations, or the
S0027 environment will affect these outcomes. Withdraw
S0028 Skill in developing data dictionaries. Skill in developing data dictionaries.
S0029 Skill in developing data models. Skill in developing data models.
S0030 Skill in developing operations-based testing scenarios. Skill in developing testing scenarios.
Skill in developing and applying security system Skill in developing security system
S0031 access controls. controls.
Skill in developing, testing, and implementing network Skill in developing network infrastructure
S0032 infrastructure contingency and recovery plans. contingency and recovery plans.
Skill in developing, testing, and implementing network Skill in testing network infrastructure
S0032_1 infrastructure contingency and recovery plans. contingency and recovery
Skill in troubleshooting plans.
computer
S0033 Skill in diagnosing connectivity problems. networks.
Skill in discerning the protection needs (i.e., security Skill in identifying the protection needs of
S0034 controls) of information systems and networks. information systems and networks.
S0035 Skill in establishing a routing schema. Skill in establishing a routing schema.
S0036 Skill in evaluating the adequacy of security designs. Skill in evaluating security designs
S0037 Skill in generating queries and reports. Skill in preparing reports
Skill in identifying measures or indicators of system

performance and the actions needed to improve or
correct performance, relative to the goals of the
S0038 system. Skill in monitoring system performance.
Skill in identifying measures or indicators of system

performance and the actions needed to improve or
correct performance, relative to the goals of the Skill in configuring systems for
S0038_1 system. performance enhancement.
Skill in identifying possible causes of degradation of
system performance or availability and initiating Skill in troubleshooting system
S0039 actions needed to mitigate this degradation. performance.
Skill in implementing, maintaining, and improving Skill in implementing established network
S0040 established network security practices. security practices.
S0040 Skill in implementing, maintaining, and improving
T00** established network security practices. Task: Improve network security practices.
Skill in installing, configuring, and troubleshooting LAN
and WAN components such as routers, hubs, and
S0041 switches. Skill in configuring network devices.
Skill in installing, configuring, and troubleshooting LAN
and WAN components such as routers, hubs, and
S0041_1 switches. Skill in installing network devices.
Skill in maintaining databases. (i.e., backup, restore,
S0042 delete data, transaction log files, etc.). Skill in administering databases.
Skill in maintaining directory services. (e.g., Microsoft
S0043 Active Directory, LDAP, etc.). Skill in maintaining directory services.
S0044 Skill in mimicking threat behaviors. Skill in performing threat modeling.
S0045 Skill in optimizing database performance. Skill in optimizing database performance.
Skill in performing packet-level analysis using
S0046 appropriate tools (e.g., Wireshark, tcpdump). Withdraw
Skill in preserving evidence integrity according to Skill in preserving digital evidence

S0047 standard operating procedures or national standards. integrity.
S0048 Skill in systems integration testing. Skill in systems integration testing.
Skill in the measuring and reporting of intellectual
S0049 capital. Withdraw
Skill in design modeling and building use cases (e.g.,
S0050 unified modeling language). Skill in building use cases
S0050_1 Skill in design modeling and building use cases (e.g.,
K00** unified modeling language). Knowledge of design modeling
S0051_2 Skill in the use of penetration testing tools and Knowledge of penetration testing tools and
K00** techniques. techniques.
Skill in the use of social engineering techniques. (e.g.,
S0052 phishing, baiting, tailgating, etc.). Skill in performing social engineering.
S0053 Skill in tuning sensors. Skill in tuning network sensors.
S0054 Skill in using incident handling methodologies. Skill in handling incidents.
S0055 Knowledge of knowledge management
K00** Skill in using knowledge management technologies. tools and techniques.
Skill in using network management tools to analyze
network traffic patterns (e.g., simple network
S0056 management protocol). Skill in performing network traffic analysis.
S0057 Knowledge of protocol analyzer tools and
K00** Skill in using protocol analyzers. techniques.
Skill in using the appropriate tools for repairing
software, hardware, and peripheral equipment of a
S0058 system. Skill in repairing hardware
Skill in using the appropriate tools for repairing
software, hardware, and peripheral equipment of a
S0058_1 system. Skill in repairing system peripherals
Skill in using the appropriate tools for repairing Knowledge of software, hardware, and
S0058_2 software, hardware, and peripheral equipment of a peripheral equipment repair tools and
K00** system. techniques.
Skill in using Virtual Private Network (VPN) devices Skill in encrypting network
S0059 and encryption. communications.
Skill in writing code in a currently supported Skill in writing code in a currently

S0060 programming language (e.g., Java, C++). supported programming language.
S0061 Skill in writing test plans. Skill in creating test plans

Skill in analyzing memory dumps to extract
S0062 information. Skill in performing memory dump analysis.
Skill in collecting data from a variety of cyber defense
S0063 resources. Skill in collecting relevant data sources.
Skill in developing and executing technical training
S0064 programs and curricula. Skill in developing curricula.
Skill in developing and executing technical training
S0064_1 programs and curricula. Skill in teaching training programs.
Skill in identifying and extracting data of forensic Skill in identifying forensics data in diverse
S0065 interest in diverse media (i.e., media forensics). media.
Skill in identifying and extracting data of forensic Skill in extracting forensics data in diverse
S0065_1 interest in diverse media (i.e., media forensics). media.
S0065 Skill in identifying and extracting data of forensic
K00** interest in diverse media (i.e., media forensics). Knowledge of media forensics
Skill in identifying gaps in technical
S0066 Skill in identifying gaps in technical capabilities. capabilities.
Skill in identifying, modifying, and manipulating
applicable system components within Windows, Unix, Skill in manipulating operating system
S0067 or Linux (e.g., passwords, user accounts, files). components.
Skill in collecting, processing, packaging, transporting,
and storing electronic evidence to avoid alteration,
S0068 loss, physical damage, or destruction of data. Skill in collecting digital evidence.
S0068_1 loss, physical damage, or destruction of data. Skill in processing digital evidence.
S0068_2 loss, physical damage, or destruction of data. Skill in transporting digital evidence.
S0068_3 loss, physical damage, or destruction of data. Skill in storing digital evidence.
S0069 Skill in setting up a forensic workstation. Task: Set up a forensic workstation
Skill in talking to others to convey information
S0070 effectively. Skill in communicating effectively
S0071 Skill in using forensic tool suites (e.g., EnCase, Knowledge of digital forensics tools and
K00** Sleuthkit, FTK). techniques.
Skill in using scientific rules and methods to solve
S0072 problems. Withdraw
Skill in using virtual machines. (e.g., Microsoft Hyper-

V, VMWare vSphere, Citrix XenDesktop/Server,
S0073 Amazon Elastic Compute Cloud, etc.). Withdraw
S0074 Skill in physically disassembling PCs. Skill in disassembling PCs.
Skill in conducting forensic analyses in multiple
operating system environments (e.g., mobile device
S0075 systems). Skill in performing digital forensics analysis
Skill in configuring and utilizing software-based
computer protection tools (e.g., software firewalls, Skill in configuring software-based
S0076 antivirus software, anti-spyware). computer protection tools.
S0077 Skill in securing network communications. Skill in securing network communications.

Skill in recognizing and categorizing types of
S0078 vulnerabilities and associated attacks. Skill in categorizing types of vulnerabilities.
Skill in protecting a network against malware. (e.g.,
NIPS, anti-malware, restrict/prevent external devices, Skill in protecting a network against
S0079 spam filters). malware.
S0080 Skill in performing damage assessments. Skill in performing damage assessments.
Skill in using network analysis tools to identify
S0081 vulnerabilities. (e.g., fuzzing, nmap, etc.). Withdraw
Skill in evaluating test plans for applicability and
S0082 completeness. Withdraw
Skill in integrating black box security testing tools into
S0083 quality assurance process of software releases. Skill in applying black-box software testing
S0083_1 Skill in integrating black box security testing tools into
K00** quality assurance process of software releases. Knowledge of black-box software testing
S0083_2 Skill in integrating black box security testing tools into Task: Integrate black-box security testing
T00** quality assurance process of software releases. tools into quality assurance processes
Skill in configuring and utilizing network protection
components (e.g., Firewalls, VPNs, network intrusion Skill in configuring network protection
S0084 detection systems). components.
Skill in conducting audits or reviews of technical
S0085 systems. Skill in auditing technical systems.
Skill in evaluating the trustworthiness of the supplier Skill in evaluating the trustworthiness of a
S0086 and/or product. supply chain.
Skill in deep analysis of captured malicious code (e.g.,
S0087 malware forensics). Withdraw
Skill in using binary analysis tools (e.g., Hexedit,
S0088 command code xxd, hexdump). Skill in performing binary analysis.
Skill in one-way hash functions (e.g., Secure Hash Skill in implementing one-way hash
S0089 Algorithm [SHA], Message Digest Algorithm [MD5]). functions.
Skill in analyzing anomalous code as malicious or
S0090 benign. Skill in performing source code analysis.
S0091 Skill in analyzing volatile data. Skill in performing volatile data analysis.
S0092 Skill in identifying obfuscation techniques. Withdraw
Skill in interpreting results of debugger to ascertain
S0093 tactics, techniques, and procedures. Skill in interpreting debugger results.
S0094
K00** Skill in reading Hexadecimal data. Knowledge of hexadecimal data.
Skill in identifying common encoding techniques (e.g.,

Exclusive Disjunction [XOR], American Standard Code
for Information Interchange [ASCII], Unicode, Base64, Skill in identifying common encoding
S0095 Uuencode, Uniform Resource Locator [URL] encode). techniques.
S0096 Skill in reading and interpreting signatures (e.g., snort). Skill in reading signatures.
S0096_1 Skill in reading and interpreting signatures (e.g., snort). Skill in interpreting signatures.
S0097 Skill in applying security controls. Skill in applying security controls.

WITHDRAWN: Skill in detecting host and network
based intrusions via intrusion detection technologies.
S0098 (See S0025) Withdraw
WITHDRAWN: Skill in determining how a security
system should work and how changes in conditions,
operations, or the environment will affect these
S0099 outcomes. (See S0027) Withdraw
Skill in utilizing or developing learning activities (e.g.,
S0100 scenarios, instructional games, interactive exercises). Skill in developing learning activities.
Skill in utilizing technologies (e.g., SmartBoards,
websites, computers, projectors) for instructional Skill in applying technologies for
S0101 purposes. instructional purposes.
S0102 Skill in applying technical delivery capabilities. Withdraw
Skill in assessing the predictive power and subsequent
S0103 generalizability of a model. Withdraw
Skill in conducting Test Readiness
S0104 Skill in conducting Test Readiness Reviews. Reviews (TRR)
WITHDRAWN: Skill in data mining techniques. (See
S0105 S0202) Withdraw
Skill in data pre-processing (e.g., imputation,

dimensionality reduction, normalization,
S0106 transformation, extraction, filtering, smoothing). Skill in performing data preprocessing.
Skill in designing and documenting overall program Skill in designing Test and Evaluation
S0107 Test & Evaluation strategies. Strategies (TES)
Skill in developing workforce and position qualification Skill in developing position qualification
S0108 standards. requirements
Skill in identifying hidden patterns or
S0109 Skill in identifying hidden patterns or relationships. relationships.
Skill in identifying Test and Evaluation
Skill in identifying Test & Evaluation infrastructure Strategies (TES) infrastructure
S0110 (people, ranges, tools, instrumentation) requirements. requirements
S0111 Skill in interfacing with customers. Skill in interfacing with customers.

Skill in managing test assets, test resources, and test
personnel to ensure effective completion of test
S0112 events. Skill in managing test assets
Skill in performing format conversions to create a
S0113 standard representation of the data. Skill in performing format conversions.
S0114 Skill in performing sensitivity analysis. Skill in performing sensitivity analysis.
S0115 Skill in preparing Test & Evaluation reports. Withdraw

Skill in designing multi-level security/cross domain Skill in designing multi-level security
S0116 solutions. solutions.
Skill in designing multi-level security/cross domain
S0116_1 solutions. Skill in designing cross-domain solutions.
Skill in providing test and evaluation
S0117 Skill in providing Test & Evaluation resource estimate. resource estimates
Skill in developing machine understandable semantic Skill in developing machine
S0118 ontologies. understandable semantic ontologies.
Skill in Regression Analysis (e.g., Hierarchical
Stepwise, Generalized Linear Model, Ordinary Least
S0119 Squares, Tree-Based Methods, Logistic). Skill in performing regression analysis.
Skill in reviewing logs to identify evidence of past
S0120 intrusions. Skill in reviewing logs
Skill in reviewing logs to identify evidence of past Skill in identifying evidence of past
S0120_1 intrusions. intrusions
Skill in system, network, and OS hardening

techniques. (e.g., remove unnecessary services,
password policies, network segmentation, enable
S0121 logging, least privilege, etc.). Skill in applying hardening techniques.
S0122
K00** Skill in using of design methods. Knowledge of design methods.
Skill in transformation analytics (e.g., aggregation, Skill in performing transformation
S0123 enrichment, processing). analytics.
Skill in troubleshooting and diagnosing cyber defense Skill in troubleshooting cyber defense
S0124 infrastructure anomalies and work through resolution. infrastructure anomalies.
Skill in using basic descriptive statistics and
techniques (e.g., normality, model distribution, scatter
S0125 plots). Skill in applying descriptive statistics
S0126 Skill in using data analysis tools (e.g., Excel, STATA Knowledge of data analysis tools and
K00** SAS, SPSS). techniques.
S0127 Knowledge of data mapping tools and
K00** Skill in using data mapping tools. techniques.
S0128 Skill in using manpower and personnel IT systems. Skill in managing a workforce
S0128_1 Knowledge of personnel systems and
K00** Skill in using manpower and personnel IT systems. software
Skill in using outlier identification and removal
S0129 techniques. Skill in detecting anomalies
Skill in using outlier identification and removal
S0129_1 techniques. Skill in removing outliers
Skill in writing scripts using R, Python, PIG, HIVE,
S0130 SQL, etc. Skill in writing scripts
S0131 Skill in analyzing malware. Skill in performing malware analysis.
S0132 Skill in conducting bit-level analysis. Skill in performing bit-level analysis.
Skill in processing digital evidence, to include
protecting and making legally sound copies of
S0133 evidence. Skill in creating digital evidence copies
S0134 Skill in conducting reviews of systems. Skill in conducting system reviews.

Skill in secure test plan design (e. g. unit, integration,
S0135 system, acceptance). Skill in designing secure test plans.
Skill in network systems management principles,
S0136 models, methods (e.g., end-to-end systems Knowledge of network systems
K00** performance monitoring), and tools. management principles and practices.
Skill in network systems management principles,
S0136_1 models, methods (e.g., end-to-end systems Knowledge of network systems
K00** performance monitoring), and tools. management tools and techniques.
Skill in conducting application vulnerability Skill in assessing application
S0137 assessments. vulnerabilities.
Skill in using Public-Key Infrastructure (PKI) encryption
and digital signature capabilities into applications (e.g., Skill in implementing public key
S0138 S/MIME email, SSL traffic). infrastructure (PKI) encryption
Skill in using Public-Key Infrastructure (PKI) encryption
and digital signature capabilities into applications (e.g.,
S0138_1 S/MIME email, SSL traffic). Skill in implementing digital signatures
Skill in applying security models (e.g., Bell-LaPadula
model, Biba integrity model, Clark-Wilson integrity
S0139 model). Skill in applying security models.
S0140 Skill in applying the systems engineering process. Skill in performing systems engineering.
Skill in assessing security systems
S0141 Skill in assessing security systems designs. designs.
Skill in conducting research for troubleshooting novel Skill in troubleshooting client-level
S0142 client-level problems. problems.
Skill in conducting system/server planning,
S0143 management, and maintenance. Skill in managing servers
Skill in conducting system/server planning,
S0143_2 management, and maintenance. Skill in managing workstations
Skill in correcting physical and technical problems that
S0144 impact system/server performance. Withdraw
Skill in integrating and applying policies that meet Skill in applying policies that meet system
S0145 system security objectives. security objectives.
Skill in creating policies that enable systems to meet
performance objectives (e.g. traffic routing, SLA's,
S0146 CPU specifications). Skill in creating policies
Skill in creating policies that enable systems to meet
performance objectives (e.g. traffic routing, SLA's,
S0146_1 CPU specifications). Skill in defining performance objectives
Skill in assessing security controls based on
cybersecurity principles and tenets. (e.g., CIS CSC,
S0147 NIST SP 800-53, Cybersecurity Framework, etc.). Skill in assessing security controls
Skill in designing the integration of technology
processes and solutions, including legacy systems and Skill in designing technology processes
S0148 modern programming languages. and solutions.
Skill in designing the integration of technology
processes and solutions, including legacy systems and Skill in integrating technology processes
S0148_1 modern programming languages. and solutions.
Skill in developing applications that can log and handle Skill in implementing error handling in
S0149 errors, exceptions, and application faults and logging. applications.
Skill in implementing and testing network infrastructure Skill in implementing network infrastructure
S0150 contingency and recovery plans. contingency and recovery plans.
Skill in troubleshooting failed system components (i.e., Skill in troubleshooting failed system
S0151 servers) components.
Skill in translating operational requirements into Skill in translating operational
S0152 protection needs (i.e., security controls). requirements into security controls.
Skill in identifying and anticipating system/server
performance, availability, capacity, or configuration
S0153 problems. Withdraw
Skill in installing system and component upgrades. Skill in installing system and component
S0154 (i.e., servers, appliances, network devices). upgrades.
Skill in monitoring and optimizing system/server
S0155 performance. Skill in monitoring system performance.
Skill in monitoring and optimizing system/server
S0155_1 performance. Skill in optimizing system performance.
S0156 Skill in performing packet-level analysis. Skill in performing packet-level analysis.

Skill in recovering failed systems/servers. (e.g.,
S0157 recovery software, failover clusters, replication, etc.). Skill in recovering failed systems.
Skill in operating system administration. (e.g., account

maintenance, data backups, maintain system
performance, install and configure new
S0158 hardware/software). Skill in administering operating systems.
Skill in configuring and validating network workstations
and peripherals in accordance with approved Skill in configuring network workstations
S0159 standards and/or specifications. and peripherals
Skill in configuring and validating network workstations
and peripherals in accordance with approved Skill in validating network workstations and
S0159_1 standards and/or specifications. peripherals
Skill in the use of design modeling (e.g., unified
S0160 modeling language). Skill in performing design modeling.
S0161 WITHDRAWN:
Skill in applyingIntegrated into S0160
various subnet techniques (e.g., Withdraw
S0162 CIDR) Skill in applying subnet techniques.
S0163 WITHDRAWN: Integrated into S0060 Withdraw
Skill in assessing the application of cryptographic

S0164 standards. Withdraw
WITHDRAWN: Skill in collecting, packaging,

transporting, and storing electronic evidence to avoid
alteration, loss, physical damage, or destruction of
S0165 data. (See S0068) Withdraw
Skill in identifying gaps in technical delivery
S0166 capabilities. Withdraw
Skill in recognizing vulnerabilities in security systems.
S0167 (e.g., vulnerability and compliance scanning). Withdraw
Skill in setting up physical or logical sub-networks that
separate an internal local area network (LAN) from
S0168 other untrusted networks. Skill in implementing network segregation.
S0169 Skill in conducting trend analysis. Skill in performing trend analysis.
Skill in configuring and utilizing computer protection
components (e.g., hardware firewalls, servers, routers, Skill in configuring computer protection
S0170 as appropriate). components.
S0171 Skill in performing impact/risk assessments. Skill in performing risk assessments.
S0172 Skill in applying secure coding techniques. Skill in applying secure coding techniques.
S0173 Knowledge of security event correlation
K00** Skill in using security event correlation tools. tools and techniques.
S0174 Knowledge of code analysis tools and
K00** Skill in using code analysis tools. techniques.
S0175 Skill in performing root cause analysis. Skill in performing root cause analysis.
Skill in administrative planning activities, to include

preparation of functional and specific support plans,
preparing and managing correspondence, and staffing Skill in performing administrative planning
S0176 procedures. activities.
Skill in performing network communication
S0177 Skill in analyzing a target's communication networks. analysis
Skill in analyzing essential network data (e.g., router
S0178 configuration files, routing protocols). Skill in performing network data analysis.
Skill in analyzing language processing tools to provide Skill in performing language processing
S0179 feedback to enhance tool development. tool analysis
Skill in performing midpoint collection data
S0181 Skill in analyzing midpoint collection data. analysis
Skill in performing internal and external
Skill in analyzing target communications internals and wireless LAN (WLAN) communications
S0182 externals collected from wireless LANs. analysis
Skill in analyzing terminal or environment collection
S0183 data. Withdraw
S0184 Skill in analyzing traffic to identify network devices. Skill in performing network traffic analysis.
Skill in applying analytical methods typically employed
to support planning and to justify recommended
S0185 strategies and courses of action. Withdraw
Skill in applying crisis planning
S0186 Skill in applying crisis planning procedures. procedures.
Skill in applying various analytical methods, tools, and

techniques (e.g., competing hypotheses; chain of
reasoning; scenario methods; denial and deception
detection; high impact-low probability;
S0187 network/association or link analysis; Bayesian, Delphi, Knowledge of analytical tools and
K00** and Pattern analyses). techniques.
Skill in assessing a target's frame of reference (e.g.,
motivation, technical capability, organizational
S0188 structure, sensitivities). Skill in developing target assessments.
Skill in assessing and/or estimating effects generated Skill in assessing effects generated during
S0189 during and after cyber operations. and after cyber operations.
Skill in assessing current tools to identify needed
S0190 improvements. Withdraw
Skill in assessing the applicability of available
S0191 analytical tools to various situations. Withdraw
Skill in auditing firewalls, perimeters, routers, and
S0192 intrusion detection systems. Skill in auditing network devices.
Skill in complying with the legal restrictions for targeted
S0193 information. Withdraw
Skill in conducting non-attributable

S0194 Skill in conducting non-attributable research. research.
Skill in conducting research using all available Skill in performing open source
S0195 sources. intelligence (OSINT) research.
S0196 Skill in conducting research using deep web. Skill in conducting deep web research.
Skill in conducting social network analysis, buddy list
S0197 analysis, and/or cookie analysis. Skill in analyzing social networks.
S0198 Skill in conducting social network analysis. Withdraw
Skill in creating and extracting important information
S0199 from packet captures. Withdraw
Skill in creating collection requirements in support of Skill in creating intelligence collection
S0200 data acquisition activities. requirements.
Skill in creating plans in support of remote operations.
(i.e., hot/warm/cold/alternative sites, disaster Skill in creating plans in support of remote
S0201 recovery). operations.
Skill in data mining techniques (e.g., searching file
S0202 systems) and analysis. Skill in mining data
Skill in data mining techniques (e.g., searching file
S0202_1 systems) and analysis. Skill in performing data mining analysis
Skill in defining and characterizing all pertinent aspects Skill in defining an operational
S0203 of the operational environment. environment.
Skill in depicting source or collateral data on a network
S0204 map. Skill in depicting data on a network map.
Skill in determining appropriate targeting options
through the evaluation of available capabilities against
S0205 desired effects. Skill in performing target analysis.
Skill in determining installed patches on various
S0206 operating systems and identifying patch signatures. Skill in installing patches
Skill in determining installed patches on various

S0206_1 operating systems and identifying patch signatures. Skill in identifying patch signatures
Skill in determining the effect of various router and
firewall configurations on traffic patterns and network
S0207 performance in both LAN and WAN environments. Withdraw
Skill in determining the physical location of network Skill in determining the physical location of
S0208 devices. network devices.
Skill in developing and executing comprehensive cyber
operations assessment programs for assessing and Skill in developing comprehensive cyber
S0209 validating operational performance characteristics. operations assessment programs.
Skill in developing and executing comprehensive cyber

operations assessment programs for assessing and Skill in executing comprehensive cyber
S0209_1 validating operational performance characteristics. operations assessment programs.
S0210 Skill in developing intelligence reports. Withdraw
Skill in developing or recommending analytic

approaches or solutions to problems and situations for
which information is incomplete or for which no
S0211 precedent exists. Skill in developing analytics
Skill in developing or recommending analytic

approaches or solutions to problems and situations for
S0211_1 which information is incomplete or for which no
K00** precedent exists. Knowledge of analytics
Skill in disseminating items of highest intelligence
S0212 value in a timely manner. Withdraw
Skill in documenting and communicating complex
S0213 technical and programmatic information. Withdraw
Skill in evaluating accesses for intelligence
S0214 Skill in evaluating accesses for intelligence value. value.
S0215 Skill in evaluating and interpreting metadata. Skill in evaluating metadata.
S0215_1 Skill in evaluating and interpreting metadata. Skill in interpreting metadata.

Skill in evaluating available capabilities against desired
S0216 effects to provide effective courses of action. Withdraw
Skill in evaluating data sources for relevance,
S0217 reliability, and objectivity. Skill in evaluating data source quality.
Skill in evaluating information for reliability, validity,

S0218 and relevance. Skill in evaluating information quality.
Skill in evaluating information to recognize relevance,
S0219 priority, etc. Withdraw
Skill in exploiting/querying organizational and/or
S0220 partner collection databases. Skill in querying collection databases.
Skill in extracting information from packet
S0221 Skill in extracting information from packet captures. captures.
S0222 Skill in fusion analysis Skill in performing fusion analysis

Skill in generating operation plans in support of
S0223 mission and target requirements. Skill in generating operation plans
S0224 Skill in gisting target communications. Withdraw
Skill in identifying target communications
S0225 Skill in identifying a target’s communications networks. networks.
Skill in identifying target network
S0226 Skill in identifying a target's network characteristics. characteristics.
Skill in identifying alternative analytical interpretations
S0227 to minimize unanticipated outcomes. Withdraw
Skill in identifying critical target elements, to include

S0228 critical target elements for the cyber domain. Withdraw
Skill in identifying cyber threats which may jeopardize

S0229 organization and/or partner interests. Skill in identifying cybersecurity threats.
S0231 Skill in identifying how a target communicates. Withdraw
Skill in identifying intelligence gaps and
S0232 Skill in identifying intelligence gaps and limitations. limitations.
Skill in identifying language issues that may have an
S0233 impact on organization objectives. Withdraw
S0234 Skill in identifying leads for target development. Withdraw

Skill in identifying non-target regional languages and Skill in identifying regional languages and
S0235 dialects dialects.
Skill in identifying the devices that work at each level

S0236 of protocol models. Withdraw
Skill in identifying, locating, and tracking targets via Skill in performing geospatial data
S0237 geospatial analysis techniques analysis.
Skill in information prioritization as it relates to
S0238 operations. Skill in prioritizing information.
Skill in interpreting compiled programming

languages.
Skill in interpreting compiled and interpretive Skill in interpreting interpreted
S0239 programming languages. programming languages.
Skill in interpreting metadata and content as applied by
S0240 collection systems. Skill in interpreting metadata.
Skill in interpreting traceroute results, as they apply to
S0241 network analysis and reconstruction. Skill in interpreting traceroute results
Skill in interpreting vulnerability scanner results to Skill in interpreting vulnerability scanner
S0242 identify vulnerabilities. results.
Skill in knowledge management, including technical
S0243 documentation techniques (e.g., Wiki page). Withdraw
Skill in managing client relationships, including

determining client needs/requirements, managing
client expectations, and demonstrating commitment to
S0244 delivering quality results. Skill in managing client relationships.
S0245 Skill in navigating network visualization software. Skill in performing network visualization
S0246 Skill in number normalization. Skill in performing data normalization.
Skill in performing data fusion from existing intelligence
S0247 for enabling new and continued collection. Skill in performing data fusion.
S0248 Skill in performing target system analysis. Skill in performing target system analysis.
S0249 Skill in preparing and presenting briefings. Skill in preparing briefings.
S0250 Skill in preparing plans and related correspondence. Skill in preparing plans.
S0251 Skill in prioritizing target language material. Withdraw

Skill in processing collected data for
S0252 Skill in processing collected data for follow-on analysis. follow-on analysis.
Skill in providing analysis on target-related matters
S0253 (e.g., language, cultural, communications). Withdraw
Skill in providing analysis to aid writing phased after
S0254 action reports. Skill in producing after action reports.
Skill in providing real-time, actionable geolocation
S0255 information utilizing target infrastructures. Withdraw
Skill in providing understanding of target or threat
systems through the identification and link analysis of
S0256 physical, functional, or behavioral relationships. Withdraw
Skill in reading, interpreting, writing, modifying, and

executing simple scripts (e.g., PERL, VBS) on
Windows and Unix systems (e.g., those that perform
tasks like parsing large data files, automating manual
S0257 tasks, and fetching/processing remote data). Withdraw
Skill in recognizing and interpreting malicious network Skill in recognizing malicious network
S0258 activity in traffic. activity in traffic.
Skill in recognizing and interpreting malicious network Skill in interpreting malicious network
S0258_1 activity in traffic. activity in traffic.
S0259 Skill in recognizing denial and deception techniques of Knowledge of denial and deception tools
K00** the target. and techniques.
Skill in recognizing midpoint opportunities and
S0260 essential information. Withdraw
S0261 Skill in recognizing relevance of information. Withdraw

Skill in recognizing significant changes in a target’s
S0262 communication patterns. Withdraw
Skill in recognizing technical information that may be
S0263 used for leads for metadata analysis. Skill in identifying technical information.

used for leads to enable remote operations (data
includes users, passwords, email addresses, IP
ranges of the target, frequency in DNI behavior, mail
S0264 servers, domain servers, SMTP header information). Withdraw
used for target development including intelligence
S0265 development. Withdraw
Skill in relevant programming languages (e.g., C++,
S0266 Python, etc.). Skill in programming.
S0267 Skill in remote command line and Graphic User Knowledge of remote command line tools
K00** Interface (GUI) tool usage. and techniques
S0267_1 Skill in remote command line and Graphic User Knowledge of Graphic User Interface
K00** Interface (GUI) tool usage. (GUI) tools and techniques
S0268 Skill in researching essential information. Withdraw
Skill in researching vulnerabilities and exploits utilized Skill in researching software
S0269 in traffic. vulnerabilities.
Skill in researching vulnerabilities and exploits utilized
S0269_1 in traffic. Skill in researching software exploits.
Skill in reverse engineering (e.g., hex editing, binary

packaging utilities, debugging, and strings analysis) to Skill in performing reverse engineering of
S0270 identify function and ownership of remote tools. software.
S0271 Skill in reviewing and editing assessment products. Withdraw

Skill in reviewing and editing intelligence products from
S0272 various sources for cyber operations. Skill in analyzing intelligence products
S0273 Skill in reviewing and editing plans. Withdraw
S0274 Skill in reviewing and editing target materials. Skill in creating target materials.
S0275 Skill in server administration. Skill in administering servers.
Skill in survey, collection, and analysis of wireless LAN
S0276 metadata. Withdraw
Skill in synthesizing, analyzing, and prioritizing
S0277 meaning across data sets. Skill in performing data analysis.
Skill in tailoring analysis to the necessary levels (e.g.,

S0278 classification and organizational). Withdraw
Skill in target development in direct support of
S0279 collection operations. Withdraw
Skill in target network anomaly identification (e.g.,

intrusions, dataflow or processing, target
S0280 implementation of new technologies). Skill in identifying network anomalies.
S0281 Skill in technical writing. Skill in performing technical writing.

S0282 Skill in testing and evaluating tools for implementation. Skill in testing tools for implementation.
S0282_1 Skill in testing and evaluating tools for implementation. Skill in evaluating tools for implementation.
Skill in transcribing target language
S0283 Skill in transcribing target language communications. communications.
Skill in translating target graphic and/or voice language
S0284 materials. Skill in translating languages
Skill in using Boolean operators to construct simple

S0285 and complex queries. Skill in querying data.
Skill in using databases to identify target-relevant
S0286 information. Skill in determining relevant information.
Skill in using geospatial data and applying geospatial
S0287 resources. Skill in applying geospatial resources
S0287_1 Skill in using geospatial data and applying geospatial
K00** resources. Knowledge of geospatial data
Skill in using multiple analytic tools, databases, and

techniques (e.g., Analyst’s Notebook, A-Space,
Anchory, M3, divergent/convergent thinking, link
S0288 charts, matrices, etc.). Withdraw
Skill in using multiple search engines (e.g., Google,
Yahoo, LexisNexis, DataStar) and tools in conducting
S0289 open-source searches. Skill in conducting open-source searches.
S0290 Skill in using non-attributable networks. Skill in evading network detection

S0290_1
K00** Skill in using non-attributable networks. Knowledge of non-attributable networks
Skill in using research methods including multiple,
S0291 different sources to reconstruct a target network. Skill in reconstructing target networks.
S0292 Skill in using targeting databases and software
K00** packages. Knowledge of targeting databases
S0292_1 Skill in using targeting databases and software Knowledge of targeting systems and
K00** packages. software
Skill in using tools, techniques, and procedures to
S0293 remotely exploit and establish persistence on a target. Skill in establishing persistence
Skill in using trace route tools and interpreting the
results as they apply to network analysis and
S0294 reconstruction. Skill in reconstructing a network
Skill in using trace route tools and interpreting the
S0294_1 results as they apply to network analysis and Knowledge of network discovery tools and
K00** reconstruction. techniques
Skill in using various open source data collection tools
S0295 (online trade, DNS, mail, etc.). Withdraw
Skill in utilizing feedback to improve processes,

S0296 products, and services. Skill in incorporating feedback
S0297 Skill in utilizing virtual collaborative workspaces and/or Knowledge of virtual collaborative
K00** tools (e.g., IWS, VTCs, chat rooms, SharePoint). workspace tools and techniques
Skill in verifying the integrity of all files. (e.g.,
checksums, Exclusive OR, secure hashes, check
S0298 constraints, etc.). Skill in verifying the integrity of files.
Skill in wireless network target analysis, templating, Skill in performing wireless network
S0299 and geolocation. analysis.
Skill in writing (and submitting) requirements to meet

S0300 gaps in technical capabilities. Skill in identifying requirements.
Skill in writing about facts and ideas in a clear,
S0301 convincing, and organized manner. Withdraw
S0302 Skill in writing effectiveness reports. Withdraw
Skill in writing, reviewing and editing cyber-related
Intelligence/assessment products from multiple
S0303 sources. Withdraw
Skill to access information on current assets available,
S0304 usage. Withdraw
Skill to access the databases where
S0305 plans/directives/guidance are maintained. Skill in navigating databases.
Skill to analyze strategic guidance for issues requiring Skill in performing strategic guidance
S0306 clarification and/or additional guidance. analysis
Skill to analyze target or threat sources of strength and
S0307 morale. Withdraw
Skill to anticipate intelligence capability employment
S0308 requirements. Withdraw
Skill to anticipate key target or threat activities which
S0309 are likely to prompt a leadership decision. Withdraw
Skill to apply analytical standards to evaluate Skill in applying analytical standards to
S0310 intelligence products. evaluate intelligence products.
Skill to apply the capabilities, limitations and tasking

methodologies of available platforms, sensors,
architectures and apparatus as they apply to
S0311 organization objectives. Skill in integrating organization objectives
Skill to apply the process used to assess the
S0312 performance and impact of cyber operations. Skill in assessing cyber operations.
Skill to articulate a needs statement/requirement and
integrate new and emerging collection capabilities, Skill in creating intelligence collection
S0313 accesses and/or processes into collection operations. requirements
Skill to articulate intelligence capabilities available to
S0314 support execution of the plan. Withdraw
Skill to articulate the needs of joint planners to all-
S0315 source analysts. Withdraw
Skill to associate Intelligence gaps to priority
S0316 information requirements and observables. Skill in identifying intelligence gaps
Skill to compare indicators/observables with Skill in comparing indicators with
S0317 requirements. requirements
Skill to compare indicators/observables with Skill in comparing observables with
S0317_1 requirements. requirements
Skill to conceptualize the entirety of the intelligence
S0318 process in the multiple domains and dimensions. Withdraw
Skill to convert intelligence requirements into Skill in converting itelligence requirements
S0319 intelligence production tasks. into intelligence production tasks.
Skill to coordinate the development of tailored
S0320 intelligence products. Skill in coordinating product development
Skill to coordinate the development of tailored Skill in developing tailored intelligence
S0320_1 intelligence products. products
Skill to correlate intelligence priorities to the allocation
S0321 of intelligence resources/assets. Skill in allocating resources
Skill to craft indicators of operational
S0322 progress/success. Skill in defining progress indicators
Skill to craft indicators of operational
S0322_1 progress/success. Skill in defining success indicators
Skill to create and maintain up-to-date planning
S0323 documents and tracking of services/production. Skill in creating planning documents
S0323_1 documents and tracking of services/production. Skill in maintaining planning documents
S0323_2 documents and tracking of services/production. Skill in tracking services
Skill in evaluating feasibility of intelligence
S0324 Skill to determine feasibility of collection. collection sources
Skill to develop a collection plan that clearly shows the
discipline that can be used to collect the information Skill in developing intelligence collection
S0325 needed. plans
Skill to distinguish between notional and actual
resources and their applicability to the plan under Skill in distinguishing between notional
S0326 development. and actual resources.
Skill to ensure that the collection strategy leverages all
S0327 available resources. Skill in developing collection strategies
Skill to evaluate factors of the operational environment Skill in evaluating operational
S0328 to objectives, and information requirements. environments.
Skill to evaluate factors of the operational environment Skill in determining information
S0328_1 to objectives, and information requirements. requirements.
Skill to evaluate requests for information to determine
S0329 if response information exists. Skill in fulfilling information requests.
Skill to evaluate the capabilities, limitations and tasking
methodologies of organic, theater, national, coalition
S0330 and other collection capabilities. Skill in evaluating collection capabilities.
Skill to express orally and in writing the relationship
between intelligence capability limitations and
decision-making risk and impacts on the overall
S0331 operation. Withdraw
Skill to extract information from available tools and Knowledge of inteliigence collection
S0332 applications associated with collection requirements operations management tools and
K00** and collection operations management. techniques
Skill to graphically depict decision support materials
containing intelligence and partner capability
S0333 estimates. Skill in determining capability estimates
Skill to graphically depict decision support materials
containing intelligence and partner capability
S0333_1 estimates. Skill in creating decision support materials
Skill to identify and apply tasking, collection,
processing, exploitation and dissemination to
S0334 associated collection disciplines. Withdraw
S0335 Skill to identify Intelligence gaps. Skill in identiying intelligence gaps

S0336 Skill to identify when priority information requirements Task: Determine if priority information
T00** are satisfied. requirements are satisfied
Skill to implement established procedures for
evaluating collection management and operations Skill in implementing established
S0337 activities. procedures.
Skill to implement established procedures for
evaluating collection management and operations Skill in evaluating collection management
S0337_1 activities. activities.
Skill to interpret planning guidance to discern level of
S0338 analytical support required. Skill in interpreting planning guidance.
Skill to interpret readiness reporting, its operational
S0339 relevance and intelligence collection impact. Skill in interpreting readiness reporting.
Skill to monitor target or threat situation and
S0340 environmental factors. Withdraw
Skill to monitor threat effects to partner capabilities Skill in monitoring threat effects to partner
S0341 and maintain a running estimate. capabilities
Skill to optimize collection system performance
through repeated adjustment, testing, and re-
S0342 adjustment. Withdraw
Skill to orchestrate intelligence planning teams,
coordinate collection and production support, and
S0343 monitor status. Skill in orchestrating planning teams
S0343_1 monitor status. Skill in coordinating collection support
S0343_2 monitor status. Skill in monitoring status
Skill to prepare and deliver reports, presentations and
briefings, to include using visual aids or presentation
S0344 technology. Skill in presenting to an audience.
Skill to relate intelligence resources/assets to
S0345 anticipated intelligence requirements. Withdraw
Skill in resolving conflicting intelligence
S0346 Skill to resolve conflicting collection requirements. collection requirements.
Skill to review performance specifications and Skill in analyzing performance
S0347 historical information about collection assets. specifications.
Skill to specify collections and/or taskings that must be
S0348 conducted in the near term. Skill in establishing timelines.
Skill to synchronize operational assessment
procedures with the critical information requirement
S0349 process. Withdraw
Skill to synchronize planning activities and required
S0350 intelligence support. Withdraw
Skill to translate the capabilities, limitations and
tasking methodologies of organic, theater, national,
S0351 coalition and other collection capabilities. Withdraw
Skill to use collaborative tools and environments for
S0352 collection operations. Withdraw
Skill to use systems and/or tools to track collection Skill in tracking intelligence collection
S0353 requirements and determine if they are satisfied. requirements.
Skill in creating policies that reflect the business’s core
S0354 privacy objectives. Skill in creating privacy policies
Skill in negotiating vendor agreements and evaluating
S0355 vendor privacy practices. Skill in negotiating vendor agreements.
Skill in negotiating vendor agreements and evaluating
S0355_1 vendor privacy practices. Skill in evaluating vendor privacy practices
Skill in communicating with all levels of management

including Board members (e.g., interpersonal skills,
approachability, effective listening skills, appropriate
S0356 use of style and language for the audience). Withdraw
S0357 Skill to anticipate new security threats. Skill in anticipating new security threats.
Skill to remain aware of evolving technical
S0358 infrastructures. Withdraw
Skill to use critical thinking to analyze organizational Skill in analyzing organizational patterns
S0359 patterns and relationships. and relationships
Skill to analyze and assess internal and external Skill in assessing partner operations
S0360 partner cyber operations capabilities and tools. capabilities.
Skill to analyze and assess internal and external
partner intelligence processes and the development of Skill in assessing partner intelligence
S0361 information requirements and essential information. processes.
partner intelligence processes and the development of Skill in developing information
S0361_1 information requirements and essential information. requirements.
partner organization capabilities and limitations (those
with tasking, collection, processing, exploitation and
S0362 dissemination responsibilities).
S0363 partner reporting. Skill in analyzing partner reports.
Skill to develop insights about the context of an Skill in assessing an organization's threat
S0364 organization’s threat environment environment.
Skill to design incident response for cloud service
S0365 models. Skill in designing incident response.
Skill to design incident response for cloud service
S0365_1 models. Skill in performing incident response.
Skill to identify successful capabilities to find solutions
S0366 to less common and more complex system problems. Skill in solving problems.
Skill to apply cybersecurity and privacy principles to

organizational requirements (relevant to confidentiality,
S0367 integrity, availability, authentication, non-repudiation). Withdraw
Skill to use risk scoring to inform performance-based
and cost-effective approaches to help organizations to
S0368 identify, assess, and manage cybersecurity risk. Withdraw
Skill to identify sources, characteristics, and uses of Skill in assessing an organization’s data
S0369 the organization’s data assets. assets.
Skill to use cyber defense Service Provider reporting Skill in utilizing cyber defence service
S0370 structure and processes within one’s own organization. provider information.
Skill to respond and take local actions in response to
S0371 threat sharing alerts from service providers. Skill in responding to threat reports.
Skill to translate, track, and prioritize information needs
and intelligence collection requirements across the Skill in managing intelligence collection
S0372 extended enterprise. requirements.
Skill to ensure that accountability information is

collected for information system and information and
communications technology supply chain infrastructure
S0373 components. Skill in analyzing supply chains
Skill to identify cybersecurity and privacy issues that
stem from connections with internal and external Skill in identifying cybersecurity issues in
S0374 customers and partner organizations. partner interconnections.
Skill to identify cybersecurity and privacy issues that
stem from connections with internal and external Skill in identifying privacy issues in partner
S0374_1 customers and partner organizations. interconnections.
Skill in developing information
S0375 Skill in developing information requirements. requirements.
Skill in troubleshooting network equipment (e.g., Skill in troubleshooting network
S0376 routers, switches). equipment.
Skill in developing curriculum standards, curriculum,
S0377 courses and learning activities. Skill in developing curriculum
Skill in developing curriculum standards, curriculum,
S0377_1 courses and learning activities. Skill in developing learning activities
Keep as Related
is Rewrite New Change Type Withdraw Reason for Withdrawal Statements
x S0087
x S0087
x S0087
x S0087
x Redundant S0056
x
S0367, K0044,
x Redundant K0295
x K0086
x Previously Withdrawn S0027
x
x
x
x
x S0030, S0112
K0035, S0045,
x S0155
x
x
x
x Redundant S0023
x S0025
K0091, T0061,
T0080, T0121,
x T0169
S0031, S0036,
x Redundant K0102
x S0042_1
x S0042_1
x
x
x S0150
x
x
x
x
x S0013, S0344
x S0040
x
x
x S0042
x Redundant S0156, K0062
x S0068
x
x Out of Scope
x S0050
x
x
x
K0194, K0526,
x S0243
x K0079
x S0058, K0079
x S0058, K0079
x S0107
x
x
x S0158
x
x x S0071
x S0075
x Redundant S0366
x Redundant K0609
x
K0077, K0060,
x K0573
x S0081
x
x
S0001_1, S0178,
x K0272
S0061, S107,
x Redundant T0080
x S0083
x S0083
x Redundant S0131
x K0254
x S0087
x S0075
x S0087
x
x
x

x
x Overly broad
S0017, S0017_1,
x Overly broad; redundant S0029
x S0015
x
x S0017
S0037, S0107,
x Redundant S0110, T0828
x S0116
x
x S0017
x S0120
x S0128
x S0129_1
x S0129
x
x S0087
x
T0048, T0241,
x K0123, K0156
x
x
x S0138
x
x
x
K0294, S0250,
x S0273, S0275
x Redundant S0155, S0155_1
x K0004
x S0148
x S0032, S0032_1
x
x Redundant S0155, S0155_1
x S0155_1
x S0155
x S0046
x S0067
x K0087
x K0087, S0159
x
x
Does not exist in any work

x roles; Redundant K0019, K0308
x Redundant S0066
S0001, S0001-1,
x Redundant S0081
x
x
x
x S0368
x S0182
x
x S0277
x S0177
x Redundant S0181
x Redundant S0187
x S0205
x
x Out of Scope
x Redundant S0187
x Redundant K0478
x
x Redundant S0197
x Redundant S0046, S0221
x T0276
x K0022, K0338
x K0022, K0338
x S0206_1
x S0206
x
x S0209_1
x S0209
x Redundant S0037
x S0211
x Redundant S0210
x
x S0215_1
x S0215
x Out of Scope
x S0217
x Redundant S0217
x S0046
x S0205
x S0205
x S0205
x Out of Scope
x Redundant S0205
x
x Redundant S0205
x
Lacks Clarity; Out of
x Scope
x Redundant S0205
Lacks Clarity; numerous

Knowledge statements
regarding various
protocols exist
x (redundant) K0001, K0034...
x S0294
x
S0281, S0243,
x Out of Scope S0055
x
x
x
x
x S0205
x S0344
x
Non-observable; Lacks
x Clarity K0532
x Redundant S0205
x Redundant S0205
x Redundant S0130
x S0258_1
x S0258
x S0205
x Redundant S0205
Non-observable; Lacks
x clarity
x Redundant S0205
x Out of Scope
x Out of Scope
x
x Out of Scope
x Redundant S0272
x Redundant S0250
x
x
x S0181, S0237
x Out of Scope
x Redundant S0205
x S0205
x
x S0282_1
x S0282
x
x
x S0220, S0288
x S0287
x Redundant S0187
x S0290
x S0294
x Overly broad
x
x A0069
K0012, K0044,
K0120, K0163,
K0164, K0169,
K0211, K0257,
K0263, K0404,
x S0010, S0152
x Redundant S0281
x Redundant S0281
x Redundant S0210
x Out of Scope
x Redundant S0205
x Redundant S0108
x Overly broad
x S0152
x Redundant A0013, S0070

x Redundant A0013, S0070
x S0313
x S0317
Non-observable; lacks
x clarity K0577
S0320_1
x S0320
x S0322
x S0323
x S0323
x S0328_1
x S0328
x
x Redundant S0070
x S0333
x Redundant S0330
x S0337_1
x S0337
x Redundant S0328
x Redundant S0155_1
x S0343
x S0343
x S0249
x Redundant S0321
x Redundant S0336 D0337

S0338, S0314,
x Redundant S0319
x Redundant S330
x Redundant K0380
x S0355_1
x S0355
x Redundant S0070
x
Non-observable; lacks
x clarity K0010, K0170
x S0361_1
x S0361
x Redundant S0360
x K0230, S0365_1
x S0365
K0004, K0044,
x Redundant K0295
x S0374_1
x S0374
x
x
x S0377_1
x S0377
Usage Notes Content
Related Work Roles (parentheticals)
OV-TEA-002,PR-VAM-
001,SP-RSK-002,SP-
DEV-002,SP-DEV-
001,SP-SYS-001
OV-TEA-002,PR-VAM-
001,SP-RSK-002,SP-
DEV-002,SP-DEV-
001,SP-SYS-001
OM-DTA-001
OM-DTA-001
PR-CIR-001
PR-CIR-001
PR-CIR-001
PR-CIR-001
OM-NET-001,OV-TEA-
002
SP-ARC-001,SP-ARC-
002,SP-SRP-001,SP-
TRD-001
OV-TEA-002,SP-RSK-
002,SP-SRP-001
PR-INF-001 (e.g., access control list).
PR-INF-001 (e.g., access control list).
SP-SRP-001
PR-VAM-001
SP-SRP-001
SP-SRP-001
OM-KMG-001
(e.g., map of knowledge
OM-KMG-001 repositories).
OM-DTA-002,OM-DTA-
001
OM-DTA-002,OM-DTA-
001
SP-DEV-001
SP-TST-001
OM-ADM-001
OM-DTA-002,SP-DEV-
001,SP-TRD-001
OM-DTA-002,SP-DEV-
001,SP-TRD-001
OV-MGT-001,OV-EXL-
001,SP-SYS-002
SP-DEV-001
PR-CDA-001
PR-CDA-001
(i.e., the types of data a test
must generate and how to
SP-TST-001 analyze that data).
SP-DEV-002,SP-DEV-
001,SP-ARC-002,SP-
SYS-001,SP-SYS-002
SP-SYS-001,SP-SYS-
002
OM-ANA-001,SP-ARC-
001,SP-ARC-002,SP-
SYS-001,SP-SYS-002
OM-ANA-001,SP-ARC-
001,SP-ARC-002,SP-
SYS-001,SP-SYS-002
PR-CDA-001,PR-VAM-
001,SP-SYS-002 (e.g., Snort).
PR-CDA-001,PR-VAM-
001,SP-SYS-002 (e.g., Snort).
SP-TST-001
OM-ANA-001,OV-MGT-
002,OV-MGT-001,PR-
CDA-001,SP-RSK-
002,SP-ARC-001,SP-
ARC-002
OM-DTA-002
OM-DTA-002
SP-TST-001
OM-ANA-001,SP-DEV-
002,SP-DEV-001,SP-
SYS-001,SP-SYS-002
IN-FOR-002,IN-FOR-001
OM-ADM-001
SP-RSK-001,SP-RSK-
002,SP-DEV-002,SP-
DEV-001,SP-SYS-
001,SP-SYS-002 (i.e., security controls)
OM-NET-001
OM-ANA-001,PR-CDA-
001,SP-SYS-001,SP-
SYS-002
OM-DTA-002,OM-DTA-
001
OV-PMA-002,OV-PMA-
005,OV-PMA-003,OV-
PMA-001,SP-RSK-002
OV-PMA-002,OV-PMA-
005,OV-PMA-003,OV-
PMA-001,SP-RSK-002
OM-STS-001
OM-NET-001
OM-NET-001
OM-NET-001
OM-NET-001
(i.e., backup, restore, delete
OM-DTA-001 data, transaction log files, etc.).
(e.g., Microsoft Active Directory,
OM-ADM-001 LDAP, etc.).
PR-VAM-001
OM-DTA-001
IN-FOR-001 (e.g., Wireshark, tcpdump).

IN-INV-001,IN-FOR-
002,IN-FOR-001,PR-
CIR-001
SP-TST-001
OM-KMG-001
SP-ARC-001,SP-ARC- (e.g., unified modeling
002,SP-SRP-001 language).
SP-ARC-001,SP-ARC- (e.g., unified modeling
002,SP-SRP-001 language).
OV-TEA-002,PR-VAM-
001
OV-TEA-002,PR-VAM- (e.g., phishing, baiting, tailgating,
001 etc.).
OV-TEA-002,PR-INF-001
PR-CDA-001,PR-INF-
001
OM-KMG-001,OV-TEA-
002
OM-NET-001,OV-TEA- (e.g., simple network

002 management protocol).
OV-TEA-002,PR-CDA-
001
OM-STS-001
OM-STS-001
OM-STS-001
OV-MGT-002,PR-INF-
001,SP-ARC-002
OM-DTA-002,OM-ANA-
001,OV-TEA-002,SP-
DEV-001,SP-ARC-
001,SP-SYS-002,SP-
TST-001 (e.g., Java, C++).
SP-ARC-002,SP-TST-
001
CO-OPS-001,IN-FOR-
002,IN-FOR-001
PR-CDA-001
OV-TEA-001,OV-TEA-
002
OV-TEA-001,OV-TEA-
002
IN-FOR-002,IN-FOR-001 (i.e., media forensics).


AN-EXP-001,OV-TEA-
001
(e.g., passwords, user accounts,

IN-FOR-002,IN-FOR-001 files).
IN-INV-001,IN-FOR-
002,IN-FOR-001
IN-INV-001,IN-FOR-
002,IN-FOR-001
IN-INV-001,IN-FOR-
002,IN-FOR-001
IN-INV-001,IN-FOR-
002,IN-FOR-001
OV-TEA-001,OV-TEA-
002
IN-FOR-002,IN-FOR-001 (e.g., EnCase, Sleuthkit, FTK).
IN-INV-001,SP-TRD-001
(e.g., Microsoft Hyper-V,

IN-FOR-002,IN-FOR- VMWare vSphere, Citrix
001,OM-ADM-001,OV- XenDesktop/Server, Amazon
TEA-002,SP-RSK-002 Elastic Compute Cloud, etc.).
IN-FOR-002,IN-FOR-
001,OV-TEA-002 (e.g., mobile device systems).
OM-ADM-001,OV-TEA- (e.g., software firewalls, antivirus

002,SP-ARC-002 software, anti-spyware).
OM-NET-001,PR-INF-
001,PR-CIR-001
PR-CDA-001,PR-CIR-
001,SP-RSK-002
(e.g., NIPS, anti-malware,
OM-NET-001,PR-INF- restrict/prevent external devices,
001,PR-CIR-001 spam filters).
PR-CIR-001
OV-TEA-002,PR-VAM-
001 (e.g., fuzzing, nmap, etc.).
SP-TST-001
SP-DEV-002
SP-DEV-002
SP-DEV-002
OM-NET-001,OV-TEA- (e.g., Firewalls, VPNs, network

002 intrusion detection systems).
OV-PMA-005,SP-SYS-
001,SP-SYS-002
IN-INV-001,OV-MGT-001
IN-FOR-002,IN-FOR-001 (e.g., malware forensics).

IN-FOR-002,IN-FOR- (e.g., Hexedit, command code
001,OM-DTA-002 xxd, hexdump).
(e.g., Secure Hash Algorithm
IN-FOR-002,IN-FOR- [SHA], Message Digest
001,OM-DTA-002 Algorithm [MD5]).
OM-DTA-002
(e.g., Exclusive Disjunction

[XOR], American Standard Code
for Information Interchange
[ASCII], Unicode, Base64,
Uuencode, Uniform Resource
OM-DTA-002 Locator [URL] encode).
PR-CDA-001 (e.g., snort).
PR-CDA-001 (e.g., snort).
OV-TEA-002,SP-RSK-
002,SP-SYS-002
OV-TEA-002
NA
OV-TEA-002,SP-RSK- (e.g., scenarios, instructional
002 games, interactive exercises).
(e.g., SmartBoards, websites,
computers, projectors) for
OV-TEA-002 instructional purposes.
OV-TEA-001
OM-DTA-002
SP-TST-001
NA
(e.g., imputation, dimensionality

reduction, normalization,
transformation, extraction,
OM-DTA-002 filtering, smoothing).
SP-TST-001
OV-SPP-001
OM-DTA-002
SP-RSK-002,SP-TST- (people, ranges, tools,

001 instrumentation)
OM-ADM-001,SP-RSK-
002
SP-RSK-002,SP-TST-
001
OM-DTA-002
OM-DTA-002
SP-RSK-002,SP-TST-
001
SP-ARC-002
SP-ARC-002
SP-TST-001
OM-DTA-002
(e.g., Hierarchical Stepwise,
Generalized Linear Model,
Ordinary Least Squares, Tree-
OM-DTA-002 Based Methods, Logistic).
PR-VAM-001,SP-RSK-
002
PR-VAM-001,SP-RSK-
002
(e.g., remove unnecessary

services, password policies,
network segmentation, enable
OV-TEA-002,PR-INF-001 logging, least privilege, etc.).
SP-ARC-001,SP-ARC-
002
(e.g., aggregation, enrichment,
OM-DTA-002 processing).
PR-INF-001,SP-RSK-002
(e.g., normality, model
OM-DTA-002 distribution, scatter plots).
(e.g., Excel, STATA SAS,
OM-DTA-002 SPSS).
OM-DTA-002
OV-SPP-001,SP-RSK-
002
OV-SPP-001,SP-RSK-
002
OM-DTA-002
OM-DTA-002
OM-DTA-002
IN-FOR-002,OV-TEA- R, Python, PIG, HIVE, SQL, etc.
002
IN-FOR-002
IN-FOR-002
SP-RSK-002,SP-SRP-
001
SP-RSK-002,SP-DEV- (e. g. unit, integration, system,
002,SP-DEV-001 acceptance).
(e.g., end-to-end systems
SP-RSK-002,SP-SYS- performance monitoring), and
002 tools.
(e.g., end-to-end systems
SP-RSK-002,SP-SYS- performance monitoring), and
002 tools.
PR-VAM-001,SP-RSK-
002
OV-MGT-002,SP-RSK-
002,SP-DEV-002,SP-
DEV-001,SP-ARC-002 (e.g., S/MIME email, SSL traffic).
OV-MGT-002,SP-RSK-
002,SP-DEV-002,SP-
DEV-001,SP-ARC-002 (e.g., S/MIME email, SSL traffic).
(e.g., Bell-LaPadula model, Biba
integrity model, Clark-Wilson
SP-ARC-002 integrity model).
SP-TRD-001
OM-ANA-001,SP-RSK-
002
OM-STS-001
OM-ADM-001
OM-ADM-001
OM-ADM-001
SP-RSK-002,SP-SYS-
001,SP-SYS-002
(e.g. traffic routing, SLA's, CPU

SP-SYS-002 specifications).
(e.g. traffic routing, SLA's, CPU

SP-SYS-002 specifications).
(e.g., CIS CSC, NIST SP 800-
OM-ANA-001,PR-CDA- 53, Cybersecurity Framework,
001,SP-RSK-002 etc.).
SP-TRD-001
SP-TRD-001
SP-DEV-001
OM-NET-001
OM-ADM-001 (i.e., servers)
SP-ARC-002 (i.e., security controls).
OM-ADM-001
(i.e., servers, appliances,
OM-ADM-001 network devices).
OM-ADM-001
OM-ADM-001
IN-FOR-002,OV-TEA-
002,PR-CDA-001
(e.g., recovery software, failover
OM-ADM-001 clusters, replication, etc.).
(e.g., account maintenance, data

backups, maintain system
performance, install and
configure new
OM-ADM-001 hardware/software).
OM-STS-001
OM-STS-001
OM-DTA-002,SP-SYS- (e.g., unified modeling
001,SP-SYS-002 language).
NA
OM-NET-001 (e.g., CIDR)
NA
Does not currently exist

in any work roles
NA
OV-TEA-001
OM-ANA-001,PR-CDA- (e.g., vulnerability and
001 compliance scanning).
SP-ARC-002
PR-CDA-001
OM-NET-001,SP-ARC- (e.g., hardware firewalls,
002 servers, routers, as appropriate).
PR-VAM-001,SP-RSK-
002
SP-RSK-002,SP-TRD-
001
PR-CIR-001,SP-RSK-
002
SP-RSK-002,SP-DEV-
002,SP-DEV-001
SP-RSK-002,SP-DEV-
002,SP-DEV-001
to include preparation of
functional and specific support
CO-OPL-001,CO-OPL- plans, preparing and managing
002,OV-SPP-002,SP- correspondence, and staffing
RSK-002 procedures.
AN-TGT-002,SP-RSK-
002
(e.g., router configuration files,
AN-TGT-002 routing protocols).
AN-LNG-001
NA
AN-TGT-002
CO-OPS-001
AN-TGT-002,CO-OPS-
001
AN-EXP-001,AN-LNG-
001,OV-TEA-002,SP-
RSK-002
CO-OPL-001,CO-OPL-
002,CO-OPL-003
CO-OPL-001,CO-OPL-
002,CO-OPL-003
(e.g., competing hypotheses;
chain of reasoning; scenario
methods; denial and deception
detection; high impact-low
probability; network/association
AN-LNG-001,AN-TGT- or link analysis; Bayesian,
001,AN-TGT-002 Delphi, and Pattern analyses).
(e.g., motivation, technical
capability, organizational
AN-LNG-001 structure, sensitivities).
AN-ASA-001,AN-ASA-
002,AN-TGT-001
CO-OPS-001
AN-TGT-002
CO-OPS-001
AN-LNG-001
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN-
TGT-002,AN-TWA-001
AN-LNG-001
AN-TGT-001,AN-TGT-
002,AN-TWA-001
AN-TGT-002
AN-LNG-001
AN-EXP-001
AN-EXP-001
(i.e., hot/warm/cold/alternative
AN-EXP-001 sites, disaster recovery).
CO-OPS-001,OM-DTA- (e.g., searching file systems)
002 and analysis.
CO-OPS-001,OM-DTA- (e.g., searching file systems)
002 and analysis.
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN-
TGT-002,AN-TWA-
001,CO-OPL-001
AN-EXP-001
AN-TGT-001,AN-TGT-
002
CO-OPS-001

in any work roles
AN-EXP-001
AN-TGT-001,AN-TGT-
002
CO-OPL-002

in any work roles
AN-LNG-001
AN-ASA-001,AN-ASA-
002,AN-TWA-001
AN-ASA-001,AN-ASA-
002,AN-TWA-001
AN-LNG-001
CO-OPL-001,CO-OPL-
002,CO-OPL-003
AN-EXP-001
AN-LNG-001

in any work roles
AN-ASA-002,AN-TGT-
001
AN-LNG-001,AN-TGT-
002
AN-ASA-001,AN-ASA-
002,AN-LNG-001,AN-
TGT-001,AN-TWA-
001,CO-OPL-001,CO-
OPL-002,CO-OPL-003
AN-TGT-002
AN-TGT-002
CO-OPS-001
AN-TGT-001,AN-TGT-
002
AN-EXP-001
AN-LNG-001
AN-TGT-002
AN-LNG-001
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN-
TWA-001
AN-ASA-002,AN-TGT-
001,AN-TGT-002,AN-
TWA-001
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN-
TGT-002,AN-TWA-001
NA
AN-TGT-002
AN-LNG-001,SP-RSK-
002
AN-LNG-001,SP-RSK-
002
AN-TGT-002,SP-RSK-
002
AN-LNG-001,SP-RSK-
002
AN-EXP-001,CO-OPS-
001,SP-RSK-002
AN-EXP-001,SP-RSK-
002
CO-CLO-001,SP-RSK-
002
AN-EXP-001,SP-RSK-
002
AN-EXP-001,SP-RSK-
002
AN-LNG-001,SP-RSK-
002
CO-OPS-001,SP-RSK-
002
CO-OPS-001,SP-RSK-
002 (e.g., Wiki page).
AN-LNG-001,AN-TGT-
002,SP-RSK-002
AN-EXP-001
AN-TGT-002
AN-EXP-001
AN-TGT-001,AN-TGT-
002,SP-RSK-002
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN-
TWA-001,CO-OPL-
001,CO-OPL-002,CO-
OPL-003,SP-RSK-002
CO-OPL-001,CO-OPL-
002,CO-OPL-003,OV-
SPP-002,SP-RSK-002
AN-LNG-001,SP-RSK-
002
CO-OPS-001,SP-RSK-
002
(e.g., language, cultural,
AN-LNG-001 communications).
AN-ASA-001,AN-ASA-
002,SP-RSK-002
CO-OPS-001
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN-
TGT-002,AN-TWA-001
CO-OPS-001
AN-EXP-001
AN-EXP-001
AN-LNG-001,AN-TGT-
002
AN-EXP-001
AN-TGT-002
AN-LNG-001,AN-TGT-
002
AN-TGT-002
AN-EXP-001
AN-LNG-001
CO-OPS-001 (e.g., C++, Python, etc.).
CO-OPS-001
CO-OPS-001
AN-TGT-002
AN-EXP-001
AN-EXP-001
(e.g., hex editing, binary

packaging utilities, debugging,
and strings analysis) to identify
CO-OPS-001,OV-TEA- function and ownership of
002 remote tools.
AN-ASA-002,OV-TEA-
002,SP-RSK-002
CO-OPL-001
CO-OPL-001,CO-OPL-
002,SP-RSK-002
AN-TGT-001,AN-TGT-
002
CO-OPS-001
CO-OPS-001
AN-LNG-001,AN-TGT-
002
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN-
TWA-001,CO-OPL-
001,SP-RSK-002
AN-EXP-001,SP-RSK-
002
(e.g., intrusions, dataflow or

processing, target
AN-TGT-002,SP-RSK- implementation of new
002 technologies).
CO-OPS-001,OV-TEA-
002,SP-RSK-002
CO-OPS-001
CO-OPS-001
AN-LNG-001
AN-LNG-001
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN-
TWA-001
AN-EXP-001
AN-TGT-001,AN-TGT-
002
AN-TGT-001,AN-TGT-
002
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN-
TWA-001
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN- (e.g., Google, Yahoo,
TWA-001 LexisNexis, DataStar)
AN-EXP-001,AN-LNG-
001
AN-EXP-001,AN-LNG-
001
AN-TGT-002
AN-ASA-002,AN-TGT-
001
AN-ASA-002,AN-TGT-
001
CO-OPS-001,OV-TEA-
002
AN-EXP-001
AN-EXP-001
CO-OPS-001 (online trade, DNS, mail, etc.).
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN-
TWA-001,CO-OPL-
001,CO-OPL-002,CO-
OPL-003,OV-TEA-
001,SP-RSK-002
AN-ASA-001,AN-ASA-
002,AN-TGT-001,AN-
TWA-001,CO-OPL-
001,CO-OPL-002,CO- (e.g., IWS, VTCs, chat rooms,
OPL-003 SharePoint).
(e.g., checksums, Exclusive OR,
secure hashes, check
CO-OPS-001 constraints, etc.).
CO-OPS-001
AN-EXP-001
AN-TGT-002,OV-TEA-
002
AN-TGT-001
AN-ASA-001,AN-ASA-
002,AN-TWA-001
CO-CLO-001,CO-CLO-
002,SP-RSK-002
CO-CLO-001,CO-CLO-
002,SP-RSK-002
CO-OPL-001,SP-RSK-
002
CO-OPL-001,SP-RSK-
002
CO-OPL-001
CO-OPL-001,CO-OPL-
002
CO-OPL-001
CO-CLO-001
CO-OPL-001,CO-OPL-
002
CO-CLO-001
CO-OPL-001
CO-OPL-001
CO-CLO-001,CO-CLO-
002
CO-CLO-001,CO-CLO-
002
CO-CLO-001,CO-CLO-
002
CO-OPL-001
CO-OPL-001
CO-OPL-001
CO-OPL-001
CO-OPL-001
CO-OPL-001,CO-OPL-
002
CO-OPL-001,CO-OPL-
002
CO-OPL-001
CO-OPL-001
CO-OPL-001
CO-CLO-001
CO-CLO-001,SP-RSK-
002
CO-OPL-002,CO-OPL-
003
CO-CLO-001,CO-CLO-
002
CO-CLO-001
CO-CLO-001
CO-CLO-002,SP-RSK-
002
CO-CLO-001,CO-CLO-
002
CO-OPL-001
CO-CLO-001,SP-RSK-
002
CO-OPL-001,CO-OPL-
002
CO-OPL-001,CO-OPL-
002
CO-CLO-001,CO-CLO-
002
CO-CLO-001,CO-CLO-
002
CO-CLO-001,CO-CLO-
002
CO-CLO-002
CO-CLO-002
CO-OPL-001
CO-CLO-001,CO-CLO-
002
CO-OPL-001
CO-OPL-001
CO-CLO-001
CO-OPL-001
CO-OPL-001
CO-OPL-001
CO-CLO-001,CO-CLO-
002
CO-OPL-001
CO-CLO-002
CO-CLO-001,CO-CLO-
002
CO-CLO-002
CO-OPL-002
CO-OPL-001
CO-CLO-001
CO-CLO-001,CO-CLO-
002
CO-CLO-002
OV-LGA-002
OV-LGA-002
OV-LGA-002
OV-EXL-001,OV-LGA-
001,OV-LGA-002,OV-
TEA-002
OV-EXL-001
OV-EXL-001,OV-TEA-
002
OV-EXL-001
AN-ASA-001,AN-ASA-
002,AN-TGT-001,CO-
OPL-001,CO-OPL-
002,CO-OPL-003
AN-TGT-001
AN-TGT-001
(those with tasking, collection,
CO-CLO-001,CO-CLO- processing, exploitation and
002 dissemination responsibilities).
CO-OPS-001
PR-VAM-001
OM-STS-001,PR-CIR-
001
OM-STS-001,PR-CIR-
001
OM-ANA-001,PR-CDA-
001,PR-INF-001,PR-
VAM-001,SP-RSK-
001,SP-RSK-002,SP-
DEV-002,SP-DEV-
001,SP-ARC-001,SP-
ARC-002,SP-SYS-
001,SP-SYS-002,SP-
SRP-001,SP-TST-001
OM-DTA-002
PR-CDA-001,SP-RSK-
002
OV-PMA-002,OV-PMA-
004,OV-PMA-005,OV-
PMA-003,OV-PMA-001
SP-RSK-002,SP-ARC-
001,SP-ARC-002
SP-RSK-002,SP-ARC-
001,SP-ARC-002
(e.g., routers, switches).
ID Statement Updated Statement
Knowledge of computer networking concepts

and protocols, and network security
K0001 methodologies. Knowledge of computer networking protocols.
Knowledge of risk management processes. (e.g.,

K0002 methods for assessing and mitigating risk) Knowledge of risk management processes
Knowledge of laws, regulations, policies, and

ethics as they relate to cybersecurity and Knowledge of cybersecurity laws and
K0003 privacy. regulations.

ethics as they relate to cybersecurity and Knowledge of cybersecurity policies and
K0003_1 privacy. procedures.
ethics as they relate to cybersecurity and
K0003_2 privacy. Knowledge of privacy laws and regulations.

ethics as they relate to cybersecurity and
K0003_4 privacy. Knowledge of privacy policies and procedures.
Knowledge of cybersecurity and privacy Knowledge of cybersecurity principles and

K0004 principles. practices.
Knowledge of cybersecurity and privacy

K0004_1 principles. Knowledge of privacy principles and practices.
K0005 Knowledge of cyber threats and vulnerabilities. Knowledge of cybersecurity threats
K0005_1 Knowledge of cyber threats and vulnerabilities. Knowledge of cybersecurity vulnerabilities
K0006 Knowledge of specific operational impacts of Task: Determine the operational impacts of
T00** cybersecurity lapses. cybersecurity lapses
Knowledge of authentication, authorization, and Knowledge of access control principles and
K0007 access control methods. practices
Knowledge of authentication, authorization, and Knowledge of authentication and authorization
K0007_1 access control methods. tools and techniques
Knowledge of applicable business processes and Knowledge of business operations standards
K0008 operations of customer organizations. and best practices
K0009 Knowledge of application vulnerabilities. Knowledge of application vulnerabilities
Knowledge of communication methods,

principles, and concepts that support the Knowledge of network infrastructure principles
K0010 network infrastructure. and practices
Knowledge of capabilities and applications of
network equipment including routers, switches,
bridges, servers, transmission media, and Knowledge of network equipment capabilities
K0011 related hardware. and applications
Knowledge of capabilities and requirements Knowledge of requirements analysis principles
K0012 analysis. and practices.
Knowledge of cyber defense and vulnerability Knowledge of cyber defense tools and
K0013 assessment tools and their capabilities. techniques.
Knowledge of cyber defense and vulnerability Knowledge of vulnerability assessment tools
K0013_1 assessment tools and their capabilities. and techniques.
Knowledge of complex data structure
K0014 Knowledge of complex data structures. capabilities and applications
Knowlege of computer algorithm capabilities
K0015 Knowledge of computer algorithms. and applications
Knowledge of programming principles and
K0016 Knowledge of computer programming principles practices
Knowledge of concepts and practices of Knowledge of digital forensic data principles and
K0017 processing digital forensic data. practices.
Knowlege of encryption algorithm capabilities
K0018 Knowledge of encryption algorithms and applications
Knowledge of cryptography and cryptographic Knowledge of cryptography principles and
K0019 key management concepts practices
Knowledge of cryptography and cryptographic Knowledge of cryptographic key management
K0019_1 key management concepts principles and practices.
Knowledge of data administration and data Knowledge of data administration policies and
K0020 standardization policies. procedures
Knowledge of data administration and data Knowledge of data standardization policies and
K0020_1 standardization policies. procedures
Knowledge of data backup and recovery policies
K0021 Knowledge of data backup and recovery. and procedures
Knowledge of data mining and data Knowledge of data warehousing principles and
K0022 warehousing principles. practices
Knowledge of data mining and data Knowledge of data mining principles and
K0022_1 warehousing principles. practices
Knowledge of database management systems, Knowledge of database management system
K0023 query languages, table relationships, and views. (DBMS) principles and practices
Knowledge of database management systems, Knowledge of database query language
K0023_1 query languages, table relationships, and views. capabilities and applications
Knowledge of database management systems, Knowledge of database schema capabilities and
K0023_2 query languages, table relationships, and views. applications
K0024 Knowledge of database systems. Knowledge of database systems and software

Knowledge of digital rights management (DRM)
K0025 Knowledge of digital rights management. tools and techniques
Knowledge of business continuity and disaster Knowledge of business continuity and disaster
K0026 recovery continuity of operations plans. recovery (BCDR) policies and procedures
Knowledge of organization's enterprise Knowledge of enterprise cybersecurity
K0027 information security architecture. architecture principles and practices
Knowledge of organization's evaluation and Knowledge of evaluation and validation
K0028 validation requirements. principles and practices
Knowledge of Local Area Network (LAN) and
Knowledge of organization's Local and Wide Wide Area Network (WAN) principles and
K0029 Area Network connections. practices
Knowledge of organization's Local and Wide Knowledge of Local Area Network (LAN) and
K0029_1 Area Network connections. Wide Area Network (WAN) protocols
Knowledge of electrical engineering as applied

to computer architecture. (e.g., circuit boards, Knowledge of electrical engineering principles
K0030 processors, chips, and computer hardware) and practices
Knowledge of enterprise messaging systems and Knowledge of enterprise communication
K0031 associated software. systems and software
Knowledge of resiliency and redundancy
K0032 Knowledge of resiliency and redundancy. principles and practices
Knowledge of host/network access control

mechanisms. (e.g., access control list, Knowledge of host access control (HAC) systems
K0033 capabilities lists) and software.
Knowledge of host/network access control

mechanisms. (e.g., access control list, Knowledge of network access control (NAC)
K0033_1 capabilities lists) systems and software
Knowledge of network services and protocols

interactions that provide network Knowledge of network communications
K0034 communications. principles and practices

interactions that provide network Knowledge of network service capabilities and
K0034_1 communications. applications

interactions that provide network
K0034_2 communications. Knowledge of network service protocols
Knowledge of installation, integration, and
K0035 optimization of system components. Withdraw
Knowledge of human-computer interaction Knowledge of human-computer interaction

K0036 principles. (HCI) principles and practices
Knowledge of Security Assessment and Knowledge of Security Assessment and
K0037 Authorization process. Authorization (SA&A) processes
principles used to manage risks related to the
use, processing, storage, and transmission of Knowledge of risk management principles and
K0038 information or data. practices
principles and methods that apply to software Knowledge of software development principles
K0039 development. and practices
Knowledge of vulnerability information

dissemination sources. (e.g., alerts, advisories,
K0040 errata, and bulletins). Knowledge of vulnerability data sources
Knowledge of incident categories, incident Knowledge of incident response principles and
K0041 responses, and timelines for responses. practices.
Knowledge of incident categories, incident Knowledge of incident response policies and
K0041_1 responses, and timelines for responses. procedures
Knowledge of incident response and handling Knowledge of incident response tools and
K0042 methodologies. techniques
Knowledge of incident response and handling Knowledge of incident handling principles and
K0042_1 methodologies. practices
Knowledge of incident response and handling Knowledge of incident handling tools and
K0042_2 methodologies. techniques
Knowledge of industry-standard and

organizationally accepted analysis principles and Knowledge of analysis standards and best
K0043 methods. practices.

principles and organizational requirements.
(relevant to confidentiality, integrity, Knowledge of Confidentiality, Integrity and
K0044 availability, authentication, non-repudiation) Availability (CIA) principles and practices

principles and organizational requirements.
(relevant to confidentiality, integrity, Knowledge of non-repudiation principles and
K0044_1 availability, authentication, non-repudiation) practices
Knowledge of information security systems Knowledge of systems security engineering
K0045 engineering principles. (NIST SP 800-160) (SSE) principles and practices
Knowledge of intrusion detection

methodologies and techniques for detecting Knowledge of intrusion detection tools and
K0046 host and network-based intrusions. techniques
Knowledge of information technology (IT) Knowledge of information technology (IT)
K0047 architectural concepts and frameworks. architecture models and frameworks.
Knowledge of Risk Management Framework Knowledge of Risk Management Framework
K0048 (RMF) requirements. (RMF) requirements
Knowledge of Risk Management Framework Knowledge of risk management models and
K0048 (RMF) requirements. frameworks
Knowledge of information technology (IT)
security principles and methods. (e.g., firewalls, Knowledge of information technology (IT)
K0049 demilitarized zones, encryption) security principles and practices
Knowledge of local area and wide area

networking principles and concepts including Knowledge of bandwidth management tools
K0050 bandwidth management. and techniques
Knowledge of low-level computer languages. Knowledge of low-level programming
K0051 (e.g., assembly languages) languages.
Knowledge of mathematics. (e.g. logarithms,

trigonometry, linear algebra, calculus, statistics, Knowledge of mathematics principles and
K0052 and operational analysis) practices
Knowledge of measures or indicators of system
K0053 performance and availability. Knowledge of system performance indicators.
Knowledge of measures or indicators of system
K0053_1 performance and availability. Knowledge of system availability measures.
Knowledge of current industry methods for

evaluating, implementing, and disseminating
information technology (IT) security
assessment, monitoring, detection, and
remediation tools and procedures utilizing
K0054 standards-based concepts and capabilities. Withdraw
K0055 Knowledge of microprocessors. Knowledge of microprocessors.
Knowledge of network access, identity, and Knowlege of identity and access management
K0056 access management. (IAM) principles and practices
Knowledge of network hardware devices and Knowledge of network hardware capabilities
K0057 functions. and applications
Knowledge of network traffic analysis tools and
K0058 Knowledge of network traffic analysis methods. techniques
Knowledge of new and emerging information

K0059 technology (IT) and cybersecurity technologies. Knowledge of new and emerging technologies
Knowledge of operating system (OS) systems

K0060 Knowledge of operating systems. and software
Knowledge of how traffic flows across the

network. (e.g., Transmission Control Protocol
[TCP] and Internet Protocol [IP], Open System
Interconnection Model [OSI], Information
Technology Infrastructure Library, current
K0061 version [ITIL]) Knowledge of network traffic protocols
Knowledge of packet-level analysis tools and
K0062 Knowledge of packet-level analysis. techniques
Knowledge of parallel and distributed Knowledge of parallel and distributed
K0063 computing concepts. computing principles and practices
Knowledge of performance tuning tools and Knowledge of performance tuning tools and
K0064 techniques. techniques
Knowledge of policy-based and risk adaptive
K0065 access controls. Knowledge of policy-based access controls
Knowledge of policy-based and risk adaptive Knowledge of Risk Adaptive (Adaptable) Access
K0065_1 access controls. Controls (RAdAC)
Knowledge of Privacy Impact Assessment (PIA)
K0066 Knowledge of Privacy Impact Assessments. principles and practices
Knowledge of process engineering principles
K0067 Knowledge of process engineering concepts. and practices
Knowledge of programming language structures Knowledge of programming language structures
K0068 and logic. and logic.
Knowledge of query languages such as SQL
K0069 (structured query language). Knowledge of query languages.
Knowledge of system and application security

threats and vulnerabilities. (e.g., buffer
overflow, mobile code, cross-site scripting,
Procedural Language/Structured Query
Language [PL/SQL] and injections, race
conditions, covert channel, replay, return-
K0070 oriented attacks, malicious code). Knowledge of system threats
Knowledge of system and application security

threats and vulnerabilities. (e.g., buffer
overflow, mobile code, cross-site scripting,
Procedural Language/Structured Query
Language [PL/SQL] and injections, race
K0070_1 oriented attacks, malicious code). Knowledge of system vulnerabilities.
Knowledge of remote access technology Knowledge of remote access principles and
K0071 concepts. practices
Knowledge of resource management principles Knowledge of resource management principles
K0072 and techniques. and practices
Knowledge of secure configuration

management techniques. (e.g., Security
Technical Implementation Guides (STIGs), Knowledge of configuration management (CM)
K0073 cybersecurity best practices on cisecurity.org). tools and techniques.
Knowledge of key concepts in security

management. (e.g., Release Management, Knowledge of security management principles
K0074 Patch Management) and practices
Knowledge of security system design tools, Knowledge of system design tools and
K0075 methods, and techniques. techniques.
Knowledge of server administration and
systems engineering theories, concepts, and Knowledge of server administration principles
K0076 methods.
Knowledge of server and client operating and practices
K0077 systems. Knowledge of client and server architecture
Knowledge of server diagnostic tools and fault Knowledge of server diagnostic tools and
K0078 identification techniques. techniques.
Knowledge of server diagnostic tools and fault Knowledge of Fault Detection and Diagnostics
K0078_1 identification techniques. (FDD) tools and techniques.
Knowledge of software debugging principles
K0079 Knowledge of software debugging principles. and practices
Knowledge of software design tools, methods, Knowledge of software design tools and
K0080 and techniques. techniques
Knowledge of software development models. Knowledge of software development models
K0081 (e.g., Waterfall Model, Spiral Model) and frameworks
Knowledge of software engineering principles
K0082 Knowledge of software engineering. and practices
Knowledge of sources, characteristics, and uses Knowledge of data asset management
K0083 of the organization's data assets. principles and practices
Knowledge of structured analysis principles and Knowledge of structured analysis principles and
K0084 methods. practices
WITHDRAWN: Knowledge of system and
K0085 application security threats and vulnerabilities. Withdraw
Knowledge of system design tools, methods,

and techniques, including automated systems Knowledge of automated systems analysis tools
K0086 analysis and design tools. and techniques
Knowledge of system software and

organizational design standards, policies, and
authorized approaches relating to system
design. (e.g., International Organization for Knowledge of system design standards and best
K0087 Standardization [ISO] guidelines) practices
Knowledge of system software and

organizational design standards, policies, and
authorized approaches relating to system
design. (e.g., International Organization for Knowledge of system design policies and
K0087_1 Standardization [ISO] guidelines) practices
Knowledge of system administration principles
K0088 Knowledge of systems administration concepts. and practices
Knowledge of systems diagnostic tools and fault
K0089 identification techniques. Withdraw
Knowledge of system life cycle management

principles, including software security and Knowledge of system life cycle management
K0090 usability. principles and practices
Knowledge of systems testing and evaluation Knowledge of systems testing and evaluation
K0091 methods. tools and techniques
K0092 Knowledge of technology integration processes. Knowledge of technology integration processes
Knowledge of telecommunications concepts.

(e.g., Communications channel, Systems Link Knowledge of telecommunications principles
K0093 Budgeting, Spectral efficiency, Multiplexing) and practices
Knowledge of the capabilities and functionality

associated with content creation technologies.
(e.g., wikis, social networking, content Knowledge of content creation tools and
K0094 management systems, blogs) techniques

associated with various technologies for
organizing and managing information. (e.g., Knowledge of information management tools
K0095 databases, bookmarking engines) and techniques

of various collaborative technologies. (e.g., Knowledge of collaboration tools and
K0096 groupware, SharePoint) techniques
Knowledge of the characteristics of physical and Knowledge of data storage media
K0097 virtual data storage media. characteristics
Knowledge of the cyber defense Service

K0098 Provider reporting structure and processes Task: Review cyber defense service provider
T00** within one's own organization. reporting structure
WITHDRAWN: Knowledge of the common
networking protocols (e.g., TCP/IP), services
(e.g., web, mail, Domain Name Server), and how
they interact to provide network
K0099 communications. Withdraw
Knowledge of enterprise information
Knowledge of the enterprise information technology (IT) architecture principles and
K0100 technology (IT) architecture. practices
Knowledge of the organization's enterprise
K0101 information technology (IT) goals and Task: Review enterprise information technology
T00** objectives. (IT) goals and objectives
K0102 Knowledge of the systems engineering process. Knowledge of systems engineering processes
Knowledge of the type and frequency of routine Knowledge of hardware maintenance policies
K0103 hardware maintenance. and procedures
Knowledge of Virtual Private Network (VPN) Knowledge of virtual private network (VPN)
K0104 security. systems and software
Knowledge of web services. (e.g., service-

oriented architecture, Simple Object Access
K0105 Protocol, and web service description language) Knowledge of web service protocols
Knowledge of what constitutes a network attack
and a network attack's relationship to both
K0106 threats and vulnerabilities. Knowledge of network attack characteristics
Knowledge of Insider Threat investigations,

reporting, investigative tools and Knowledge of insider threat laws and
K0107 laws/regulations. regulations
Knowledge of Insider Threat investigations,

reporting, investigative tools and Knowledge of insider threat tools and
K0107_1 laws/regulations. techniques
Knowledge of concepts, terminology, and

operations of a wide range of communications
media (computer and telephone networks,
K0108 satellite, fiber, wireless). Withdraw
Knowledge of physical computer components

and architectures, including the functions of
various components and peripherals (e.g., CPUs,
K0109 Network Interface Cards, data storage). Knowledge of physical computer components
Knowledge of physical computer components

and architectures, including the functions of
various components and peripherals (e.g., CPUs,
K0109_1 Network Interface Cards, data storage). Knowledge of computer peripherals
Knowledge of adversarial tactics, techniques, Knowledge of adversarial tactics principles and
K0110 and procedures. practices
Knowledge of adversarial tactics, techniques, Knowledge of adversarial tactics tools and
K0110_1 and procedures. techniques
Knowledge of adversarial tactics, techniques, Knowledge of adversarial tactics policies and
K0110_2 and procedures. procedures
Knowledge of network tools (e.g., ping,
K0111 traceroute, nslookup) Knowledge of network tools and techniques
Knowledge of defense-in-depth principles and Knowledge of defense-in-depth principles and
K0112 network security architecture. practices
Knowledge of different types of network

communication (e.g., LAN, WAN, MAN, WLAN,
K0113 WWAN). Knowledge of network configurations
Knowledge of electronic devices (e.g., computer
systems/components, access control devices,
digital cameras, digital scanners, electronic
organizers, hard drives, memory cards,
modems, network components, networked
appliances, networked home control devices,
printers, removable storage devices,
K0114 telephones, copiers, facsimile machines, etc.). Withdraw
Knowledge that technology that can be
K0115 exploited. Withdraw
Knowledge of file extensions (e.g., .dll, .bat, .zip,
K0116 .pcap, .gzip). Knowledge of file extensions
Knowledge of file system implementations (e.g.,

New Technology File System [NTFS], File Knowledge of file system implementation
K0117 Allocation Table [FAT], File Extension [EXT]). principles and practices
Knowledge of processes for seizing and Knowledge of digital evidence seizure policies
K0118 preserving digital evidence. and procedures
Knowledge of processes for seizing and Knowledge of digital evidence preservation
K0118_1 preserving digital evidence. policies and procedures
Knowledge of ethical hacking tools and
K0119 Knowledge of hacking methodologies. techniques
Knowledge of how information needs and

collection requirements are translated, tracked,
K0120 and prioritized across the extended enterprise. Withdraw
Knowledge of information security program

management and project management Knowledge of program management principles
K0121 principles and techniques. and practices
Knowledge of information security program

management and project management Knowledge of project management principles
K0121_1 principles and techniques. and practices
Knowledge of investigative implications of

hardware, Operating Systems, and network
K0122 technologies. Withdraw
Knowledge of legal governance related to Knowledge of evidence admissibility laws and
K0123 admissibility (e.g. Rules of Evidence). regulations
Knowledge of multiple cognitive domains and

tools and methods applicable for learning in Knowledge of cognitive domain models and
K0124 each domain. frameworks
Knowledge of processes for collecting,

packaging, transporting, and storing electronic Knowledge of chain of custody policies and
K0125 evidence while maintaining chain of custody. procedures
Knowledge of Supply Chain Risk Management Knowledge of supply chain risk management
K0126 Practices (NIST SP 800-161) principles and practices
Knowledge of the nature and function of the

relevant information structure (e.g., National
K0127 Information Infrastructure). Withdraw
Knowledge of types and collection of persistent Knowledge of persistent data principles and
K0128 data. practices
Knowledge of command-line tools (e.g., mkdir, Knowledge of command-line tools and
K0129 mv, ls, passwd, grep). techniques
Knowledge of virtualization technologies and Knowledge of virtualization tools and
K0130 virtual machine development and maintenance. techniques
K0130_1 Knowledge of virtualization technologies and
S00** virtual machine development and maintenance. Skill in developing virtual machines
K0130_2 Knowledge of virtualization technologies and
S00** virtual machine development and maintenance. Skill in maintaining virtual machines
Knowledge of web mail collection,

searching/analyzing techniques, tools, and
K0131 cookies. Knowledge of web mail tools and techniques.
Knowledge of which system files (e.g., log files,
registry files, configuration files) contain
relevant information and where to find those
K0132 system files. Knowledge of system file characteristics
Knowledge of which system files (e.g., log files,
registry files, configuration files) contain
K0132_ relevant information and where to find those
S00** system files. Skill in finding system files
Knowledge of types of digital forensics data and Knowledge of digital forensics data
K0133 how to recognize them. characteristics
K0133_1 Knowledge of types of digital forensics data and
S00** how to recognize them. Skill in recognizing digital forensics data
Knowledge of deployable forensics principles
K0134 Knowledge of deployable forensics. and practices
Knowledge of web filtering systems and
K0135 Knowledge of web filtering technologies. software
Knowledge of the capabilities of different

electronic communication systems and methods
(e.g., e-mail, VOIP, IM, web forums, Direct Video Knowledge of digital communication systems
K0136 Broadcasts). and software
Knowledge of the range of existing networks
K0137 (e.g., PBX, LANs, WANs, WIFI, SCADA). Withdraw
K0138 Knowledge of Wi-Fi. Withdraw
Knowledge of interpreted and compiled Knowledge of interpreted and compiled
K0139 computer languages. programming
Knowledge of languages
secure coding tools and
K0140 Knowledge of secure coding techniques. techniques
K0141 WITHDRAWN: Integrated into K0420 Withdraw

Knowledge of collection management Knowledge of intelligence collection
K0142 processes, capabilities, and limitations. management principles and practices
Knowledge of front-end collection systems,

including traffic collection, filtering, and Knowledge of front-end intelligence collection
K0143 selection. systems and software
Knowledge of social dynamics of computer
K0144 attackers in a global context.
Knowledge of event correlation tools and
K0145 Knowledge of security event correlation tools. techniques.
Knowledge of the organization's core

K0146 business/mission processes. Withdraw
Knowledge of emerging security issues, risks, Knowledge of new and emerging cybersecurity
K0147 and vulnerabilities. risks
Knowledge of import/export control regulations

and responsible agencies for the purposes of Knowledge of import and export control laws
K0148 reducing supply chain risk. and regulations

and responsible agencies for the purposes of
K0148_1 reducing supply chain risk. Knowledge of supply chain risks

and responsible agencies for the purposes of Knowledge of federal agency roles and
K0148_2 reducing supply chain risk. responsibilities
Knowledge of organization's risk tolerance Knowledge of risk tolerance principles and
K0149 and/or risk management approach. practices
Knowledge of enterprise incident response Knowledge of enterprise incident response
K0150 program, roles, and responsibilities. policies and procedures
Knowledge of enterprise incident response Knowledge of incident response roles and
K0150_1 program, roles, and responsibilities. responsibilities
Knowledge of current and emerging
K0151 threats/threat vectors. Knowledge of threat vector characteristics
Knowledge of software related information
technology (IT) security principles and methods
(e.g., modularization, layering, abstraction, data Knowledge of software security principles and
K0152 hiding, simplicity/minimization). practices
Knowledge of software quality assurance Knowledge of software quality assurance (SQA)
K0153 process. principles and practices
Knowledge of supply chain risk management Knowledge of supply chain risk management
K0154 standards, processes, and practices. standards and best practices
K0155 Knowledge of electronic evidence law. Withdraw
Knowledge of legal rules of evidence and court
K0156 procedure. Withdraw
Knowledge of cyber defense and information
K0157 security policies, procedures, and regulations. Withdraw
Knowledge of organizational information
technology (IT) user security policies (e.g.,
account creation, password rules, access Knowledge of account creation policies and
K0158 control). procedures
Knowledge of organizational information
technology (IT) user security policies (e.g.,
account creation, password rules, access
K0158_1 control). Knowledge of password policies and procedures
K0159 Knowledge of Voice over IP (VoIP). Knowledge of Voice over IP (VoIP)
Knowledge of the common attack vectors on
K0160 the network layer. Knowledge of network attack vectors
Knowledge of different classes of attacks (e.g.,

passive, active, insider, close-in, distribution
K0161 attacks). Knowledge of cyberattack characteristics
Knowledge of cyber attackers (e.g., script

kiddies, insider threat, non-nation state
K0162 sponsored, and nation sponsored). Knowledge of cyberattack actor characteristics
Knowledge of critical information technology Knowledge of technology procurement
K0163 (IT) procurement requirements. principles and practices
K0163_1 Knowledge of critical information technology Task: Identify critical technology procurement
T00** (IT) procurement requirements. requirements
Knowledge of functionality, quality, and security
requirements and how these will apply to
specific items of supply (i.e., elements and
K0164 processes). Withdraw
Knowledge of risk assessment principles and
K0165 Knowledge of risk/threat assessment. practices
Knowledge of threat assessment principles and
K0165_1 Knowledge of risk/threat assessment. practices
WITHDRAWN: Knowledge of the nature and
K0166 function of the relevant information structure. Withdraw
Knowledge of system administration, network,
K0167 and operating system hardening techniques. Knowledge of hardening tools and techniques
Knowledge of applicable laws, statutes (e.g., in

Titles 10, 18, 32, 50 in U.S. Code), Presidential
Directives, executive branch guidelines, and/or
administrative/criminal legal guidelines and
K0168 procedures. Withdraw
supply chain security and supply chain risk
management policies, requirements, and Knowledge of supply chain risk management
K0169 procedures. policies and procedures
Knowledge of critical infrastructure systems

with information communication technology
that were designed without system security Knowledge of critical infrastructure systems and
K0170 considerations. software
Knowledge of hardware reverse engineering Knowledge of hardware reverse engineering
K0171 techniques. tools and techniques.
Knowledge of middleware (e.g., enterprise Knowledge of middleware software capabilities
K0172 service bus and message queuing). and applications
WITHDRAWN: Integrated into K0499 (prior to
K0173 draft SP 800-181) Withdraw
K0174 Knowledge of networking protocols. Knowledge of network protocols
Knowledge of software reverse engineering Knowledge of software reverse engineering
K0175 techniques. tools and techniques.
Knowledge of Extensible Markup Language Knowledge of Extensible Markup Language
K0176 (XML) schemas. (XML) schemas
Knowledge of cyber attack stages (e.g.,

reconnaissance, scanning, enumeration, gaining
access, escalation of privileges, maintaining
K0177 access, network exploitation, covering tracks). Knowledge of cyberattack stages
Knowledge of secure software deployment Knowledge of secure software deployment
K0178 methodologies, tools, and practices. principles and practices
Knowledge of secure software deployment Knowledge of secure software deployment tools
K0178_1 methodologies, tools, and practices. and techniques
Knowledge of network security architecture

concepts including topology, protocols,
components, and principles (e.g., application of Knowledge of network security architecture
K0179 defense-in-depth). principles and practices
Knowledge of network systems management

principles, models, methods (e.g., end-to-end Knowledge of network systems management
K0180 systems performance monitoring), and tools. principles and practices
Knowledge of network systems management
principles, models, methods (e.g., end-to-end Knowledge of network systems management
K0180_1 systems performance monitoring), and tools. tools and techniques
WITHDRAWN: Knowledge of transmission

records (e.g., Bluetooth, Radio Frequency
Identification [RFID], Infrared Networking [IR],
Wireless Fidelity [Wi-Fi]. paging, cellular,
satellite dishes), and jamming techniques that
enable transmission of undesirable information,
or prevent installed systems from operating
K0181 correctly. (See K0274) Withdraw
Knowledge of data carving tools and techniques
K0182 (e.g., Foremost). Knowledge of data carving tools and techniques
Knowledge of reverse engineering principles
K0183 Knowledge of reverse engineering concepts. and practices
Knowledge of anti-forensics tactics, techniques, Knowledge of anti-forensics tools and
K0184 and procedures. techniques
Knowledge of forensics lab design configuration

and support applications (e.g., VMWare, Knowledge of forensics lab design principles and
K0185 Wireshark). practices
Knowledge of forensics lab design configuration

and support applications (e.g., VMWare, Knowledge of forensics lab design systems and
K0185_1 Wireshark). software
K0186 Knowledge of debugging procedures and tools. Knowledge of debugging tools and techniques
Knowledge of file type abuse by adversaries for
K0187 anomalous behavior. Knowledge of filename extension abuse
K0187_1 Knowledge of file type abuse by adversaries for
S00** anomalous behavior. Skill in identifying filename extension abuse
Knowledge of malware analysis tools (e.g., Oily Knowledge of malware analysis tools and
K0188 Debug, Ida Pro). techniques
Knowledge of malware with virtual machine

detection (e.g. virtual aware malware, debugger
aware malware, and unpacked malware that
looks for VM-related strings in your computer's Knowledge of virtual machine detection tools
K0189 display device). and techniques
K0190 Knowledge of encryption methodologies. Knowledge of encryption tools and techniques
Knowledge of signature implementation impact Knowledge of malware signature principles and
K0191 for viruses, malware, and attacks. practices
Knowledge of network port capabiliities and
K0192 Knowledge of Windows/Unix ports and services. applications
Knowledge of advanced data remediation Knowledge of data remediation tools and
K0193 security features in databases. techniques
Knowledge of Cloud-based knowledge
management technologies and concepts related
to security, governance, procurement, and Knowledge of cloud computing principles and
K0194 administration. practices

to security, governance, procurement, and Knowledge of knowledge management
K0194_1 administration. principles and practices

to security, governance, procurement, and Knowledge of knowledge management tools
K0194_2 administration. and techniques
Knowledge of data classification standards and

methodologies based on sensitivity and other Knowledge of data classification standards and
K0195 risk factors. best practices
Knowledge of data classification standards and

methodologies based on sensitivity and other Knowledge of data classification tools and
K0195_1 risk factors. techniques
Knowledge of Import/Export Regulations
related to cryptography and other security
Knowledge of database access application

programming interfaces (e.g., Java Database Knowledge of database application
K0197 Connectivity [JDBC]). programming interfaces (APIs)
Knowledge of organizational process

improvement concepts and process maturity
models (e.g., Capability Maturity Model
Integration (CMMI) for Development, CMMI for Knowledge of process improvement principles
K0198 Services, and CMMI for Acquisitions). and practices
Knowledge of organizational process

improvement concepts and process maturity
models (e.g., Capability Maturity Model
Integration (CMMI) for Development, CMMI for Knowledge of process maturity models and
K0198_1 Services, and CMMI for Acquisitions). frameworks
Knowledge of security architecture concepts
and enterprise architecture reference models
(e.g., Zachman, Federal Enterprise Architecture Knowledge of enterprise architecture (EA)
K0199 [FEA]). reference models and frameworks.
Knowledge of security architecture concepts
and enterprise architecture reference models
(e.g., Zachman, Federal Enterprise Architecture Knowledge of enterprise architecture (EA)
K0199_1 [FEA]). principles and practices
Knowledge of service management concepts for
networks and related standards (e.g.,
Information Technology Infrastructure Library, Knowledge of service management principles
K0200 current version [ITIL]). and practices
Knowledge of service management concepts for

networks and related standards (e.g.,
Information Technology Infrastructure Library, Knowledge of service management standards
K0200_1 current version [ITIL]). and best practices
Knowledge of symmetric key rotation Knowledge of key management service (KMS)
K0201 techniques and concepts. principles and practices
Knowledge of symmetric key rotation Knowledge of symmetric encryption principles
K0201_1 techniques and concepts. and practices
Knowledge of symmetric key rotation Knowledge of key management service (KMS)

K0201_2 techniques and concepts. key rotation policies and procedures
Knowledge of the application firewall concepts

and functions (e.g., Single point of
authentication/audit/policy enforcement,
message scanning for malicious content, data
anonymization for PCI and PII compliance, data
loss protection scanning, accelerated
cryptographic operations, SSL security, Knowledge of application firewall principles and
K0202 REST/JSON processing). practices
Knowledge of the application firewall concepts

and functions (e.g., Single point of
authentication/audit/policy enforcement,
message scanning for malicious content, data
anonymization for PCI and PII compliance, data
loss protection scanning, accelerated
cryptographic operations, SSL security, Knowledge of network firewall principles and
K0202 REST/JSON processing). practices
Knowledge of security models (e.g., Bell-

LaPadula model, Biba integrity model, Clark-
K0203 Wilson integrity model). Knowledge of security models and frameworks
Knowledge of security models (e.g., Bell-

LaPadula model, Biba integrity model, Clark- Knowledge of access control models and
K0203_1 Wilson integrity model). frameworks
Knowledge of learning assessment techniques Knowledge of learning assessment tools and
K0204 (rubrics, evaluation plans, tests, quizzes). techniques
Knowledge of basic system, network, and OS
K0205 hardening techniques. Withdraw
Knowledge of ethical hacking principles and Knowledge of ethical hacking principles and
K0206 techniques. practices
Knowledge of circuit analysis tools and
K0207 Knowledge of circuit analysis. techniques
Knowledge of computer based training and e-
K0208 learning services. Withdraw
Knowledge of covert communication Knowledge of covert communication tools and
Knowledge of data backup and restoration
K0210 concepts. Withdraw
Knowledge of confidentiality, integrity, and
K0211 availability requirements. Withdraw
Knowledge of cybersecurity-enabled software
K0212 products. Withdraw
Knowledge of instructional design and

evaluation models (e.g., ADDIE, Smith/Ragan
model, Gagne's Events of Instruction, Knowledge of instructional design principles and
K0213 Kirkpatrick's model of evaluation). practices
Knowledge of instructional design and

evaluation models (e.g., ADDIE, Smith/Ragan
model, Gagne's Events of Instruction, Knowledge of instructional design models and
K0213_1 Kirkpatrick's model of evaluation). frameworks
Knowledge of the Risk Management Framework
K0214 Assessment Methodology. Withdraw
K0215 Knowledge of organizational training policies. Knowledge of training policies and procedures
Knowledge of learning levels (i.e., Bloom's
K0216 Taxonomy of learning). Knowledge of Bloom's Taxonomy learning levels
Knowledge of Learning Management Systems Knowledge of learning management system
K0217 and their use in managing learning. (LMS) systems and software
Knowledge of learning styles (e.g., assimilator,
K0218 auditory, kinesthetic). Withdraw
WITHDRAWN: Knowledge of local area network

(LAN) and wide area network (WAN) principles.
K0219 (See K0050) Withdraw
Knowledge of modes of learning (e.g., rote
K0220 learning, observation). Knowledge of learning modes
Knowledge of OSI model and underlying Knowledge of the Open Systems Interconnect
K0221 network protocols (e.g., TCP/IP). (OSI) reference model
Knowledge of relevant laws, legal authorities,

restrictions, and regulations pertaining to cyber Knowledge of cyber defence laws and
K0222 defense activities. regulations
Knowledge of system administration concepts

for operating systems such as but not limited to
Unix/Linux, IOS, Android, and Windows
K0224 operating systems. Withdraw
WITHDRAWN: Knowledge of the common

networking protocol and services deployed at
K0225 CC/S/A. (See K0565) Withdraw
K0226 Knowledge of organizational training systems. Knowledge of training systems and software
Knowledge of various types of computer Knowledge of computer architecture principles
K0227 architectures. and practices
Knowledge of taxonomy and semantic ontology Knowledge of taxonomy models and
K0228 theory. frameworks
Knowledge of taxonomy and semantic ontology Knowledge of semantic ontology models and
K0228_1 theory. frameworks
Knowledge of applications that can log errors,
K0229 exceptions, and application faults and logging. Knowledge of logging tools and technologies
Knowledge of cloud service models and how Knowledge of cloud service models and
K0230 those models can limit incident response. frameworks
Knowledge of crisis management protocols,
K0231 processes, and techniques. Knowledge of crisis management protocols
Knowledge of crisis management protocols,
K0231_1 processes, and techniques. Knowledge of crisis management processes
Knowledge of crisis management protocols, Knowledge of crisis management tools and
K0231_2 processes, and techniques. techniques
WITHDRAWN: Knowledge of critical protocols
K0232 (e.g., IPSEC, AES, GRE, IKE). Withdraw
Knowledge of the National Cybersecurity

Workforce Framework, work roles, and Knowledge of the NIST National Cybersecurity
K0233 associated tasks, knowledge, skills, and abilities. Workforce Framework
Knowledge of full spectrum cyber capabilities
K0234 (e.g., defense, attack, exploitation). Withdraw
Knowledge of how to leverage research and

development centers, think tanks, academic
K0235 research, and industry systems. Withdraw
Knowledge of how to utilize Hadoop, Java, Knowledge of data analysis tools and
K0236 Python, SQL, Hive, and Pig to explore data. technologies
Knowledge of industry best practices for service Knowledge of service desk principles and
K0237 desk. practices
Knowledge of machine learning theory and Knowledge of machine learning principles and
K0238 principles. practices
Knowledge of media production,
communication, and dissemination techniques
and methods, including alternative ways to Knowledge of media production tool and
K0239 inform via written, oral, and visual media. techniques
Knowledge of multi-level security systems and Knowledge of multi-level security (MLS) systems
K0240 cross domain solutions. and software
Knowledge of multi-level security systems and
K0240_1 cross domain solutions. Knowledge of cross domain solutions.
Knowledge of organizational human resource Knowledge of human resources policies and
K0241 policies, processes, and procedures. procedures
K0242 Task: Implement organizational security policies
T00** Knowledge of organizational security policies. and procedures
K0243 Knowledge of organizational training and Task: Implement organizational training and
T00** education policies, processes, and procedures. education policies and procedures
Knowledge of physical and physiological

K0244 behaviors that may indicate suspicious or
S00** abnormal activity. Skill in identifying anomalous activity
Knowledge of principles and processes for

conducting training and education needs Knowledge of needs assessment principles and
K0245 assessment. practices
Knowledge of relevant concepts, procedures,

software, equipment, and technology
K0246 applications. Withdraw
Knowledge of remote access processes, tools, Knowledge of remote access tools and
K0247 and capabilities related to customer support. techniques
K0247_1 Knowledge of remote access processes, tools,
S00** and capabilities related to customer support. Skill in providing customer support
K0248 Knowledge of strategic theory and practice. Withdraw

Knowledge of sustainment technologies, Knowledge of sustainment principles and
K0249 processes and strategies. practices
Knowledge of sustainment technologies,
K0249_1 processes and strategies. Knowledge of sustainment processes
Knowledge of Test & Evaluation processes for
K0250 learners. Withdraw
Knowledge of the judicial process, including the
K0251 presentation of facts and evidence. Withdraw
Knowledge of training and education principles
and methods for curriculum design, teaching
and instruction for individuals and groups, and
the measurement of training and education
K0252 effects. Withdraw
Knowledge of binary analysis tools and
K0254 Knowledge of binary analysis. techniques.
Knowledge of network architecture concepts Knowledge of network architecture principles
K0255 including topology, protocols, and components. and practices

K0257 Knowledge of information technology (IT)
T00** acquisition/procurement requirements. Task: Determine procurement requirements
Knowledge of test procedures, principles, and

methodologies (e.g., Capabilities and Maturity
K0258 Model Integration (CMMI)). Withdraw
Knowledge of malware analysis concepts and Knowledge of malware analysis principles and
K0259 methodologies. practices
Knowledge of Personally Identifiable

Knowledge of Personally Identifiable Information (PII) data security standards and
K0260 Information (PII) data security standards. best practices
Knowledge of Payment Card Industry (PCI) data Knowledge of Payment Card Industry (PCI) data
K0261 security standards. security standards and best practices
Knowledge of Personal Health Information (PHI) Knowledge of Personal Health Information (PHI)
K0262 data security standards. data security standards and best practices
Knowledge of information technology (IT) risk

management policies, requirements, and Knowledge of risk management policies and
K0263 procedures. procedures
Knowledge of program protection planning (e.g.

information technology (IT) supply chain
security/risk management policies, anti- Knowledge of program protection plan (PPP)
K0264 tampering techniques, and requirements). principles and practices
Knowledge of infrastructure supporting

information technology (IT) for safety,
K0265 performance, and reliability. Withdraw
K0266 Knowledge of how to evaluate the
S00** trustworthiness of the supplier and/or product. Skill in evaluating supplier trustworthiness
K0266_1 Knowledge of how to evaluate the
S00** trustworthiness of the supplier and/or product. Skill in evaluating product trustworthiness
Knowledge of laws, policies, procedures, or
governance relevant to cybersecurity for critical
K0267 infrastructures. Withdraw
K0268
S00** Knowledge of forensic footprint identification. Skill in identifying forensic digital footprints
K0268_1
S00** Knowledge of forensic footprint identification. Skill in performing forensic data analysis
Knowledge of mobile communications
K0269 architecture. Withdraw
Knowledge of the acquisition/procurement life Knowledge of the acquisition life cycle models
K0270 cycle process. and frameworks
Knowledge of operating system structures and

internals (e.g., process management, directory Knowledge of operating system structures and
K0271 structure, installed applications). internals
Knowledge of network analysis tools used to
identify software communications Knowledge of network analysis tools and
K0272 vulnerabilities. techniques
Knowledge of network analysis tools used to
K0272_1 identify software communications Skill in identifying software communications
S00** vulnerabilities. vulnerabilities
WITHDRAWN: Knowledge of general kill chain

(e.g., footprinting and scanning, enumeration,
gaining access, escalation of privileges,
maintaining access, network exploitation,
K0273 covering tracks). Withdraw
Knowledge of transmission records (e.g.,

Bluetooth, Radio Frequency Identification
(RFID), Infrared Networking (IR), Wireless
Fidelity (Wi-Fi). paging, cellular, satellite dishes,
Voice over Internet Protocol (VoIP)), and
jamming techniques that enable transmission of
undesirable information, or prevent installed Knowledge of wireless communication tools and
K0274 systems from operating correctly. techniques
Knowledge of transmission records (e.g.,

Bluetooth, Radio Frequency Identification
Voice over Internet Protocol (VoIP)), and
jamming techniques that enable transmission of
undesirable information, or prevent installed Knowledge of signal jamming tools and
K0274_1 systems from operating correctly. techniques
Knowledge of configuration management Knowledge of configuration management tools
K0275 techniques. and techniques
K0276 Knowledge of security management. Withdraw
Knowledge of current and emerging data
encryption (e.g., Column and Tablespace
Encryption, file and disk encryption) security
features in databases (e.g. built-in cryptographic
K0277 key management features). Withdraw
Knowledge of current and emerging data
K0278 remediation security features in databases. Withdraw
WITHDRAWN: Knowledge of database access

application programming interfaces (APIs) (e.g.,
K0279 Java Database Connectivity [JDBC]). Withdraw
Knowledge of systems engineering theories, Knowledge of systems engineering principles
K0280 concepts, and methods. and practices
K0281 service catalogues. Withdraw
Knowledge of use cases related to collaboration

and content synchronization across platforms Knowledge of content synchronization tools and
K0283 (e.g., Mobile, PC, Cloud). techniques
Knowledge of developing and applying user Knowledge of credential management systems
K0284 credential management system. and software
K0284_1 Knowledge of developing and applying user Skill in developing user credential management
S00** credential management system. systems
K0284_2 Knowledge of developing and applying user Skill in implementing user credential
S00** credential management system. management systems
Knowledge of implementing enterprise key

escrow systems to support data-at-rest Knowledge of data-at-rest encryption (DARE)
K0285 encryption. standards and best practices
Knowledge of cryptographic key storage

systems and software
Knowledge of implementing enterprise key
escrow systems to support data-at-rest Skill in implementing enterprise key escrow
K0285_1 encryption. systems
Knowledge of N-tiered typologies (e.g. including Knowledge of N-tier architecture principles and
K0286 server and client operating systems). practices
Knowledge of an organization's information

classification program and procedures for Knowledge of data classification policies and
K0287 information compromise. procedures
Knowledge of industry standard security
K0288 models. Withdraw
Knowledge of system/server diagnostic tools
K0289 and fault identification techniques. Withdraw
Knowledge of systems security testing and
K0290 evaluation methods. Withdraw
Knowledge of the enterprise information

technology (IT) architectural concepts and
patterns (e.g., baseline, validated design, and
K0291 target architectures.) Withdraw
Knowledge of the operations and processes for Knowledge of incident, event, and problem
K0292 incident, problem, and event management. management policies and procedures
K0293 Knowledge of integrating the organization's Task: Integrate organizational goals and
T00** goals and objectives into the architecture. objectives into security architecture
Knowledge of IT system operation,

K0294 maintenance, and security needed to keep
S00** equipment functioning properly. Skill in operating IT systems
Knowledge of IT system operation,

K0294_1 maintenance, and security needed to keep
S00** equipment functioning properly. Skill in maintaining IT systems
Knowledge of confidentiality, integrity, and
K0295 availability principles. Withdraw
Knowledge of capabilities, applications, and

potential vulnerabilities of network equipment
including hubs, routers, switches, bridges,
servers, transmission media, and related Knowledge of network hardware threats and
K0296 hardware. vulnerabilities.
Knowledge of countermeasure design for Knowledge of countermeasure design principles
K0297 identified security risks. and practices
K0298 Knowledge of countermeasures for identified
S00** security risks. Skill in implementing countermeasures
Knowledge in determining how a security

system should work (including its resilience and
dependability capabilities) and how changes in
conditions, operations, or the environment will
K0299 affect these outcomes. Withdraw
Knowledge of network mapping and recreating Knowledge of network mapping principles and
K0300 network topologies. practices
K0300_1 Knowledge of network mapping and recreating
S00** network topologies. Skill in recreating network topologies
Knowledge of packet-level analysis using Knowledge of packet-level analysis tools and
K0301 appropriate tools (e.g., Wireshark, tcpdump). techniques
K0302 Knowledge of the basic operation of computers. Withdraw

K0303 Knowledge of the use of sub-netting tools. Knowledge of subnet tools and techniques
Knowledge of concepts and practices of Knowledge of digital forensic data processing
K0304 processing digital forensic data. principles and practices
Knowledge of data concealment (e.g. Knowledge of data concealment tools and
K0305 encryption algorithms and steganography). techniques
WITHDRAWN: Knowledge of basic physical
K0306 computer components and architectures Withdraw
WITHDRAWN: Knowledge of common network

tools (e.g., ping, traceroute, nslookup). (See
K0307 K0111) Withdraw
Knowledge of cryptology principles and
K0308 Knowledge of cryptology. practices
K0309 Knowledge of emerging technologies that have Task: Research new vulnerabilities in emerging
T00** potential for exploitation. technologies
K0310 Knowledge of hacking methodologies. Withdraw
Knowledge of industry indicators useful for
K0311 identifying technology trends. Knowledge of industry indicators
Knowledge of intelligence gathering principles,

policies, and procedures including legal Knowledge of intelligence data gathering
K0312 authorities and restrictions. principles and practices
Knowledge of intelligence gathering principles,

policies, and procedures including legal Knowledge of intelligence data gathering
K0312_1 authorities and restrictions. policies and procedures
Knowledge of external organizations and

academic institutions with cyber focus (e.g.,
cyber curriculum/training and Research &
K0313 Development). Withdraw
Knowledge of industry technologies' potential
K0314 cybersecurity vulnerabilities. Withdraw
Knowledge of the principal methods,
procedures, and techniques of gathering
information and producing, reporting, and
K0315 sharing information. Withdraw
Knowledge of business or military operation

plans, concept operation plans, orders, policies,
K0316 and standing rules of engagement. Withdraw
Knowledge of procedures used for documenting

and querying reported incidents, problems, and Knowledge of incident reporting policies and
K0317 events. procedures
Knowledge of operating system command-line
K0318 tools. Withdraw
Knowledge of technical delivery capabilities and
K0319 their limitations. Withdraw
K0320 Knowledge of organization's evaluation and Task: Implement organizational evaluation and
T00** validation criteria. validation criteria
Knowledge of engineering concepts as applied

to computer architecture and associated Knowledge of computer engineering principles
K0321 computer hardware/software. and practices
K0322 Knowledge of embedded systems. Knowledge of embedded systems and software

Knowledge of system fault tolerance Knowledge of fault tolerance tools and
Knowledge of Intrusion Detection System

(IDS)/Intrusion Prevention System (IPS) tools Knowledge of Intrusion Detection System (IDS)
K0324 and applications. tools and techniques
Knowledge of Intrusion Detection System

(IDS)/Intrusion Prevention System (IPS) tools Knowledge of Intrusion Prevention System (IPS)
K0324_1 and applications. tools and techniques
Knowledge of Information Theory (e.g., source

coding, channel coding, algorithm complexity Knowledge of information theory principles and
K0325 theory, and data compression). practices
K0326 Knowledge of demilitarized zones. Withdraw
WITHDRAWN: Knowledge of local area network

(LAN), wide area network (WAN) and enterprise
principles and concepts, including bandwidth
K0327 management. (See K0050) Withdraw
WITHDRAWN: Knowledge of mathematics,

including logarithms, trigonometry, linear
algebra, calculus, statistics, and operational
K0328 analysis. Withdraw
K0329 WITHDRAWN: Knowledge of statistics. Withdraw
Knowledge of successful capabilities to identify

the solutions to less common and more complex
K0330 system problems. Withdraw
WITHDRAWN: Knowledge of network protocols

(e.g., Transmission Control Protocol (TCP),
Internet Protocol (IP), Dynamic Host
Configuration Protocol (DHCP)), and directory
services (e.g., Domain Name System (DNS)).
K0331 (See K0332) Withdraw
Knowledge of network protocols such as TCP/IP,
Dynamic Host Configuration, Domain Name
K0332 System (DNS), and directory services. Withdraw
Knowledge of network design processes, to

include understanding of security objectives, Knowledge of network design principles and
K0333 operational objectives, and trade-offs. practices
Knowledge of network traffic analysis (tools,
K0334 methodologies, processes). Withdraw
Knowledge of current and emerging cyber
K0336 Knowledge of access authentication methods. Withdraw

K0338 Knowledge of data mining techniques. Knowledge of data mining tools and techniques
Knowledge of how to use network analysis tools
K0339 to identify vulnerabilities. Withdraw
WITHDRAWN: Knowledge of how traffic flows

across the network (e.g., Transmission Control
Protocol (TCP), Internet Protocol (IP), Open
K0340 System Interconnection Model (OSI)). Withdraw
Knowledge of foreign disclosure policies and

import/export control regulations as related to Knowledge of foreign disclosure policies and
K0341 cybersecurity. procedures
Knowledge of penetration testing principles, Knowledge of penetration testing principles and
K0342 tools, and techniques. practices
Knowledge of penetration testing principles, Knowledge of penetration testing tools and
K0342_1 tools, and techniques. techniques
Knowledge of root cause analysis tools and
K0343 Knowledge of root cause analysis techniques. techniques
K0344 Knowledge of an organization's threat
S00** environment. Skill in performing threat environment analysis
WITHDRAWN: Knowledge of cyber attackers

(e.g., script kiddies, insider threat, non-nation
K0345 state sponsored, and nation sponsored). Withdraw
Knowledge of principles and methods for Knowledge of system integration principles and
K0346 integrating system components. practices
Knowledge and understanding of operational Knowledge of operational design principles and
K0347 design. practices
WITHDRAWN: Knowledge of a wide range of

basic communications media concepts and
terminology (e.g., computer and telephone
K0348 networks, satellite, cable, wireless). Withdraw
Knowledge of website types, administration,
functions, and content management system Knowledge of content management system
K0349 (CMS). (CMS) capabilities and applications
Knowledge of accepted organization planning
K0350 systems. Knowledge of planning systems and software
Knowledge of applicable statutes, laws,

regulations and policies governing cyber
K0351 targeting and exploitation. Knowledge of targeting laws and regulations
Knowledge of applicable statutes, laws,

regulations and policies governing cyber
K0351_1 targeting and exploitation. Knowledge of exploitation laws and regulations
K0352 Knowledge of forms of intelligence support Skill in determining intelligence support
S00** needs, topics, and focus areas. requirements
Knowledge of possible circumstances that

would result in changing collection Knowledge of intelligence collection
K0353 management authorities. management authority policies and procedures
Knowledge of relevant reporting and
K0354 dissemination procedures. Withdraw
Knowledge of all-source reporting and Knowledge of all-source intelligence reporting
K0355 dissemination procedures. policies and procedures
Knowledge of analytic tools and techniques for Knowledge of language analysis tools and
K0356 language, voice and/or graphic material. techniques
Knowledge of analytic tools and techniques for Knowledge of voice analysis tools and
K0356_1 language, voice and/or graphic material. techniques
Knowledge of analytic tools and techniques for Knowledge of graphic materials analysis tools
K0356_2 language, voice and/or graphic material. and techniques
K0357 Knowledge of analytical constructs and their use Skill in performing operational environment
S00** in assessing the operational environment analysis
Knowledge of analytic standards and
Knowledge of analytical standards and the frameworks
K0358 purpose of intelligence confidence levels. Skill in assigning analytical confidence ratings
Knowledge of approved intelligence Knowledge of approved intelligence
K0359 dissemination processes. dissemination processes.
K0360 WITHDRAWN: Knowledge of assembly code. Withdraw

K0361 Knowledge of asset availability, capabilities and Skill in determining asset availability,
S00** limitations. capabilities, and limitations
Knowledge of attack methods and techniques
K0362 (DDoS, brute force, spoofing, etc.). Knowledge of cyberattack tools and techniques
Knowledge of auditing and logging procedures
K0363 (including server-based logging). Knowledge of auditing policies and procedures
Knowledge of auditing and logging procedures
K0363_1 (including server-based logging). Knowledge of logging policies and procedures
Knowledge of available databases and tools
necessary to assess appropriate collection Knowledge of intelligence collection tasking
K0364 tasking. tools and techniques
Knowledge of available databases and tools
K0364_1 necessary to assess appropriate collection
S00** tasking. Skill in assessing intelligence collection tasking
WITHDRAWN: Knowledge of basic back-up and

recovery procedures including different types of
K0365 backups (e.g., full, incremental). Withdraw
WITHDRAWN: Knowledge of basic computer

components and architectures, including the
K0366 functions of various peripherals. Withdraw
K0367 Knowledge of penetration testing. Withdraw
Knowledge of implants that enable cyber Knowledge of system persistence tools and
K0368 collection and/or preparation activities. techniques
WITHDRAWN: Knowledge of basic malicious

activity concepts (e.g., footprinting, scanning
K0369 and enumeration). Withdraw
WITHDRAWN: Knowledge of basic physical

computer components and architecture,
including the functions of various components
and peripherals (e.g., CPUs, Network Interface
K0370 Cards, data storage). (See K0109) Withdraw
Knowledge of principles of the collection

development processes (e.g., Dialed Number Knowledge of intelligence collection
K0371 Recognition, Social Network Analysis). development processes
Knowledge of programming concepts (e.g.,
levels, structures, compiled vs. interpreted
K0372 languages). Withdraw
Knowledge of basic software applications (e.g.,

data storage and backup, database applications)
and the types of vulnerabilities that have been Knowledge of software application
K0373 found in those applications. vulnerabilities
WITHDRAWN: Knowledge of basic structure,

architecture, and design of modern digital and
K0374 telephony networks. (See K0599) Withdraw
Knowledge of wireless applications Knowledge of wireless application
K0375 vulnerabilities. vulnerabilities
Knowledge of internal and external customers

and partner organizations, including information
K0376 needs, objectives, structure, capabilities, etc. Withdraw
Knowledge of classification and control
K0377 markings standards, policies and procedures. Withdraw
WITHDRAWN: Knowledge of classification and
K0378 control markings standards. (See K0377) Withdraw
Knowledge of client organizations, including
K0379 information needs, objectives, structure,
S00** capabilities, etc. Skill in developing client organization profiles
Knowledge of collaborative tools and
K0380 environments. Withdraw
K0381 Knowledge of collateral damage and estimating
T00** impact(s). Task: Estimate the impact of collateral damage
Knowledge of collection capabilities and Knowledge of intelligence collection principles
K0382 limitations. and practices
Knowledge of collection capabilities, accesses,

performance specifications, and constraints
K0383 utilized to satisfy collection plan. Skill in managing an intelligence collection plan
Knowledge of collection management

functionality (e.g., positions, functions,
responsibilities, products, reporting
K0384 requirements). Withdraw

Knowledge of intelligence collection
K0386 Knowledge of collection management tools. management tools and techniques
Knowledge of collection planning process and Knowledge of intelligence collection planning
K0387 collection plan. processes
Knowledge of collection searching/analyzing

techniques and tools for chat/buddy list,
emerging technologies, VOIP, Media Over IP, Knowledge of intelligence collection analysis
K0388 VPN, VSAT/wireless, web mail and cookies. tools and techniques
Knowledge of collection searching/analyzing

techniques and tools for chat/buddy list,
emerging technologies, VOIP, Media Over IP, Knowledge of information searching tools and
K0388_1 VPN, VSAT/wireless, web mail and cookies. techniques
Knowledge of collection sources including
K0389 conventional and non-conventional sources. Knowledge of intelligence collection sources
K0390 Knowledge of collection strategies. Skill in creating intelligence collection strategies
Knowledge of collection systems, capabilities, Knowledge of intelligence collection systems
K0391 and processes. and software
Knowledge of common computer/network

infections (virus, Trojan, etc.) and methods of
K0392 infection (ports, attachments, etc.). Knowledge of malware
Knowledge of common networking devices and
K0393 their configurations. Withdraw
Knowledge of common reporting databases and
K0394 tools. Withdraw
Knowledge of computer networking
fundamentals (i.e., basic computer components Knowledge of computer networking principles
K0395 of a network, types of networks, etc.). and practices
Knowledge of computer programming concepts,

including computer languages, programming,
K0396 testing, debugging, and file types. Withdraw
Knowledge of security concepts in operating
K0397 systems (e.g., Linux, Unix.) Withdraw
Knowledge of concepts related to websites

(e.g., web servers/pages, hosting, DNS, Knowledge of web security principles and
K0398 registration, web languages such as HTML). practices
Knowledge of crisis action planning and time Knowledge of crisis action plan models and
K0399 sensitive planning procedures. frameworks
K0399_1 Knowledge of crisis action planning and time
S00** sensitive planning procedures. Skill in developing crisis action plans
Knowledge of crisis action planning for cyber
K0400 operations. Withdraw
K0401 Knowledge of criteria for evaluating collection Skill in evaluating intelligence collection
S00** products. products
Knowledge of criticality and vulnerability factors

(e.g., value, recuperation, cushion,
countermeasures) for target selection and
K0402 applicability to the cyber domain. Knowledge of target selection criticality factors

countermeasures) for target selection and Knowledge of target selection vulnerability
K0402_1 applicability to the cyber domain. factors

K0402_2 countermeasures) for target selection and
S00** applicability to the cyber domain. Skill in selecting targets

K0402_3 countermeasures) for target selection and
S00** applicability to the cyber domain. Skill in identifying vulnerabilities
Knowledge of cryptologic capabilities,

limitations, and contributions to cyber
K0404 Task: Implement intelligence collection
S00** Knowledge of current collection requirements. requirements
K0405 Knowledge of current computer-based intrusion
S00** sets. Skill in applying intrusion detection data sets
Knowledge of current software and
methodologies for active defense and system Knowledge of active defense tools and
K0406 hardening. techniques
K0407
S00** Knowledge of customer information needs. Skill in identifying customer information needs
Knowledge of cyber actions (i.e. cyber defense,

information gathering, environment
preparation, cyber-attack) principles,
K0408 capabilities, limitations, and effects. Withdraw
Knowledge of cyber intelligence/information Knowledge of intelligence information
K0409 collection capabilities and repositories. repositories
Knowledge of cyber laws and their effect on
K0410 Cyber planning. Withdraw
Knowledge of cyber laws and legal
considerations and their effect on cyber
K0411 planning. Withdraw
K0412 Knowledge of cyber lexicon/terminology Withdraw
K0413 Knowledge of cyber operation objectives,
T00** policies, and legalities. Task: Determine cyber operation objectives
K0414 Knowledge of cyber operations support or
T00** enabling processes. Task: Support cyber operations
Knowledge of cyber operations Knowledge of cyber operations principles and
K0415 terminology/lexicon. practices
K0416 Knowledge of cyber operations. Withdraw
Knowledge of data communications
terminology (e.g., networking protocols,
Ethernet, IP, encryption, optical devices,
K0417 removable media). Withdraw
K0418 Knowledge of data flow process for terminal or
S00** environment collection. Skill in collecting terminal or environment data
Knowledge of database administration and Knowledge of database administration
K0419 maintenance. principles and practices
Knowledge of database administration and Knowledge of database maintenance principles
K0419_1 maintenance. and practices
K0420 Knowledge of database theory. Withdraw
Knowledge of databases, portals and associated
K0421 dissemination vehicles. Withdraw
Knowledge of deconfliction processes and
K0422 procedures. Knowledge of deconfliction processes
K0423 Knowledge of deconfliction reporting to include
T00** external organization interaction. Task: Prepare deconfliction report
Knowledge of denial and deception tools and
K0424 Knowledge of denial and deception techniques. techniques
Knowledge of different organization objectives
at all levels, including subordinate, lateral and
K0425 higher. Withdraw
Knowledge of dynamic targeting principles and
K0426 Knowledge of dynamic and deliberate targeting. practices
Knowledge of deliberate targeting principles
K0426_1 Knowledge of dynamic and deliberate targeting. and practices
Knowledge of encryption algorithms and cyber Knowledge of encryption algorithm tools and
K0427 capabilities/tools (e.g., SSL, PGP). techniques
Knowledge of encryption algorithms and tools Knowledge of wireless local area network
K0428 for wireless local area networks (WLANs). (WLAN) tools and techniques
Knowledge of enterprise-wide information Knowledge of information management
K0429 management. principles and practices
K0429_1 Knowledge of enterprise-wide information
S00** management.
Knowledge of evasion strategies and Skill in managing enterprise-wide information
K0430 techniques.
Knowledge of evasion strategies and Knowledge of evasion principles and practices
K0430_1 techniques. Knowledge of evasion tools and techniques
Knowledge of evolving/emerging
K0431 communications technologies. Withdraw
Knowledge of existing, emerging, and long-

range issues related to cyber operations
K0432 strategy, policy, and organization. Withdraw
Knowledge of forensic implications of operating
K0433 system structure and operations.
WITHDRAWN: Knowledge of front-end

collection systems, including traffic collection,
K0434 filtering, and selection. Withdraw
Knowledge of fundamental cyber concepts,
K0435 principles, limitations, and effects.
Knowledge of fundamental cyber operations
concepts, terminology/lexicon (i.e.,
environment preparation, cyber-attack, cyber
defense), principles, capabilities, limitations,
K0436 and effects. Withdraw
Knowledge of general Supervisory control and Knowledge of supervisory control and data
K0437 data acquisition (SCADA) system components. acquisition (SCADA) systems and software
Knowledge of mobile cellular communications

architecture (e.g., LTE, CDMA, GSM/EDGE and
K0438 UMTS/HSPA).
Knowledge of governing authorities for Withdraw
K0439 targeting. Knowledge of targeting governing authorities
Knowledge of host-based security products and
K0440 how those products affect exploitation and
S00** reduce vulnerability. Skill in evaluating security products
WITHDRAWN: Knowledge of how collection

requirements and information needs are
translated, tracked, and prioritized across the
K0441 extended enterprise. Withdraw
Knowledge of how converged technologies

impact cyber operations (e.g., digital, telephony,
K0442 wireless). Withdraw
WITHDRAWN: Knowledge of how hubs,

switches, routers work together in the design of
K0443 a network. (See K0143) Withdraw
Knowledge of how Internet applications work

(SMTP email, web-based email, chat clients,
K0444 VOIP). Withdraw
Knowledge of how modern digital and
K0445 telephony networks impact cyber operations. Withdraw
Knowledge of how modern wireless

communications systems impact cyber
Knowledge of how to collect, view, and identify

K0447 essential information on targets of interest from
S00** metadata (e.g., email, http). Skill is performing metadata analysis
K0448 Knowledge of how to establish priorities for
S00** resources. Skill in establishing priorities
K0449 Knowledge of how to extract, analyze, and use
S00** metadata. Skill in extracting metadata

Knowledge of identification and reporting
K0451 processes. Knowledge of reporting policies and procedures
Knowledge of implementing Unix and Windows

systems that provide radius authentication and
logging, DNS, mail, web service, FTP server,
K0452 DHCP, firewall, and SNMP. Withdraw
K0453 Knowledge of indications and warning. Withdraw

K0454 Knowledge of information needs. Withdraw
Knowledge of information security concepts, Knowledge of cybersecurity tools and
K0455 facilitating technologies and methods. techniques
Knowledge of intelligence capabilities and Knowledge of intelligence collection capabilities
K0456 limitations. and applications
K0457 Knowledge of intelligence confidence levels. Withdraw
K0458 Knowledge of intelligence disciplines. Withdraw

Knowledge of intelligence employment
requirements (i.e., logistical, communications
K0459 support, maneuverability, legal restrictions, Skill in determining intelligence employment
S00** etc.). requirements
K0460 Knowledge of intelligence preparation of the
S00** environment and similar processes. Skill in preparing operational environments
Knowledge of intelligence cycle principles and
K0461 Knowledge of intelligence production processes. practices
Knowledge of intelligence reporting principles,

policies, procedures, and vehicles, including
report formats, reportability criteria
(requirements and priorities), dissemination Knowledge of intelligence reporting principles
K0462 practices, and legal authorities and restrictions. and practices
Knowledge of intelligence requirements tasking Knowledge of intelligence requirements tasking
K0463 systems. systems and software
Knowledge of intelligence support to planning,
K0464 execution, and assessment. Knowledge of intelligence support activities.
K0465 Knowledge of internal and external partner
S00** cyber operations capabilities and tools. Skill in identifying partner capabilities
Knowledge of internal and external partner

intelligence processes and the development of
information requirements and essential Knowledge of intelligence policies and
K0466 information. procedures

intelligence processes and the development of
information requirements and essential
K0466_1 information. Skill in identifying information requirements

organization capabilities and limitations (those
with tasking, collection, processing, exploitation
K0467 and dissemination responsibilities). Withdraw
K0468 reporting. Withdraw
K0469 Knowledge of internal tactics to anticipate
S00** and/or emulate threat capabilities and actions. Skill in performing threat emulation tactics
K0469_1 Knowledge of internal tactics to anticipate
S00** and/or emulate threat capabilities and actions. Skill in anticipating threats
K0470 Knowledge of Internet and routing protocols. Knowledge of internet protocols
K0470_1 Knowledge of Internet and routing protocols. Knowledge of routing protocols
Knowledge of Internet network addressing (IP

addresses, classless inter-domain routing, Knowledge of network addressing principles and
K0471 TCP/UDP port numbering). practices
Knowledge of intrusion detection systems and Knowledge of intrusion detection systems and
K0472 signature development. software
K0473 Knowledge of intrusion sets. Withdraw

K0474 Knowledge of key cyber threat actors and their
S00** equities. Skill in assessing threat actors
Knowledge of key factors of the operational
K0475 environment and threat. Withdraw
Knowledge of language processing tools and Knowledge of language processing tools and
K0477
T00** Knowledge of leadership's Intent and objectives. Task: Integrate leadership priorities
K0478 Knowledge of legal considerations in targeting. Withdraw
Knowledge of malware analysis and
K0479 characteristics. Withdraw
K0480 Knowledge of malware. Withdraw

Knowledge of methods and techniques used to Knowledge of exploitation detection tools and
K0481 detect various exploitation activities. techniques
K0482 Knowledge of methods for ascertaining Skill in determining intelligence collection asset
S00** collection asset posture and availability. posture and availability
Knowledge of methods to integrate and

K0483 summarize information from any potential
S00** sources. Skill in integrating information
Knowledge of methods to integrate and

K0483_1 summarize information from any potential
S00** sources. Skill in summarizing information
Knowledge of midpoint collection (process, Knowledge of midpoint collection principles and
K0484 objectives, organization, targets, etc.). practices
K0485 Knowledge of network administration. Withdraw
K0486 Knowledge of network construction and
S00** topology. Skill in constructing networks.
Knowledge of network security (e.g.,

encryption, firewalls, authentication, honey Knowledge of network security principles and
K0487 pots, perimeter protection). practices
Knowledge of network security
implementations (e.g., host-based IDS, IPS,
K0488 access control lists), including their function and
S00** placement in a network. Skill in implementing network security
Knowledge of network topology principles and
K0489 Knowledge of network topology. practices
Knowledge of networking and Internet

communications fundamentals (i.e. devices,
device configuration, hardware, software,
applications, ports/protocols, addressing,
network architecture and infrastructure,
K0491 routing, operating systems, etc.). Withdraw
Knowledge of non-traditional collection Knowledge of intelligence collection tools and
K0493 Knowledge of obfuscation techniques. Knowledge of obfuscation tools and techniques.
Knowledge of objectives, situation, operational

environment, and the status and disposition of
internal and external partner collection
K0494 capabilities available to support planning. Withdraw
K0495
S00** Knowledge of ongoing and future operations. Skill in managing operations
K0496 Knowledge of operational asset constraints. Withdraw
Knowledge of operational effectiveness Knowledge of operational effectiveness
K0497 assessment. assessment principles and practices
K0498 Knowledge of operational planning processes. Knowledge of operational planning processes
Knowledge of operations security (OPSEC)
K0499 Knowledge of operations security. principles and practices
Knowledge of organization and/or partner

collection systems, capabilities, and processes
K0500 (e.g., collection and protocol processors). Withdraw
K0501 Knowledge of organization cyber operations
T00** programs, strategies, and resources. Task: Develop operations strategies
Knowledge of organization decision support Knowledge of organization decision support
K0502 tools and/or methods. tools and techniques
Knowledge of organization formats of resource

and asset readiness reporting, its operational Knowledge of resource and asset readiness
K0503 relevance and intelligence collection impact. reporting policies and procedures
Knowledge of organization issues, objectives,
and operations in cyber as well as regulations
and policy directives governing cyber Knowledge of cybersecurity operation policies
K0504 operations. and procedures
K0505 Knowledge of organization objectives and Task: Integrate organization objectives in
T00** associated demand on collection management. intelligence collection
Knowledge of organization objectives,
K0506 leadership priorities, and decision-making risks. Withdraw
Knowledge of organization or partner Knowledge of network exploitation tools and
K0507 exploitation of digital networks. techniques
Knowledge of organization policies and planning

concepts for partnering with internal and/or Knowledge of partnership policies and
K0508 external organizations. procedures
Knowledge of organizational and partner

authorities, responsibilities, and contributions to
K0509 achieving objectives. Withdraw
Knowledge of organizational and partner
K0510 policies, tools, capabilities, and procedures. Withdraw
Knowledge of organizational hierarchy and Knowledge of decision-making policies and
K0511 cyber decision-making processes. procedures
K0512 Knowledge of organizational planning concepts. Withdraw
Knowledge of organizational priorities, legal

authorities and requirements submission Knowledge of requirements submission
K0513 processes. processes
Knowledge of organizational structures and

K0514 associated intelligence capabilities.
WITHDRAWN: Knowledge of OSI model and
K0515 underlying networking protocols (e.g., TCP/IP). Withdraw
Knowledge of physical and logical network

devices and infrastructure to include hubs,
K0516 switches, routers, firewalls, etc.
Knowledge of post implementation review (PIR) Knowledge of post implementation review (PIR)
K0517 approval process. processes
K0518
S00** Knowledge of planning activity initiation. Skill in initiating planning activities
K0519 Knowledge of planning timelines adaptive, crisis
S00** action, and time-sensitive planning. Skill in developing crisis action timelines
Knowledge of principles and practices related to
target development such as target knowledge,
associations, communication systems, and Knowledge of target development principles
K0520 infrastructure. and practices
Knowledge of priority information, how it is
derived, where it is published, how to access,
K0521 etc. Skill in identifying priority information
Knowledge of production exploitation and Knowledge of production exploitation principles
K0522 dissemination needs and architectures. and practices
K0522_1 Knowledge of production exploitation and
S00** dissemination needs and architectures. Skill in identifying production exploitation needs
Knowledge of products and nomenclature of

major vendors (e.g., security suites - Trend
Micro, Symantec, McAfee, Outpost, and Panda)
and how those products affect exploitation and
K0523 reduce vulnerabilities. Withdraw
Knowledge of relevant laws, regulations, and

K0524 policies. Withdraw
Knowledge of operational planning tools and
K0525 Knowledge of operational planning products techniques
K0526 Knowledge of research strategies and
S00** knowledge management. Skill in conducting research
Knowledge of risk management and mitigation Knowledge of risk mitigation tools and
K0527 strategies. techniques
Knowledge of satellite-based communication Knowledge of satellite-based communication
K0528 systems. systems and software
K0529 Knowledge of programming principles Knowledge of scripting principles and practices
Knowledge of security hardware and software

K0530 options, including the network artifacts they Skill in assessing security hardware and software
S00** induce and their effects on exploitation.

K0530_1 options, including the network artifacts they Task: Identify network artifacts from hardware
T00** induce and their effects on exploitation. and software options

K0530_2 options, including the network artifacts they Task: Identify impact of network artifacts on
T00** induce and their effects on exploitation. exploitation
Knowledge of security implications of software
K0531 configurations. Skill in analyzing software configurations
K0531_1 Knowledge of security implications of software Task: Determine impact of software
T00** configurations. configurations
Knowledge of specialized target language (e.g.,
acronyms, jargon, technical terminology, code
K0532 words). Knowledge of target language
K0533 Knowledge of specific target identifiers, and
T00** their usage. Task: Acquire target identifiers
Knowledge of staff management, assignment,
K0534 and allocation processes. Withdraw
Knowledge of strategies and tools for target Knowledge of target research tools and
K0535 research. techniques
Knowledge of structure, approach, and strategy

of exploitation tools (e.g., sniffers, keyloggers)
and techniques (e.g., gaining backdoor access,
collecting/exfiltrating data, conducting
vulnerability analysis of other systems in the
K0536 network). Withdraw
K0537 Skill in analyzing target organizations Withdraw
Knowledge of target and threat organization

structures, critical capabilities, and critical
K0538 vulnerabilities Knowledge of target organization structures

K0538_1 vulnerabilities Knowledge of target critical capabilities

K0538_2 vulnerabilities Knowledge of target critical vulnerabilities
Knowledge of target communication profiles

K0539 and their key elements (e.g., target associations, Skill in developing target communication
S00** activities, communication infrastructure). profiles
Knowledge of target communication tools and Knowledge of target communication tools and
Knowledge of target cultural references,
K0541 dialects, expressions, idioms, and abbreviations. Knowledge of target cultural references
Knowledge of target development (i.e.,
K0542 concepts, roles, responsibilities, products, etc.). Withdraw
Knowledge of target estimated repair and
K0543 recuperation times. Knowledge of target estimated recovery times
Knowledge of target intelligence gathering and

operational preparation techniques and life Knowledge of target intelligence gathering tools
K0544 cycles. and techniques
K0545 Knowledge of target language(s). Withdraw
K0546 Knowledge of target list development (i.e.
S00** Restricted, Joint, Candidate, etc.). Skill in developing target lists
K0547 Knowledge of target methods and procedures. Withdraw
Knowledge of target or threat cyber actors and
K0548 procedures. Withdraw
Knowledge of target vetting and validation Knowledge of target selection policies and
K0549 procedures. procedures
Knowledge of target, including related current

events, communication profile, actors, and
history (language, culture) and/or frame of
K0550 reference. Knowledge of target characteristics
K0551 Knowledge of targeting cycles. Knowledge of targeting cycles
K0551_1 Knowledge of targeting cycles. Knowledge of targeting principles and practices
K0552 Knowledge of tasking mechanisms. Withdraw
Knowledge of tasking processes for organic and

K0553 subordinate collection assets. Knowledge of tasking processes
Knowledge of tasking, collection, processing,
K0554 exploitation and dissemination. Withdraw
K0555 Knowledge of TCP/IP networking protocols. Withdraw
Knowledge of telecommunications
K0556 fundamentals. Withdraw
Knowledge of terminal or environmental

collection (process, objectives, organization,
K0557 targets, etc.). Knowledge of terminal collection
Knowledge of terminal or environmental

collection (process, objectives, organization,
K0557_1 targets, etc.). Knowledge of environmental collection
Knowledge of the available tools and

applications associated with collection Knowledge of intelligence collection
K0558 requirements and collection management. requirements tools and techniques
Knowledge of the basic structure, architecture,
K0559 and design of converged applications. Withdraw
Knowledge of the basic structure, architecture,
and design of modern communication
K0560 networks. Withdraw
Knowledge of the basics of network security

(e.g., encryption, firewalls, authentication,
K0561 honey pots, perimeter protection). Withdraw
Knowledge of the capabilities and limitations of
new and emerging collection capabilities,
K0562 accesses and/or processes. Withdraw
Knowledge of the capabilities, limitations and

tasking methodologies of internal and external
collections as they apply to planned cyber
K0563 activities. Withdraw
Knowledge of the characteristics of targeted

communication networks (e.g., capacity,
K0564 functionality, paths, critical nodes). Withdraw
Knowledge of the common networking and

routing protocols (e.g. TCP/IP), services (e.g.,
web, mail, DNS), and how they interact to
K0565 provide network communications. Knowledge of routing protocols
Knowledge of the critical information
K0566 requirements and how they're used in planning. Knowledge of critical information requirements
Knowledge of the data flow from collection Knowledge of collection data flow from origin
K0567 origin to repositories and tools. into repositories and tools.
Knowledge of the definition of collection

management and collection management
K0568 authority. Withdraw
Knowledge of the existent tasking, collection, Knowledge of the Tasking, Collection,

processing, exploitation and dissemination Processing, Exploitation and Dissemination
K0569 architecture. (TCPED) process
K0570 Knowledge of the factors of threat that could
S00** impact collection operations. Skill in analyzing threat factors
Knowledge of the feedback cycle in collection Knowledge of the collection process feedback
K0571 processes. cycle
Knowledge of the functions and capabilities of

internal teams that emulate threat activities to Knowledge of red team functions and
K0572 benefit the organization. capabilities.
Knowledge of the fundamentals of digital Knowledge of digital forensics principles and
K0573 forensics to extract actionable intelligence. practices
Knowledge of the impact of language analysis Knowledge of language analysis principles and
K0574 on on-net operator functions. practices
Knowledge of the impact of language analysis Knowledge of interactive on-net (ION) operator
K0574_1 on on-net operator functions. roles and responsibilities
Knowledge of the impacts of internal and

K0575 external partner staffing estimates. Withdraw
K0576 Knowledge of the information environment. Withdraw

Knowledge of the intelligence frameworks, Knowledge of intelligence principles and
K0577 processes, and related systems. practices
Knowledge of the intelligence requirements

development and request for information
K0578 processes. Knowledge of request for information processes
Knowledge of the organization, roles and

responsibilities of higher, lower and adjacent
K0579 sub-elements. Withdraw
Knowledge of the organization's established
K0580 format for collection plan. Withdraw
Knowledge of the organization's planning,

K0581 operations and targeting cycles. Withdraw
K0582 Knowledge of the organizational planning and
T00** staffing process. Task: Determine staffing needs
Knowledge of the organizational

plans/directives/guidance that describe
K0583 objectives. Withdraw
Knowledge of the organizational

policies/procedures for temporary transfer of Knowledge of collection authority policies and
K0584 collection authority. procedures
Knowledge of the organizational structure as it

pertains to full spectrum cyber operations,
including the functions, responsibilities, and
interrelationships among distinct internal
K0585 elements. Withdraw
K0586 Knowledge of the outputs of course of action
T00** and exercise analysis. Task: Review course of action analysis results
K0586_1 Knowledge of the outputs of course of action
T00** and exercise analysis. Task: Review exercise analysis results
Knowledge of the POC's, databases, tools and

applications necessary to establish environment Knowledge of environment preparation tools
K0587 preparation and surveillance products. and techniques
Knowledge of the POC's, databases, tools and

applications necessary to establish environment
K0587_1 preparation and surveillance products. Knowledge of surveillance tools and techniques
Knowledge of the priority information

requirements from subordinate, lateral and
K0588 higher levels of the organization. Withdraw
Knowledge of the process used to assess the
K0589 performance and impact of operations. Knowledge of operation assessment processes
K0589_1 Knowledge of the process used to assess the
T00** performance and impact of operations. Task: Assess operation performance
K0589_2 Knowledge of the process used to assess the
T00** performance and impact of operations. Task: Assess operation impact
Knowledge of the processes to synchronize Task: Synchronize operational assessment

operational assessment procedures with the procedures and critical information requirement
K0590 critical information requirement process. processes
Knowledge of the production responsibilities
K0591 and organic analysis and production capabilities. Withdraw
K0592 Knowledge of the purpose and contribution of
S00** target templates. Skill in applying target templates
Knowledge of the range of cyber operations and

their underlying intelligence support needs,
K0593 topics, and focus areas. Withdraw
Knowledge of the relationships between end
states, objectives, effects, lines of operation,
K0594 etc. Withdraw
Knowledge of the relationships of operational

objectives, intelligence requirements, and
K0595 intelligence production tasks. Withdraw
Knowledge of the request for information Knowledge of request for information (RFI)
K0596 process. processes
Knowledge of the role of network operations in

supporting and facilitating other organization Knowledge of network operations principles and
K0597 operations. practices
Knowledge of the structure and intent of

organization specific plans, guidance and
K0598 authorizations. Withdraw
Knowledge of the structure, architecture, and
design of modern digital and telephony
K0599 networks. Withdraw
Knowledge of the structure, architecture, and

design of modern wireless communications Skill in designing wireless communications
K0600 systems. systems
Knowledge of the
systems/architecture/communications used for
K0601 coordination. Withdraw
Knowledge of collection disciplines and
K0602 capabilities. Withdraw
Knowledge of the ways in which targets or
K0603 threats use the Internet. Knowledge of threat behavior
Knowledge of the ways in which targets or
K0603 threats use the Internet. Knowledge of target behavior
K0604 Knowledge of threat or target systems. Knowledge of threat systems and software
K0604_1 Knowledge of threat or target systems. Knowledge of target systems and software
K0605 Knowledge of tipping, cueing, mixing, and
S00** redundancy. Skill in managing sensors
Knowledge of transcript development processes
K0606 and techniques (e.g., verbatim, gist,
S00** summaries). Skill in developing transcripts
K0607 Knowledge of translation processes and
S00** techniques. Skill in translating languages
Knowledge of Unix/Linux and Windows

operating systems structures and internals (e.g.,
process management, directory structure,
K0608 installed applications). Withdraw
Knowledge of virtual machine tools and
K0609 Knowledge of virtual machine technologies. technologies
Knowledge of virtualization products (VMware,
K0610 Virtual PC). Withdraw

K0612 Knowledge of what constitutes a "threat" to a
S00** network. Skill in identifying network threats
Knowledge of who the organization's
operational planners are, how and where they
can be contacted, and what are their
K0613 expectations. Withdraw
Knowledge of wireless technologies (e.g.,

cellular, satellite, GSM) to include the basic
structure, architecture, and design of modern
K0614 wireless communications systems. Withdraw
Knowledge of privacy disclosure statements Knowledge of privacy disclosure statement laws
K0615 based on current laws. and regulations
Knowledge of continuous monitoring, its

processes, and Continuous Diagnostics and
K0616 Mitigation (CDM) program activities. Knowledge of continuous monitoring processes
Knowledge of Automated security control Knowledge of automated security control
K0617 assessments testing tools and techniques
Knowledge of hardware asset management and

the value of tracking the location and
configuration of networked devices and
software across departments, locations,
facilities and, potentially, supporting business Knowledge of hardware asset management
K0618 functions. principles and practices
Knowledge of software asset management and
facilities and, potentially, supporting business Knowledge of software asset management
K0619 functions. principles and practices
Knowledge of continuous monitoring Knowledge of continuous monitoring tools and
K0620 technologies and tools. techniques
Knowledge of risk scoring principles and
K0621 Knowledge of risk scoring practices
Knowledge of controls related to the use,
K0622 processing, storage, and transmission of data. Knowledge of data security controls
Knowledge of risk assessment tools and
K0623 Knowledge of risk assessment methodologies. techniques
Knowledge of Application Security Risks (e.g.

Open Web Application Security Project Top 10
K0624 list) Knowledge of web application security risks
K0625 Knowledge that patching and software updates
S00** are impractical for some networked devices. Skill in providing software updates
Knowledge of secure software update principles
K0626 Knowledge of secure update mechanisms. and practices
Knowledge of secure firmware update principles
K0626_1 Knowledge of secure update mechanisms. and practices
Knowledge of the importance of ingress filtering

to protect against automated threats that rely Knowledge of ingress filtering tools and
K0627 on spoofed network addresses. techniques
Knowledge of cyber competitions as a way of

developing skills by providing hands-on
K0628 experience in simulated, real-world situations. Knowledge of cybersecurity competitions
K0629
S00** Knowledge of white/black listing Skill in developing access control lists
Knowledge of the latest intrusion techniques,

methods and documented intrusions external to
K0630 the organization. Withdraw
Knowledge of collection management
K0631 authority(ies). Withdraw
K0632 Knowledge of security and privacy controls Knowledge of data privacy controls
Knowledge of system design tools, methods and
K0633 techniques. Withdraw
Knowledge of exploitation techniques (e.g.,

gaining backdoor access, collecting/exfiltrating
data, conducting vulnerability analysis of other
K0634 systems in the network). Knowledge of exploitation tools and techniques
Usage Notes Content (parentheticals) Keep as is Rewrite New Change Type Withdraw
e.g., methods for assessing and mitigating risk x
x
x
x
x
x
including routers, switches, bridges, servers,
transmission media, and related hardware. x
x
x
including disaster recovery continuity of

operations plans.
x
x
Including specific organization's network and
bandwidth management. x
Including specific organization's network and
bandwidth management. x
e.g., circuit boards, processors, chips, and

computer hardware x
e.g., access control list, capabilities lists x
e.g., access control list, capabilities lists x
x
x
Including secure software development
principles x
e.g., alerts, advisories, errata, and bulletins x
NIST SP 800-160 x
including host and network-based intrusions. x
x
e.g., firewalls, demilitarized zones, encryption x
e.g., assembly languages x
e.g. logarithms, trigonometry, linear algebra,

calculus, statistics, and operational analysis x
x
x
e.g., public key infrastructure, Oauth, OpenID,
SAML, SPML) x
e.g., Transmission Control Protocol [TCP] and

Internet Protocol [IP], Open System
Interconnection Model [OSI], Information
Technology Infrastructure Library, current
version [ITIL] x
x
x
SQL: structured query language x
e.g., buffer overflow, mobile code, cross-site

scripting, Procedural Language/Structured
Query Language [PL/SQL] and injections, race
oriented attacks, malicious code x
e.g., buffer overflow, mobile code, cross-site

scripting, Procedural Language/Structured
Query Language [PL/SQL] and injections, race
oriented attacks, malicious code x
(e.g., Security Technical Implementation Guides

(STIGs), cybersecurity best practices on
cisecurity.org). x
e.g., Release Management, Patch Management x
x
x
x
e.g., Waterfall Model, Spiral Model x
e.g., International Organization for

Standardization [ISO] guidelines x
e.g., International Organization for

Standardization [ISO] guidelines x
including software security and usability. x

x
x
e.g., Communications channel, Systems Link

Budgeting, Spectral efficiency, Multiplexing x
e.g., wikis, social networking, content

management systems, blogs x
e.g., databases, bookmarking engines x
e.g., groupware, SharePoint x
e.g., service-oriented architecture, Simple

Object Access Protocol, and web service
description language x
x
e.g., CPUs, Network Interface Cards, data

storage x
e.g., CPUs, Network Interface Cards, data

storage x
e.g., ping, traceroute, nslookup x
e.g., LAN, WAN, MAN, WLAN, WWAN x

e.g., computer systems/components, access
control devices, digital cameras, digital
scanners, electronic organizers, hard drives,
memory cards, modems, network components,
networked appliances, networked home control
devices, printers, removable storage devices,
telephones, copiers, facsimile machines, etc. x
e.g., .dll, .bat, .zip, .pcap, .gzip x
e.g., New Technology File System [NTFS], File

Allocation Table [FAT], File Extension [EXT] x
e.g. Rules of Evidence x
x
NIST SP 800-161 x
e.g., mkdir, mv, ls, passwd, grep x
x x
x x
e.g., log files, registry files, configuration files x
x x
x x
x
x
e.g., e-mail, VOIP, IM, web forums, Direct Video

Broadcasts x
x
x
x
x
including traffic collection, filtering, and

selection. x
x
(e.g., modularization, layering, abstraction, data
hiding, simplicity/minimization). x
x
x
(e.g., account creation, password rules, access

control) x
(e.g., account creation, password rules, access

control) x
x
e.g., passive, active, insider, close-in,

distribution attacks x
e.g., script kiddies, insider threat, non-nation

state sponsored, and nation sponsored x
x x
x
x
x
e.g., enterprise service bus and message
queuing x
x
x
e.g., reconnaissance, scanning, enumeration,

gaining access, escalation of privileges,
maintaining access, network exploitation,
covering tracks x
e.g., end-to-end systems performance

monitoring x
e.g., end-to-end systems performance
monitoring x
e.g., Foremost x
e.g., VMWare, Wireshark x
e.g., VMWare, Wireshark x

x
x x
e.g., Oily Debug, Ida Pro x
e.g. virtual aware malware, debugger aware

malware, and unpacked malware that looks for
VM-related strings in your computer's display
device x
x
x
Including concepts related to security,
governance, procurement, and administration. x


e.g., Java Database Connectivity [JDBC] x
(e.g., Capability Maturity Model Integration

(CMMI) for Development, CMMI for Services,
and CMMI for Acquisitions). x
(e.g., Capability Maturity Model Integration

(CMMI) for Development, CMMI for Services,
and CMMI for Acquisitions). x
e.g., Zachman, Federal Enterprise Architecture

[FEA] x
e.g., Zachman, Federal Enterprise Architecture

[FEA] x
e.g., Information Technology Infrastructure
Library, current version [ITIL] x
e.g., Information Technology Infrastructure

Library, current version [ITIL] x
e.g., Single point of authentication/audit/policy

enforcement, message scanning for malicious
content, data anonymization for PCI and PII
compliance, data loss protection scanning,
accelerated cryptographic operations, SSL
security, REST/JSON processing x
e.g., Single point of authentication/audit/policy

enforcement, message scanning for malicious
content, data anonymization for PCI and PII
compliance, data loss protection scanning,
accelerated cryptographic operations, SSL
security, REST/JSON processing x
e.g., Bell-LaPadula model, Biba integrity model,

Clark-Wilson integrity model x
e.g., Bell-LaPadula model, Biba integrity model,

Clark-Wilson integrity model x
rubrics, evaluation plans, tests, quizzes x
x
x
e.g., ADDIE, Smith/Ragan model, Gagne's Events

of Instruction, Kirkpatrick's model of evaluation z
e.g., ADDIE, Smith/Ragan model, Gagne's Events

of Instruction, Kirkpatrick's model of evaluation z
x
x
LAN x
e.g., rote learning, observation x
e.g., TCP/IP x
x
x
x
x
Hadoop, Java, Python, SQL, Hive, and Pig x
x
x
x x
x
x
including topology, protocols, and components. x
(e.g. information technology (IT) supply chain

security/risk management policies, anti-
tampering techniques, and requirements). x
x x
x
e.g., process management, directory structure,

installed applications x
x x
(e.g., Bluetooth, Radio Frequency Identification

Fidelity (Wi-Fi). (VoIP) x
(e.g., Bluetooth, Radio Frequency Identification

Voice over Internet Protocol (VoIP)) x
x
x
x
Including theories, concepts, and methods. x
e.g., Mobile, PC, Cloud x
x x
x x
x
e.g. including server and client operating
systems x
including procedures for information

compromise. x
x
x
To include maintenance, and security needed to

keep equipment functioning properly x
x x
including hubs, routers, switches, bridges,

servers, transmission media, and related
hardware. x
x x
e.g., Wireshark, tcpdump x
x
x
e.g. encryption algorithms and steganography x
x
x
x
x
x
x
e.g., source coding, channel coding, algorithm

complexity theory, and data compression x
x
x
, to include understanding of security objectives,

operational objectives, and trade-offs. x
x
x
x
x
x
x
DDoS, brute force, spoofing, etc. x
including server-based logging x
including server-based logging x

x
x x
x
x
e.g., Dialed Number Recognition, Social Network

Analysis x
e.g., data storage and backup, database

applications x
x
including information needs, objectives,
structure, capabilities, etc. x
capabilities, accesses, performance

specifications, and constraints x
for chat/buddy list, emerging technologies,

VOIP, Media Over IP, VPN, VSAT/wireless, web
mail and cookies x
for chat/buddy list, emerging technologies,

VOIP, Media Over IP, VPN, VSAT/wireless, web
mail and cookies x
x
x
(virus, Trojan, etc.) (ports, attachments, etc.) x
x
i.e., basic computer components of a network,
types of networks, etc. x
e.g., Linux, Unix. x
e.g., web servers/pages, hosting, DNS,

registration, web languages such as HTML x
x x
e.g. value, recuperation, cushion,

countermeasures x

countermeasures x

countermeasures x x

countermeasures x x
x
x
i.e. cyber defense, information gathering,

environment preparation, cyber-attack x
x
x
x
x
x
x
to include external organization interaction. x
x
x
x x
x
x
i.e. principles, limitations, and effects x
x
x
x
e.g. email, http x
x
x
x
x
x
i.e. logistical, communications support,

maneuverability, legal restrictions, etc. x
policies, procedures, and vehicles, including

report formats, reportability criteria
(requirements and priorities), dissemination
practices, and legal authorities and restrictions x
planning, execution, and assessment x
wrt internal and external partners x
wrt internal and external partners x
wrt internal and external partners x x
x x
x
x
IP addresses, classless inter-domain routing,

TCP/UDP port numbering x
x
x
x x
process, objectives, organization, targets, etc. x

x
e.g. encryption, firewalls, authentication, honey

pots, perimeter protection x
e.g. host-based IDS, IPS, access control lists
host-based IDS, IPS, and access control lists,
including their function and placement in a
network x
including non-traditional x
e.g. TOR/Onion/anonymizers, VPN/VPS,
encryption x
x
x
x
x
x
x
to include hubs, switches, routers, firewalls, etc. x
including adaptive and time-sensitive x

such as target knowledge, associations,
communication systems, and infrastructure x
how it is derived, where it is published, how to
access, etc. x
x x
x
x
x x
x x
x x
e.g., acronyms, jargon, technical terminology,
code words x
e.g., target associations, activities,

communication infrastructure x
dialects, expressions, idioms, and abbreviations x
x
x
i.e., Restricted, Joint, Candidate, etc. x
x
including related current events,

communication profile, actors, and history
(language, culture) and/or frame of reference x
x
x
including processes for for organic and

subordinate collection assets. collection,
processing, exploitation and dissemination. x
x
x
process, objectives, organization, targets, etc. x
x
x
e.g. TCP/IP, (e.g., web, mail, DNS) x
x
x
x x
POC's, databases, tools and applications x
x
x
x x
x x
x
x
x
x
tipping, cueing, mixing, and redundancy. x
e.g., verbatim, gist, summaries x
e.g., process management, directory structure,

installed applications x
To include products: VMware, Virtual PC x
including and Continuous Diagnostics and Mitigation. CDM [https://www.cisa.gov/cdm]

x

facilities and, potentially, supporting business
functions x
facilities and, potentially, supporting business
functions x
x
x
including, processing, storage, and transmission
of data. x
e.g. Open Web Application Security Project Top

10 list x
e.g., gaining backdoor access,

collecting/exfiltrating data, conducting
vulnerability analysis of other systems in the
network x
Reason for
Withdrawal Related Statements Related Work Roles
AN-ASA-001,AN-ASA-002,AN-EXP-001,AN-LNG-001,AN-TGT-
001,AN-TGT-002,AN-TWA-001,CO-CLO-001,CO-CLO-002,CO-OPL-
001,CO-OPL-002,CO-OPL-003,CO-OPS-001,IN-INV-001,IN-FOR-
002,IN-FOR-001,OM-STS-001,OM-DTA-002,OM-DTA-001,OM-KMG-
001,OM-NET-001,OM-ADM-001,OM-ANA-001,OV-MGT-002,OV-
MGT-001,OV-EXL-001,OV-LGA-001,OV-LGA-002,OV-PMA-002,OV-
PMA-004,OV-PMA-005,OV-PMA-003,OV-PMA-001,OV-SPP-002,OV-
SPP-001,OV-TEA-001,OV-TEA-002,PR-CDA-001,PR-INF-001,PR-CIR-
001,PR-VAM-001,SP-RSK-001,SP-RSK-002,SP-DEV-002,SP-DEV-
001,SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-002,SP-SRP-
K0395, K0487 001,SP-TRD-001,SP-TST-001
001,SP-TRD-001,SP-TST-001
K0070 001,SP-TRD-001,SP-TST-001
K0070 001,SP-TRD-001,SP-TST-001
OV-TEA-002,PR-CDA-001,SP-RSK-002,SP-ARC-002
OV-TEA-002,PR-CDA-001,SP-RSK-002,SP-ARC-002
OV-MGT-001,OV-LGA-002,SP-RSK-002,SP-ARC-002,SP-SRP-001
CO-OPS-001,OV-EXL-001,PR-VAM-001,SP-RSK-002,SP-ARC-002,SP-
TRD-001
OM-NET-001,SP-RSK-002,SP-ARC-002
OM-NET-001,SP-RSK-002,SP-ARC-002
OV-PMA-002,SP-ARC-002,SP-SRP-001
OM-KMG-001,PR-CDA-001,SP-RSK-001,SP-RSK-002,SP-ARC-002
OM-KMG-001,PR-CDA-001,SP-RSK-001,SP-RSK-002,SP-ARC-002
SP-DEV-002,SP-DEV-001
OM-DTA-002,OM-ANA-001,PR-CDA-001,SP-ARC-002,SP-SYS-
001,SP-SYS-002
OM-DTA-002,SP-DEV-002,SP-DEV-001
IN-FOR-001,OV-LGA-001
IN-FOR-002,OM-ANA-001,OV-MGT-002,OV-MGT-001,PR-CDA-
001,SP-RSK-002,SP-ARC-002,SP-SYS-001,SP-SYS-002,SP-SRP-001
OM-ANA-001,PR-CDA-001,PR-VAM-001,SP-RSK-001,SP-RSK-002,SP-
K0308, K0403 ARC-002,SP-SRP-001,SP-TRD-001
OM-ANA-001,PR-CDA-001,PR-VAM-001,SP-RSK-001,SP-RSK-002,SP-
ARC-002,SP-SRP-001,SP-TRD-001
OM-DTA-002,OM-DTA-001
CO-OPS-001,IN-FOR-002,IN-FOR-001,OM-DTA-001,OV-MGT-
001,PR-INF-001,PR-CIR-001,PR-VAM-001,SP-RSK-002
OM-ANA-001,PR-CDA-001,SP-RSK-002,SP-ARC-001,SP-ARC-002,SP-
SYS-001,SP-SYS-002
OV-MGT-002,OV-MGT-001,PR-CIR-001,SP-RSK-002,SP-ARC-002
SP-RSK-001,SP-RSK-002,SP-DEV-002,SP-DEV-001,SP-ARC-001,SP-
K0100, K0199, K0291 ARC-002,SP-SYS-001,SP-SYS-002,SP-TST-001
SP-RSK-001,SP-RSK-002,SP-DEV-002,SP-DEV-001,SP-ARC-001,SP-
SYS-001,SP-SYS-002,SP-TST-001
OM-NET-001,SP-RSK-002
OM-NET-001,SP-RSK-002
SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-002
SP-SYS-001,SP-SYS-002,SP-SRP-001
K0007 OV-MGT-001,PR-CDA-001,PR-INF-001,PR-CIR-001,PR-VAM-001
K0007 OV-MGT-001,PR-CDA-001,PR-INF-001,PR-CIR-001,PR-VAM-001
K0010 PR-CIR-001
K0010 PR-CIR-001
K0010 PR-CIR-001
OM-ANA-001,SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-002,SP-
Redundant S0154, S0155_1 SRP-001
AN-ASA-001,AN-ASA-002,AN-TGT-001,AN-TWA-001,CO-CLO-
001,CO-CLO-002,CO-OPL-001,CO-OPL-002,OM-ANA-001,SP-ARC-
002,SP-SYS-001,SP-SYS-002
SP-RSK-001,SP-RSK-002,SP-ARC-001,SP-ARC-002,SP-TST-001
OM-NET-001,OV-MGT-002,OV-MGT-001,SP-RSK-001,SP-RSK-
002,SP-SRP-001
K0081 SP-DEV-002,SP-DEV-001
OM-ANA-001,OV-MGT-001,PR-CDA-001,SP-RSK-001,SP-RSK-002
PR-CIR-001
PR-CIR-001
IN-FOR-002,IN-FOR-001,OV-MGT-002,OV-MGT-001,PR-CDA-
K0041 001,PR-INF-001,PR-CIR-001
001,PR-INF-001,PR-CIR-001
001,PR-INF-001,PR-CIR-001
OV-MGT-001,OV-PMA-002,OV-PMA-005,OV-PMA-003,SP-ARC-
001,SP-ARC-002,SP-SRP-001
OM-ANA-001,PR-CDA-001,PR-INF-001,PR-VAM-001,SP-RSK-001,SP-
RSK-002,SP-DEV-002,SP-DEV-001,SP-ARC-001,SP-ARC-002,SP-SYS-
001,SP-SYS-002,SP-SRP-001,SP-TST-001
OM-ANA-001,PR-CDA-001,PR-INF-001,PR-VAM-001,SP-RSK-001,SP-
RSK-002,SP-DEV-002,SP-DEV-001,SP-ARC-001,SP-ARC-002,SP-SYS-
001,SP-SYS-002,SP-SRP-001,SP-TST-001
K0102 SP-SYS-001,SP-SYS-002,SP-SRP-001
K0440
K0033 IN-INV-001,OV-MGT-001,PR-CDA-001,PR-CIR-001
OV-PMA-002,OV-PMA-005,OV-PMA-001,SP-SRP-001
OV-MGT-001,OV-PMA-002,OV-PMA-004,OV-PMA-005,OV-PMA-
003,OV-PMA-001,SP-RSK-001,SP-RSK-002
003,OV-PMA-001,SP-RSK-001,SP-RSK-002
K0004, K0190, OM-NET-001,OM-ADM-001,OM-ANA-001,PR-CDA-001,SP-RSK-
K0202, K0326 001,SP-RSK-002,SP-SYS-001,SP-SYS-002
K0029 OM-NET-001,OM-ADM-001,SP-DEV-002,SP-DEV-001,SP-SYS-
K0029_1 001,SP-SYS-002
CO-OPS-001,OM-DTA-002,SP-DEV-002,SP-DEV-001
OM-DTA-002,OM-ANA-001,SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-
SYS-002
OM-STS-001,OM-NET-001,OM-ADM-001,OV-MGT-001
OM-STS-001,OM-NET-001,OM-ADM-001,OV-MGT-001
Redundant,
overly broad K0049 OV-MGT-001,SP-RSK-001,SP-RSK-002
SP-ARC-002,SP-SYS-001,SP-SYS-002,SP-SRP-001
OM-DTA-002,OM-DTA-001,OM-ANA-001,PR-CDA-001,PR-VAM-
001,SP-RSK-002,SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-
K0007 002,SP-SRP-001
SP-ARC-002,SP-TST-001
K0334 001,CO-CLO-002,OV-MGT-001,PR-CDA-001,PR-INF-001,PR-CIR-001
OV-MGT-001,OV-LGA-001,OV-PMA-002,OV-PMA-003,OV-TEA-
001,OV-TEA-002,PR-CDA-001,SP-RSK-001,SP-RSK-002,SP-ARC-
K0054 002,SP-SRP-001,SP-TRD-001
IN-FOR-002,IN-FOR-001,OM-DTA-002,OM-DTA-001,OM-ANA-
001,PR-CDA-001,SP-DEV-002,SP-DEV-001,SP-ARC-001,SP-ARC-
K0077 002,SP-SYS-001,SP-SYS-002,SP-SRP-001
OM-NET-001,OM-ANA-001,OV-MGT-001,PR-CDA-001,PR-INF-
001,PR-VAM-001,SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-
K0058 002,SP-SRP-001
PR-INF-001,PR-CIR-001
SRP-001
OM-ADM-001
K0007, K0033 OM-DTA-002,OM-DTA-001,PR-CDA-001,SP-SYS-001,SP-SYS-002
K0007, K0033 OM-DTA-002,OM-DTA-001,PR-CDA-001,SP-SYS-001,SP-SYS-002

OV-LGA-002,SP-DEV-002,SP-DEV-001,SP-SYS-001,SP-SYS-002,SP-
SRP-001
SP-SYS-001,SP-SYS-002,SP-SRP-001
K0051, K0139,
K0372, K0396 OM-DTA-002,PR-VAM-001,SP-DEV-002,SP-DEV-001
IN-INV-001,IN-FOR-002,IN-FOR-001,OV-MGT-001,OV-EXL-001,OV-
SPP-002,PR-CDA-001,PR-CIR-001,PR-VAM-001,SP-RSK-001,SP-RSK-
K0005 002,SP-DEV-002,SP-DEV-001
K0005 002,SP-DEV-002,SP-DEV-001
OM-NET-001,SP-ARC-002
003,OV-PMA-001,OV-SPP-001
SP-DEV-002,SP-DEV-001,SP-SYS-001,SP-SYS-002,SP-SRP-001
PR-CDA-001,SP-ARC-001,SP-ARC-002,SP-SRP-001
OM-ANA-001,PR-CDA-001,SP-ARC-001
K0045, K0102 OM-NET-001,OV-MGT-001
K0060 IN-FOR-002,IN-FOR-001,OM-ADM-001,OV-MGT-001
K0039 SP-DEV-002,SP-DEV-001
K0039 SP-DEV-002,SP-DEV-001,SP-SYS-001,SP-SYS-002
OM-ANA-001,SP-DEV-002,SP-DEV-001,SP-ARC-001,SP-ARC-002,SP-
SYS-001,SP-SYS-002
SP-RSK-001,SP-RSK-002,SP-DEV-002,SP-DEV-001,SP-SYS-001,SP-
SYS-002
Previously
withdrawn K0070 NA
K0075 SP-DEV-002,SP-DEV-001,SP-SYS-001,SP-SYS-002,SP-SRP-001
OV-MGT-001,SP-SYS-001,SP-SYS-002,SP-SRP-001
K0087 OV-MGT-001,SP-SYS-001,SP-SYS-002,SP-SRP-001
K0088, K0167,
K0224, K0537 OM-STS-001,OM-ADM-001,SP-TST-001
Redundant K0078 PR-VAM-001,SP-RSK-001,SP-RSK-002
OV-MGT-002,OV-MGT-001,OV-PMA-002,OV-PMA-005,OV-PMA-
003,OV-PMA-001,SP-SYS-001,SP-SYS-002,SP-SRP-001,SP-TRD-001
SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-002,SP-SRP-001,SP-
TST-001
OV-MGT-001,SP-ARC-002
OM-NET-001,OM-ANA-001,PR-CDA-001,SP-ARC-001,SP-ARC-
002,SP-SYS-001,SP-SYS-002,SP-SRP-001
OM-KMG-001
K0054 OM-DTA-002,OM-KMG-001
OM-KMG-001
OM-DTA-001
PR-CDA-001,SP-RSK-002
Previously
withdrawn NA
K0199_1, K0291 OM-ADM-001,SP-RSK-002

OV-MGT-002,OV-MGT-001,OV-PMA-002,OV-PMA-001,OV-SPP-
001,SP-RSK-001,SP-RSK-002,SP-SRP-001
K0280, 45, 67, 76, 82,

102, 171, 175, 183, OM-ANA-001,SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-002,SP-
280, 321 SRP-001,SP-TST-001
OM-ADM-001
OM-NET-001,OM-ADM-001,PR-CDA-001,PR-INF-001
OV-MGT-001,OV-EXL-001,PR-CDA-001,PR-INF-001,PR-CIR-001,PR-
VAM-001
IN-INV-001,IN-FOR-001,OV-LGA-001,PR-CDA-001
IN-INV-001,IN-FOR-001,OV-LGA-001,PR-CDA-001
K0031, K0034,
K0034_1,
K0034_2, K0093, AN-ASA-001,AN-ASA-002,AN-EXP-001,AN-LNG-001,AN-TGT-
K0108, K0113, 001,AN-TGT-002,AN-TWA-001,CO-OPL-001,CO-OPL-002,CO-OPL-
Redundant K0136, K0137 003,OM-NET-001
AN-ASA-001,AN-ASA-002,AN-EXP-001,AN-TGT-001,AN-TGT-
002,AN-TWA-001,CO-CLO-001,CO-CLO-002,CO-OPL-001,CO-OPL-
002,CO-OPL-003,CO-OPS-001,IN-FOR-002,IN-FOR-001,OM-STS-001
002,CO-OPL-003,CO-OPS-001,IN-FOR-002,IN-FOR-001,OM-STS-001
IN-INV-001,PR-CDA-001
OM-NET-001,PR-CDA-001
K0027_1 ,K0255 PR-CDA-001
K0031, K0034,
K0093, K0108,
K0113, K0136, K0137 OM-NET-001,PR-CDA-001
Unclear; overly
broad IN-INV-001,OM-STS-001
Unclear; overly
broad OV-TEA-002
OM-STS-001,PR-CDA-001
IN-FOR-002,IN-FOR-001,OM-ADM-001
IN-INV-001,IN-FOR-002,IN-FOR-001
Unclear; overly CO-OPL-001,OV-PMA-002,OV-PMA-004,OV-PMA-005,OV-PMA-

broad 003,OV-PMA-001
OV-MGT-002,OV-MGT-001
OV-MGT-002,OV-MGT-001
Redundant K0057, K0060 IN-FOR-002,IN-FOR-001
OV-TEA-001,OV-TEA-002
K0118 IN-INV-001,IN-FOR-002,IN-FOR-001
OV-MGT-002,OV-MGT-001,OV-PMA-002,OV-PMA-004,OV-PMA-
005,OV-PMA-003,OV-PMA-001,SP-RSK-001,SP-RSK-002,SP-SYS-
K0038 001,SP-SYS-002,SP-SRP-001,SP-TRD-001,SP-TST-001
Unclear; overly
broad (main
portion of
statement) and
overly specific
(parenthetical) K0093 OV-SPP-002,OV-SPP-001
OM-DTA-002
OM-ADM-001,OV-TEA-002
K0388, K0136 AN-EXP-001,IN-FOR-002,IN-FOR-001
K0116 IN-FOR-002,IN-FOR-001
OM-NET-001,PR-INF-001
OM-NET-001
Redundant K0034, K0113 OM-NET-001

Redundant K0034, K0113, K0137 OM-NET-001
OM-DTA-002,PR-CDA-001,PR-VAM-001,SP-DEV-002,SP-DEV-
K0068 001,SP-SYS-001,SP-SYS-002,SP-TST-001
OM-DTA-002,SP-DEV-002,SP-DEV-001
Previously
withdrawn K0420 NA
AN-EXP-001,AN-TGT-001,CO-OPS-001,PR-CDA-001
AN-EXP-001,AN-LNG-001,PR-CDA-001
Redundant K0162 IN-INV-001
Organization
specific; lacking
clarity; overly OM-KMG-001,OV-PMA-002,OV-PMA-004,OV-PMA-001,OV-SPP-
broad 002,OV-SPP-001,OV-TEA-001,OV-TEA-002,SP-RSK-001,SP-RSK-002
K0059, K0151 OV-EXL-001,OV-SPP-001,OV-TEA-001,OV-TEA-002
K0196 OV-PMA-002,OV-PMA-005,OV-PMA-003,OV-PMA-001
K0126, K0196, K0154 OV-PMA-002,OV-PMA-005,OV-PMA-003,OV-PMA-001
K0126, K0196 OV-PMA-002,OV-PMA-005,OV-PMA-003,OV-PMA-001
K0002, K0048 OV-MGT-001
K0041_1 OV-MGT-001,OV-PMA-003
K0041_1, K0150 OV-MGT-001,OV-PMA-003
K0147, K0160 OV-MGT-001

K0080 and K0039 SP-DEV-002,SP-DEV-001
OV-PMA-002,OV-PMA-004,OV-PMA-005,OV-PMA-003,OV-PMA-
K0126, K0148_1 001,SP-DEV-002,SP-DEV-001
Redundant K0123, K0156 IN-INV-001,IN-FOR-002,IN-FOR-001
Redundant K0123, K0155, K0251 IN-INV-001,IN-FOR-002,IN-FOR-001

K0003, K0003_2,
Redundant K0158 OV-LGA-001,PR-CDA-001,PR-INF-001,PR-CIR-001
K0007, K0065, K0157 OM-ADM-001
K0007, K0065, K0157 OM-ADM-001

K0136 OM-NET-001
K0106 OM-NET-001,PR-CDA-001
K0106, K0362 PR-CDA-001,PR-CIR-001,PR-VAM-001
K0362 PR-CDA-001,PR-CIR-001,PR-VAM-001
OV-MGT-002,OV-MGT-001,SP-SRP-001
OV-MGT-002,OV-MGT-001,SP-SRP-001
Redundant S0300 OV-PMA-002,OV-PMA-003,OV-PMA-001,SP-SRP-001

001
001
Previously
withdrawn K0127 NA
K0088, K0167, IN-FOR-002,IN-FOR-001,OM-ADM-001,OV-MGT-001,PR-CDA-
K0224, K0537 001,PR-CIR-001,PR-VAM-001
K0003, K003_2, IN-INV-001,IN-FOR-002,IN-FOR-001,OV-MGT-001,OV-LGA-002,OV-

K0222, K0351, SPP-002,OV-SPP-001,PR-CDA-001,SP-RSK-001,SP-RSK-002,SP-SRP-
K0351_1 001
003,OV-PMA-001,OV-SPP-001,SP-RSK-001,SP-RSK-002,SP-SYS-
K0154 001,SP-SYS-002,SP-SRP-001,SP-TRD-001,SP-TST-001
OV-MGT-001,SP-RSK-001,SP-RSK-002,SP-DEV-002,SP-DEV-001,SP-
ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-002,SP-SRP-001,SP-TRD-
001,SP-TST-001
K0171, K0175, K0183 SP-TRD-001
K0103, K0618 SP-TRD-001

Previously
withdrawn K0499 NA
SP-TRD-001
K0171, K0175, K0183 SP-TRD-001
SP-TRD-001
001,AN-TGT-002,AN-TWA-001,CO-CLO-001,CO-CLO-002,PR-CDA-
001,PR-CIR-001,PR-VAM-001
SP-DEV-002
SP-DEV-002
IN-FOR-002,IN-FOR-001,OM-NET-001,OM-ADM-001,OM-ANA-
001,OV-MGT-001,PR-CDA-001,PR-INF-001,PR-CIR-001,PR-VAM-
001,SP-RSK-001,SP-RSK-002,SP-DEV-002,SP-DEV-001,SP-ARC-
K0027, K0112 001,SP-SYS-001,SP-SYS-002,SP-TRD-001,SP-TST-001
OM-NET-001,OM-ANA-001,OV-MGT-001,PR-CDA-001,SP-ARC-
001,SP-ARC-002,SP-SYS-001,SP-SYS-002,SP-SRP-001
OM-NET-001,OM-ANA-001,OV-MGT-001,PR-CDA-001,SP-ARC-
001,SP-ARC-002,SP-SYS-001,SP-SYS-002,SP-SRP-001
Previously
withdrawn K0274 NA
K0171, K0175, K0183 IN-FOR-002,IN-FOR-001
K0259 IN-FOR-002,IN-FOR-001
PR-CDA-001
S0020, S0020_1 PR-CDA-001
PR-CDA-001
K0024 OM-DTA-002
OM-STS-001,OM-KMG-001,OV-PMA-002,OV-PMA-003,OV-PMA-
001
001
001
OM-KMG-001
OM-KMG-001
Redundant K0148 OV-PMA-002,OV-PMA-003,OV-PMA-001
OV-PMA-002,OV-PMA-005,OV-PMA-003,OV-PMA-001,SP-ARC-
001,SP-ARC-002
OV-PMA-002,OV-PMA-005,OV-PMA-003,OV-PMA-001,SP-ARC-
001,SP-ARC-002
K0027_1, K0100 TST-001
K0027_1, K0100 TST-001
OM-NET-001,OM-ANA-001,OV-PMA-002,OV-PMA-005,OV-PMA-
003,OV-PMA-001,SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-
002,SP-SRP-001
OM-NET-001,OM-ANA-001,OV-PMA-002,OV-PMA-005,OV-PMA-
003,OV-PMA-001,SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-
002,SP-SRP-001
OM-NET-001
OM-NET-001
OM-NET-001
SP-DEV-002,SP-DEV-001,SP-ARC-002,SP-TRD-001
SP-DEV-002,SP-DEV-001,SP-ARC-002,SP-TRD-001
OM-NET-001,OM-ANA-001,PR-CDA-001,PR-VAM-001,SP-RSK-
K0007 001,SP-RSK-002,SP-ARC-001,SP-SYS-001,SP-SYS-002,SP-TST-001
OM-NET-001,OM-ANA-001,PR-CDA-001,PR-VAM-001,SP-RSK-
K0007 001,SP-RSK-002,SP-ARC-001,SP-SYS-001,SP-SYS-002,SP-TST-001
OV-SPP-001,OV-TEA-001,OV-TEA-002
Redundant K0167 PR-INF-001

K0119 PR-VAM-001
SP-ARC-001,SP-SYS-002
Unclear; overly
broad OV-TEA-001,OV-TEA-002
IN-INV-001,SP-TRD-001
Redundant K0021 PR-VAM-001

K0044, T0017, T0032,
Redundant T0446, T0489 SP-ARC-001,SP-ARC-002
Unclear; overly
broad SP-ARC-001,SP-ARC-002,SP-SYS-002,SP-TST-001
K0204 OV-TEA-001,OV-TEA-002
Redundant K0165, S0171 SP-ARC-001,SP-ARC-002

K0226 OV-SPP-001,OV-TEA-002
Redundant K0124, K0220 OV-TEA-002
Previously
withdrawn K0050 NA
K0332 AN-ASA-001,PR-CDA-001,PR-CIR-001
K0003 PR-CDA-001
Previously
withdrawn K0073 NA
K0088, K0485,
Redundant K0167, K0224, K0537 AN-EXP-001,CO-OPS-001,IN-FOR-002,OM-STS-001,PR-VAM-001
Previously
withdrawn K0565 NA
K0215 OV-TEA-002
OM-ANA-001,SP-ARC-001,SP-ARC-002,SP-SYS-002
OM-KMG-001
OM-KMG-001
OM-DTA-002
K0042 PR-CIR-001
IN-INV-001
IN-INV-001
IN-INV-001
Previously
withdrawn NA
OV-SPP-001
Unclear; overly K0013, K0362,
broad K0481, K0507 OV-SPP-002,OV-SPP-001
Unclear; overly OV-PMA-002,OV-PMA-004,OV-PMA-005,OV-PMA-003,OV-PMA-

broad 001
OM-DTA-002
K0200
K0200_1 OM-STS-001
OM-DTA-002
SP-ARC-001,SP-ARC-002
OV-SPP-001
K0003, K0003_2,
K0158 OM-STS-001
K0215 OV-SPP-001,OV-TEA-001
IN-INV-001
Unclear; overly
broad OV-TEA-001,OV-TEA-002
OM-STS-001
OM-STS-001
Unclear; overly
broad OV-SPP-002
OV-PMA-003
OV-PMA-003
Redundant K0204 OV-TEA-001,OV-TEA-002,SP-TST-001
Redundant K0156, K0155, K0123 IN-INV-001
K0213, K0213_1,
Redundant K0204 OV-TEA-001,OV-TEA-002
Previously
withdrawn K0227 NA
IN-FOR-002
IN-FOR-002
Previously
withdrawn K0224 NA
001
K0188 PR-CIR-001
OM-STS-001,OM-DTA-001,OM-KMG-001,OM-NET-001,OM-ADM-
001,OM-ANA-001,OV-MGT-001,PR-CDA-001,SP-RSK-001,SP-RSK-
002,SP-DEV-002,SP-DEV-001,SP-ARC-002,SP-SYS-001,SP-SYS-
002,SP-TST-001
001,OM-ANA-001,OV-MGT-001,OV-LGA-001,PR-CDA-001,SP-RSK-
001,SP-RSK-002,SP-DEV-002,SP-DEV-001,SP-ARC-002,SP-SYS-
001,SP-SYS-002,SP-TST-001
001,OM-ANA-001,OV-MGT-001,OV-LGA-001,PR-CDA-001,SP-RSK-
001,SP-RSK-002,SP-DEV-002,SP-DEV-001,SP-ARC-002,SP-SYS-
001,SP-SYS-002,SP-TST-001
K0002, K0038,
K0048, K0154 OM-ANA-001,SP-DEV-002,SP-DEV-001
K0004 SP-ARC-001,SP-ARC-002
Unclear; overly
broad PR-VAM-001
OM-ANA-001
OM-ANA-001
OM-ANA-001,OV-MGT-002,OV-MGT-001,OV-LGA-001,SP-RSK-
Redundant K0003, K0566 001,SP-RSK-002,SP-SRP-001,SP-TRD-001
K0017, K0133 SP-TRD-001
SP-TRD-001
Redundant K0137, K0113, K0274 SP-TRD-001

001
K0608 SP-TRD-001
SP-TRD-001
SP-TRD-001
Previously
withdrawn NA
K0269 OM-NET-001,OM-ADM-001,PR-INF-001
OM-NET-001,OM-ADM-001,PR-INF-001
OM-ANA-001,SP-ARC-001,SP-ARC-002
Redundant K0074 OM-ANA-001,SP-SYS-001,SP-SYS-002
K0190, K0019,
K0019_1, K0201,
Redundant K0201_1, K0201_2 OM-DTA-001,SP-ARC-002
Redundant K0193 OM-DTA-001
Previously
withdrawn NA
K0102 OM-ADM-001
Out of scope OM-ANA-001

Previously
withdrawn K0200 NA
OM-KMG-001
OM-ANA-001
OM-ANA-001
OM-ANA-001
OM-ANA-001,OV-MGT-002
OM-ANA-001,OV-MGT-002
OM-STS-001,OM-DTA-001,OM-KMG-001,OM-NET-001,OM-ANA-
001,OV-MGT-002,OV-MGT-001,OV-TEA-001,OV-TEA-002,PR-CIR-
001,PR-VAM-001,SP-RSK-002,SP-ARC-001,SP-ARC-002,SP-SYS-
K0195, K0195_1 001,SP-SYS-002,SP-SRP-001,SP-TST-001
Unclear; overly
broad SP-TRD-001
Redundant K0089, K0078 OM-ADM-001
Redundant K0091 OM-ANA-001,PR-CDA-001
Redundant K0100, K0199 SP-ARC-001,SP-ARC-002
OM-STS-001
OM-STS-001
OM-STS-001
Redundant K0044 SP-RSK-001
K0057 OV-EXL-001,SP-TRD-001
OM-ANA-001,PR-CDA-001,SP-SYS-001,SP-SYS-002
Does not currently exist in any work roles
Unclear; overly
broad SP-ARC-001
PR-CDA-001
PR-CDA-001
IN-FOR-002,PR-CDA-001,PR-VAM-001
Unclear; overly
broad OM-STS-001
PR-CDA-001
IN-FOR-002
IN-FOR-001
Previously
withdrawn NA
Previously
withdrawn K0111 NA
K0403, K0019 PR-VAM-001,SP-SYS-001,SP-SYS-002
K0394 OV-SPP-002,OV-SPP-001
Redundant K0119, K0206 SP-TRD-001
OV-SPP-002,OV-SPP-001
OV-LGA-001
OV-LGA-001
Unclear; overly
broad OV-SPP-002,OV-SPP-001,OV-TEA-002
Redundant K0005_1, K0070 OV-EXL-001,SP-TRD-001
Unclear; overly
broad OM-KMG-001
Unclear; overly
broad OV-LGA-001
OM-STS-001
Redundant K0129 OM-ADM-001,PR-CDA-001

Unclear; overly
broad OV-TEA-002
SP-ARC-002
K0102, K0082, K0227 SP-TRD-001

OM-ANA-001,PR-CDA-001,SP-RSK-001,SP-RSK-002,SP-DEV-002,SP-
DEV-001,SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-002
PR-CDA-001,PR-INF-001
PR-CDA-001,PR-INF-001
OM-DTA-002,SP-ARC-001,SP-ARC-002,SP-SYS-001,SP-SYS-002,SP-
SRP-001
Doesn't exist in
any work role;
overly broad SP-ARC-001,SP-ARC-002
Previously
withdrawn K0050 NA
Previously
withdrawn NA
Previously
withdrawn NA
Redundant S0366 OM-STS-001
Previously
withdrawn K0332 NA
OM-NET-001,OM-ADM-001,OV-MGT-001,PR-CDA-001,PR-INF-
001,PR-CIR-001,PR-VAM-001,SP-DEV-001,SP-ARC-001,SP-ARC-
Redundant K0174, K0221 002,SP-SYS-001,SP-SYS-002,SP-SRP-001,SP-TST-001
SRP-001
Redundant K0059, K0309 OV-SPP-002,OV-SPP-001

Redundant K0007, K0007_1 SP-ARC-002,SP-SYS-001,SP-SYS-002
Previously
withdrawn K0007 NA
K0022_1 OM-KMG-001
Redundant K0272 OM-ANA-001,PR-CDA-001
Previously
withdrawn NA
K0148, K0196 OV-LGA-001

OV-MGT-001,PR-CDA-001,PR-VAM-001,SP-RSK-001,SP-RSK-002,SP-
DEV-002,SP-DEV-001,SP-TRD-001
OV-MGT-001,PR-CDA-001,PR-VAM-001,SP-RSK-001,SP-RSK-002,SP-
DEV-002,SP-DEV-001,SP-TRD-001
PR-VAM-001
Previously
withdrawn NA
OM-ADM-001
CO-OPL-001,CO-OPL-002,IN-FOR-002
Previously
withdrawn NA
K0398 002,AN-TWA-001,CO-OPL-001,CO-OPL-002
CO-OPL-001,CO-OPL-002,CO-OPL-003
AN-EXP-001,AN-TGT-001,IN-INV-001
AN-EXP-001,AN-TGT-001,IN-INV-001
CO-OPL-001,CO-OPL-002
CO-CLO-001,CO-CLO-002
Unclear; Overly
broad K0451, S0037 AN-EXP-001
CO-OPL-001
AN-LNG-001
AN-LNG-001
AN-LNG-001
K0460, K0475 AN-ASA-001,AN-TGT-001
CO-OPL-001
K0355 AN-LNG-001
Previously
withdrawn NA
002,AN-TWA-001,CO-OPL-001,CO-OPL-002,CO-OPL-003
CO-OPS-001
CO-OPS-001
Previously
withdrawn NA
Previously
withdrawn NA
Redundant K0342, K0342_1 Does not currently exist in any work roles
AN-EXP-001
Previously
withdrawn NA
Previously
withdrawn K0109 NA
AN-EXP-001
Redundant K0016 CO-OPS-001
K0070, K0375 CO-OPS-001
Previously
withdrawn K0599 SP-ARC-002
K0274 CO-OPS-001
K0379, K0465,
Redundant K0510, T0039 AN-EXP-001
AN-ASA-001,AN-ASA-002,AN-LNG-001,AN-TWA-001,CO-OPL-
Redundant K0195, K0287 001,CO-OPL-002,CO-OPL-003
Previously
withdrawn K0377 NA
AN-EXP-001,AN-TGT-001,AN-TGT-002,CO-OPL-001,CO-OPL-002,CO-
OPL-003,CO-OPS-001
Redundant K0096 CO-CLO-001,CO-CLO-002
AN-TGT-001
K0142 CO-CLO-001,CO-CLO-002
Redundant K0142 CO-CLO-002

Previously
withdrawn K0142 NA
K0386, K0389 AN-EXP-001
K0386, K0389 AN-EXP-001
K0388 AN-TGT-002
AN-LNG-001
AN-ASA-001,AN-ASA-002,AN-TGT-001,AN-TGT-002,AN-TWA-
K0188, K0259 001,CO-CLO-001,CO-OPL-001,CO-OPL-002,CO-OPL-003
Redundant K0057, K0395 AN-EXP-001

Unclear; overly
broad AN-EXP-001
K0001 001,CO-CLO-001,CO-CLO-002,CO-OPL-001,CO-OPL-002,CO-OPL-003
Redundant K0016, K0116, K0186 AN-LNG-001
Redundant K0271, K0060, K0077 AN-EXP-001
AN-LNG-001
K0519 CO-OPL-001,CO-OPL-002
K0399, K0399_1,
Redundant K0519 CO-OPL-001,CO-OPL-002,CO-OPL-003
AN-TGT-001
AN-TGT-001
AN-TGT-001
AN-TGT-001
Redundant K0308 AN-TGT-002,CO-OPL-001,CO-OPL-002,CO-OPL-003,CO-OPS-001
AN-ASA-001,AN-ASA-002,AN-TWA-001,CO-CLO-001,CO-OPL-001
K0167 CO-OPS-001
AN-LNG-001
Unclear; overly
broad CO-OPL-001,CO-OPL-002,CO-OPL-003
K0456 (capabilities) AN-ASA-001,AN-ASA-002,AN-TGT-001,AN-TWA-001
Redundant K0003, K0222, K0411 AN-ASA-001,AN-ASA-002
Redundant K0003, K0222, K0410 CO-OPL-001,CO-OPL-002,CO-OPL-003

AN-LNG-001,AN-TGT-001,AN-TGT-002
AN-ASA-002,CO-OPL-001,CO-OPL-002,CO-OPL-003
K0004, K0412 AN-TWA-001

Redundant K0415 AN-LNG-001
AN-ASA-002,AN-EXP-001,AN-LNG-001,AN-TGT-001,AN-TWA-
Redundant K0034 001,CO-CLO-001,CO-CLO-002,CO-OPL-001,CO-OPL-002,CO-OPL-003
AN-EXP-001
S0042 CO-CLO-001,CO-CLO-002
S0042 CO-CLO-001,CO-CLO-002
Redundant K0419, K0419_1 CO-OPS-001,OM-DTA-002,OM-DTA-001,OM-KMG-001
Redundant K0419, K0419_1 CO-CLO-002
K0422, S0037 CO-OPS-001
AN-TGT-002
Unclear; overly
broad;
organization-
specific CO-CLO-001,CO-CLO-002
AN-TGT-001
AN-TGT-001
K0018 001,CO-CLO-002,CO-OPL-001,CO-OPS-001
K0427, K0029 CO-OPS-001
K0095 CO-OPS-001
CO-OPS-001
AN-EXP-001,CO-OPS-001
AN-EXP-001,CO-OPS-001
AN-ASA-001,AN-ASA-002,AN-LNG-001,AN-TGT-001,AN-TGT-
Redundant K0136 002,CO-OPL-003
Redundant K0415 CO-OPL-001,CO-OPL-002,CO-OPL-003
Redundant K0271, K0304 CO-OPS-001
Previously
withdrawn NA
Redundant K0004 CO-CLO-001,CO-CLO-002,CO-OPL-001,CO-OPL-002,CO-OPL-003
Redundant K0415, K0432 001,CO-OPL-001,CO-OPL-002,CO-OPL-003
AN-ASA-001,AN-ASA-002,AN-TGT-001,AN-TWA-001

K0478 AN-TGT-001,AN-TGT-002
001,CO-CLO-001,CO-OPL-001,CO-OPS-001
Previously
withdrawn NA
Unclear; overly
broad K0034, K0093, K0136 AN-TGT-002
Previously
withdrawn K0143 AN-EXP-001
Redundant K0034, K0093, K0136 002,CO-OPL-003
Redundant K0034, K0093 001,CO-CLO-001,CO-CLO-002,CO-OPL-001,CO-OPL-002
Redundant K0034, K0093 001,CO-CLO-002,CO-OPL-001,CO-OPL-002
K0449 AN-EXP-001
AN-ASA-001,AN-ASA-002,AN-LNG-001,AN-TGT-001,AN-TGT-
K0447 002,AN-TWA-001,CO-CLO-001
Previously
withdrawn K0036 NA
"skill in preparing
reports" S0037 AN-EXP-001
Redundant K0271, K0060, K0077 CO-OPS-001

Unclear; overly
broad CO-CLO-001,CO-CLO-002
K0004 CO-OPL-001,CO-OPL-002,CO-OPL-003
K0409 CO-OPL-001
Redundant K0358 AN-ASA-001,AN-ASA-002,AN-TGT-001
Unclear; overly
broad AN-ASA-001,AN-TGT-001,AN-TWA-001
CO-OPL-001
K0357, K0475 AN-ASA-001,AN-ASA-002,AN-TGT-001,AN-TWA-001,CO-OPL-001
AN-TGT-001
S0037, K00451,
Redundant K0466 AN-LNG-001,AN-TGT-002
CO-OPL-001
AN-ASA-001,AN-ASA-002,AN-TGT-001,AN-TWA-001,CO-OPL-
001,CO-OPL-002
AN-ASA-001,AN-ASA-002,AN-TGT-001,CO-OPL-001,CO-OPL-
002,CO-OPL-003
AN-TGT-001
K0465 AN-TGT-001
AN-ASA-001,AN-ASA-002,AN-TWA-001
AN-ASA-001,AN-ASA-002,AN-TWA-001
AN-EXP-001
AN-EXP-001
002,AN-TWA-001,CO-CLO-001,CO-OPL-001,CO-OPL-002
K0046, K0191 AN-TGT-002
Redundant K0405, K0046, K0191 AN-EXP-001,AN-TGT-001,AN-TGT-002
Redundant K0357, K0460, K0570 CO-CLO-001,CO-CLO-002
AN-LNG-001
ARE THERE RELATED
LEADER ITEMS CO-CLO-001,CO-CLO-002
Redundant K0351 AN-TGT-001
Redundant K0188, K0392 AN-TGT-001,AN-TGT-002

AN-ASA-001,AN-ASA-002,AN-TWA-001,CO-CLO-001,CO-CLO-
Redundant K0188, K0392 002,CO-OPL-001,CO-OPL-002,CO-OPS-001
CO-OPS-001
AN-TGT-002
AN-TGT-002
S0181 AN-EXP-001
K0255, K0489 CO-OPS-001
K0001, K0179 AN-EXP-001,AN-LNG-001,AN-TGT-002,SP-ARC-001

AN-LNG-001
K0255 AN-EXP-001
Previously
withdrawn K0058 NA
Redundant K0034, K0093 AN-LNG-001
AN-LNG-001
Redundant K0465 CO-OPL-001,CO-OPL-002
Redundant K0482, K0361 CO-CLO-001,CO-CLO-002
AN-TGT-001,CO-OPL-002
AN-LNG-001,AN-TGT-001,AN-TGT-002,AN-TWA-001,CO-OPL-
001,CO-OPL-002,CO-OPL-003,SP-TRD-001
Redundant K0465, K0494 AN-TGT-002
K0382 CO-CLO-001
Redundant K0505, K0477, S0171 CO-OPL-001,CO-OPL-002,CO-OPL-003

AN-ASA-001,AN-ASA-002,AN-TGT-001,CO-OPL-001,CO-OPL-
002,CO-OPL-003
K0510 CO-OPL-001,CO-OPL-002,CO-OPL-003
Redundant;
organization-
specific K0465 AN-EXP-001
Redundant K0508 AN-EXP-001

AN-ASA-001,AN-ASA-002,AN-TWA-001,CO-OPL-001,CO-OPL-
002,CO-OPL-003
K0350, K0387,
Redundant K0498, K0518, K0525 CO-OPL-001,CO-OPL-002,CO-OPL-003
Unclear; overly
broad;
organization- partnering within
specific org/collaborating CO-OPL-001,CO-OPL-002,CO-OPL-003
Previously
withdrawn NA
Redundant K0057 001,CO-CLO-001,CO-CLO-002,CO-OPL-002,CO-OPS-001,SP-ARC-001
CO-OPL-001
K0121_1 CO-OPL-001,CO-OPL-002
K0231, K0399 CO-OPL-001,CO-OPL-002

K0542 AN-LNG-001,AN-TGT-002
CO-CLO-001
CO-CLO-001
Redundant;
overly broad K0440 AN-EXP-001
K0003, K0003_2,
K0107, K0123,
Redundant; K0148, K0196,
overly broad K0222, K0478 AN-LNG-001
K0194_1
K0194_2 CO-CLO-001,CO-CLO-002
K0002, K0038, K0048 CO-CLO-001,CO-CLO-002
K0113, K0136 CO-OPS-001

K0016 AN-EXP-001
CO-OPS-001
CO-OPS-001
CO-OPS-001
CO-OPS-001
CO-OPS-001
K0476, K0356,
K0356_1, K0356_2 AN-LNG-001
AN-ASA-001,AN-TGT-001
Out of scope S0176 CO-OPL-002
AN-EXP-001
K0088, K0167, Does not currently exist in any work roles; identified as deleted in
Redundant K0224, K0485, K0537 change log previously.
AN-LNG-001
AN-LNG-001
K0532 AN-LNG-001
Redundant K0520 AN-ASA-001,AN-TGT-001
AN-TGT-001
K0551 AN-EXP-001,AN-TGT-002
Redundant K0541 AN-LNG-001
K0402 AN-TGT-001
Redundant K0402, K0549 AN-TGT-001,AN-TGT-002
Redundant K0474, K0402 AN-LNG-001
K0402, K0549 AN-ASA-001,AN-ASA-002,AN-TGT-001
K0402, K0549 AN-ASA-001,AN-ASA-002,AN-TGT-001
AN-ASA-001,AN-ASA-002,AN-TGT-001
Redundant; K364, K364_1,

overly broad K0463, K0553, K0569 CO-CLO-001,CO-CLO-002
CO-CLO-001

Redundant K0332, K0221 AN-TGT-001
Redundant K0093 001,CO-OPL-002
K0418 AN-EXP-001
AN-EXP-001
K0386 (collection
management tools) CO-CLO-001,CO-CLO-002
Redundant; K0034, K0093,
overly broad K0136, K0442 AN-EXP-001,AN-TGT-002
AN-ASA-001,AN-ASA-002,AN-EXP-001,AN-TGT-001,AN-TWA-
Redundant K0034, K0113, K0137 001,CO-CLO-001,CO-CLO-002,CO-OPL-001,CO-OPL-002,CO-OPS-001
Redundant K0487 001,CO-CLO-002,CO-OPL-001,CO-OPL-002
Redundant K0034, K0113, K0137 AN-LNG-001
001,CO-CLO-002,CO-OPL-001,CO-OPL-002,CO-OPS-001,PR-CIR-
K0174 001,SP-ARC-002
AN-LNG-001
K0134 CO-OPS-001
K0356 AN-LNG-001
AN-LNG-001
Redundant;
unclear; overly
broad K0465, K0508 CO-OPL-001
Unclear; overly
broad CO-OPL-002
AN-ASA-001,CO-OPL-001
K0466_1 CO-OPL-001
Unclear; overly
broad;
organization-
specific AN-LNG-001,CO-CLO-001,CO-CLO-002
Redundant;
organization-
specific K0551 CO-CLO-001,CO-CLO-002
K0465, K0508, K0582 CO-OPL-001,CO-OPL-002
Redundant;
overly broad;
organization-
specific S0311 CO-CLO-001
Overly broad;
organization-
specific K0415 CO-OPL-001,CO-OPL-002,CO-OPL-003
K0357, K0460 CO-CLO-001,CO-CLO-002
Redundant;
overly broad K0466_1 CO-CLO-001,CO-CLO-002
K0589, K0466_1 CO-OPL-001,CO-OPL-002

Redundant;
overly broad K0522 CO-OPL-001
AN-TGT-002
Redundant K0352, S0312 CO-OPL-001,CO-OPL-002

Unclear; overly
broad CO-OPL-001,CO-OPL-002
Redundant;
overly broad S0311, S0319 CO-OPL-001
AN-LNG-001,CO-CLO-001,CO-CLO-002
CO-OPL-002
Unclear; overly AN-ASA-001,AN-ASA-002,AN-TGT-001,CO-OPL-001,CO-OPL-

broad 002,CO-OPL-003
K0269, K0255,
Redundant K0491, K093, K034 AN-LNG-001,AN-TGT-002,CO-OPL-001,CO-OPL-002,CO-OPL-003
K0269, K0255,
K0491, K093, K034 AN-LNG-001,AN-TGT-002
Redundant K0382 CO-OPL-001

K0151, K0535, K0520 001,CO-OPL-002
K0151, K0535, K0520 001,CO-OPL-002
AN-LNG-001
AN-LNG-001
Redundant K0271 AN-EXP-001,CO-OPS-001
K0189, K0130 CO-OPS-001

Redundant K0609, K0130 002,CO-OPL-001,CO-OPL-002
Previously
withdrawn K0131 NA
K0005, K0487 002,CO-OPL-001,CO-OPL-002,OV-LGA-002
Redundant K0498, K0525 CO-CLO-001,OV-LGA-002
K0269, K0255,
K0491, K093, K034, AN-ASA-001,AN-ASA-002,AN-TGT-001,AN-TWA-001,CO-OPL-
Redundant K0600 001,CO-OPL-002,OV-LGA-002
OV-LGA-001,OV-LGA-002
Does not currently exist in any work roles.


OM-NET-001,OV-MGT-002,OV-MGT-001,SP-RSK-001,SP-RSK-
K0632 002,SP-SRP-001
K0165 Does not currently exist in any work roles.
002,SP-DEV-002,SP-DEV-001
S0206 Does not currently exist in any work roles.
OV-EXL-001,OV-TEA-001,OV-TEA-002
K0007, S0007 Does not currently exist in any work roles.
K0046, K0324,
Redundant K0324_1 Does not currently exist in any work roles.
Redundant K0353, K0568 Does not currently exist in any work roles.
K0065, K0065_1,
K0622 Does not currently exist in any work roles.
Redundant K0075 Does not currently exist in any work roles.
K0507, K0536 Does not currently exist in any work roles.

NICEFramework KSreview 11apr2022

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NICEFramework KSreview 11apr2022

Uploaded by

Copyright:

Available Formats

NICE Framework Knowledge and Skill Statement Review (April 19, 2022)

Skill in conducting vulnerability scans and recognizing

Skill in conducting vulnerability scans and recognizing

Skill in applying and incorporating information Skill in applying information technologies

S0016 Skill in configuring and optimizing software. Skill in configuring software.

Skill in designing countermeasures to identified

Skill in determining how a security system should work

S0037 Skill in generating queries and reports. Skill in preparing reports

Skill in identifying measures or indicators of system

Skill in identifying measures or indicators of system

Skill in preserving evidence integrity according to Skill in preserving digital evidence

Skill in writing code in a currently supported Skill in writing code in a currently

S0061 Skill in writing test plans. Skill in creating test plans

Skill in using virtual machines. (e.g., Microsoft Hyper-

S0077 Skill in securing network communications. Skill in securing network communications.

Skill in identifying common encoding techniques (e.g.,

S0097 Skill in applying security controls. Skill in applying security controls.

Skill in data pre-processing (e.g., imputation,

S0111 Skill in interfacing with customers. Skill in interfacing with customers.

S0115 Skill in preparing Test & Evaluation reports. Withdraw

Skill in system, network, and OS hardening

S0134 Skill in conducting reviews of systems. Skill in conducting system reviews.

S0156 Skill in performing packet-level analysis. Skill in performing packet-level analysis.

Skill in operating system administration. (e.g., account

Skill in assessing the application of cryptographic

WITHDRAWN: Skill in collecting, packaging,

S0171 Skill in performing impact/risk assessments. Skill in performing risk assessments.

Skill in administrative planning activities, to include

Skill in applying various analytical methods, tools, and

Skill in conducting non-attributable

Skill in determining installed patches on various

Skill in developing and executing comprehensive cyber

Skill in developing or recommending analytic

Skill in developing or recommending analytic

S0215_1 Skill in evaluating and interpreting metadata. Skill in interpreting metadata.

Skill in evaluating information for reliability, validity,

S0222 Skill in fusion analysis Skill in performing fusion analysis

Skill in identifying critical target elements, to include

Skill in identifying cyber threats which may jeopardize

S0234 Skill in identifying leads for target development. Withdraw

Skill in identifying the devices that work at each level

Skill in interpreting compiled programming

Skill in managing client relationships, including

S0249 Skill in preparing and presenting briefings. Skill in preparing briefings.

S0251 Skill in prioritizing target language material. Withdraw

Skill in reading, interpreting, writing, modifying, and

S0261 Skill in recognizing relevance of information. Withdraw

Skill in recognizing technical information that may be

Skill in reverse engineering (e.g., hex editing, binary

S0271 Skill in reviewing and editing assessment products. Withdraw

S0273 Skill in reviewing and editing plans. Withdraw

Skill in tailoring analysis to the necessary levels (e.g.,

Skill in target network anomaly identification (e.g.,

S0281 Skill in technical writing. Skill in performing technical writing.

Skill in using Boolean operators to construct simple

Skill in using multiple analytic tools, databases, and

S0290 Skill in using non-attributable networks. Skill in evading network detection

Skill in utilizing feedback to improve processes,

Skill in writing (and submitting) requirements to meet

Skill to apply the capabilities, limitations and tasking

S0335 Skill to identify Intelligence gaps. Skill in identiying intelligence gaps

Skill in communicating with all levels of management

Skill to apply cybersecurity and privacy principles to