Election Security Spotlight – NICE Cybersecurity Workforce Framework

What it is

The National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education, Cybersecurity Workforce Framework (known as the NICE Framework), is a reference resource for describing and sharing information about cybersecurity work. This framework standardizes the knowledge, skills, and abilities needed to complete tasks and work in particular roles. It is composed of three components: Categories, Specialty Areas, and Work Roles. The formal document number is NIST Special Publication 800-181.

NICE, led by NIST, is a partnership between government, academia, and the private sector working to promote cybersecurity education, training, and workforce development. The NICE Framework is arranged using a top-down approach where each of seven Categories are comprised of Specialty Areas (33 total) which are then broken down into Work Roles (52 total). The seven Categories represent common cybersecurity workforce functions. These are:

  • Analyze – reviews and evaluates incoming cybersecurity information to determine its usefulness for intelligence
  • Collect and Operate – provides denial and deception operations as well as the collection of cybersecurity information that may be used to develop intelligence
  • Investigate – investigates cybersecurity events or crimes related to information technology (IT) systems, networks, and digital evidence
  • Operate and Maintain – provides the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security
  • Oversee and Govern – provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work
  • Protect and Defend – identifies, analyzes, and mitigates threats to internal IT systems and/or networks
  • Securely Provision – conceptualizes, designs, procures, and/or builds secure IT systems, with responsibility for aspects of
  • system and/or network development

Work Roles is a grouping level that maps to knowledge, skills, and abilities (KSAs) that are required to perform tasks associated with specific job roles. It is the most detailed of the three grouping levels.

  • KSAs – Attributes demonstrated through relevant experience, training, and education required to perform tasks
  • Tasks – Specific work activities expected to be conducted by individuals in a work role

Why does it matter

The NICE Framework is an important high-level tool for organizations trying to improve how it identifies, recruits, develops, and retains cybersecurity talent by enabling them to better define their cybersecurity workforce and identifying gaps in staffing. As a reference tool, it help describe the interdisciplinary nature of cybersecurity and leveraging it can help organizations fulfill all of the different skillsets needed for a successful cybersecurity program. It also provides language for organizations to utilize when creating position descriptions consistent with industry language. The NICE Framework identifies KSAs for training, certification, and education providers to develop curriculum around current employees.

What you can do

Election offices can leverage the NICE Framework to advance their cybersecurity workforce by using its available implementations. The Cybersecurity Workforce Development Toolkit issued by the U.S. Department of Homeland Security (DHS) specifies how to identify, address, and support cybersecurity work roles of critical need. This toolkit is part of the DHS National Initiative for Cybersecurity Careers and Studies (NICCS) list of cybersecurity resources for workforce development. To assist with recruitment, the CyberCorps Scholarship for Service program acts as a source of cyber talent for government organizations. Additionally, to enhance existing workforce skills, any public sector employee or veteran can access the Federal Virtual Training Environment (FedVTE) for free online cybersecurity training. These resources, in consultation with the NICE Framework, provide guidance and tools to help organizations customize their cybersecurity workforce to best fit their needs.

The EI-ISAC Cybersecurity Spotlight is a practical explanation of a common cybersecurity concept, event, or practice and its application to Elections Infrastructure security. It is intended to provide EI-ISAC members with a working understanding of common technical topics in the cybersecurity industry. If you would like to request a specific term or practice that may be of interest to the elections community, please contact [email protected].