The US Cybersecurity and Infrastructure Security Agency (CISA) has released an updated version of the NICE Framework, a nationally focused resource to help employers develop their cybersecurity workforce.
The NICE Workforce Framework for Cybersecurity establishes a standard approach and common language for describing cybersecurity work and learner capabilities. The NICE Framework seeks to improve communication among stakeholders throughout the cybersecurity ecosystem about how to identify, recruit, develop, and retain talent. It applies across public, private, and academic sectors.
Updates in version 2.0.0 include:
- Work role categories: The removal of two work role categories and the work roles contained in them. Note these can now be found in the DoD Cyber Workforce Framework (DCWF). Affected categories are cyberspace effects and cyberspace intelligence;
- Work roles: Two updated work roles include digital evidence analysis (IN-WRL-002) and insider threat analysis (PD-WRL-005). One new work role includes operational technology cybersecurity engineering (DD-WRL-009);
- Competency areas: One updated competency area, cyber resiliency (NF-COM-007); and
- Administrative Updates: Including fixing typos and spelling errors and removal of duplicate or redundant TKS statements.
The NICE Program Office takes a software update versioning approach for NICE Framework components, with a mix of minor and major updates over time. While users of the NICE Framework are always encouraged to reference the most recent published version of the components, users may choose to continue using older versions. Please note that outdated versions may not be supported by the NICE Program Office.
