New NICE Framework Released


The National Initiative for Cybersecurity Education (NICE) released the first revision to the Workforce Framework for Cybersecurity (NICE Framework). The NICE Framework improves communications about how to identify, recruit, develop, and retain cybersecurity talent ­ – offering a common, consistent lexicon that categorizes and describes cybersecurity work.

“The revised NICE Framework provides an improved and simplified conceptual design that helps to better coordinate an integrated ecosystem of cybersecurity education, training, and workforce development,” said Rodney Petersen, Director of NICE, which is led by NIST and is a partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development.

The “cybersecurity workforce,” Petersen noted, “includes those whose primary focus is on cybersecurity as well as those in the workforce who need specific cybersecurity-related knowledge and skills in order to perform their work in a way that enables organizations to properly manage the cybersecurity-related risks to the enterprise.”

Revisions to the NICE Framework (NIST Special Publication 800-181) provide:

  • A streamlined set of “building blocks” comprised of Task, Knowledge, and Skill Statements;
  • The introduction of Competencies as a mechanism for organizations to assess learners; and
  • A reference to artifacts, such as Work Roles and Knowledge Skills and Abilities statements, that will live outside of the publication to enable a more fluid update process.

“The NICE Framework Building Blocks (Tasks, Knowledge, and Skill statements) will unleash a variety of ways in which organizations can use and apply the NICE Framework within their unique context and in a manner that is consistent with the attributes of agility, flexibility, interoperability, and modularity,” said Karen Wetzel, Manager of the NICE Framework. “The introduction of competencies, a mechanism for organizations to assess learners, is designed to increase alignment among employers, learners, and education and training providers and close the cybersecurity skills gap.”

The NICE Framework already has a large following. It is used by organizations in both the private and public sectors to perform workforce audits, develop position descriptions, create learning outcomes for courses, and much more.

Future Updates to the NICE Framework

Next, NICE is turning its efforts to reviewing and updating the artifacts that support the Framework such as Competencies, Work Roles, Work Role groupings, Tasks, and Knowledge and Skill statements.

The NICE Framework was first produced as NIST Special Publication 800-181 in 2017. In the coming year, NICE will be sharing details about a regular process for continually reviewing and updating the NICE Framework and its artifacts. Those interested in the NICE Framework and related cybersecurity workforce, education, and training resources are encouraged to visit the NICE Framework Resource Center.