The National Initiative for Cybersecurity Education Cybersecurity Workforce Framework (NICE Framework) is a reference resource that classifies the typical skill requirements and duties of cybersecurity workers. The framework allows workforce developers, job seekers and educators to explore specific work roles as well as the skills, abilities and knowledge tied to each work role.
Published by the United States National Institute of Standards and Technology (NIST), the framework offers organizations in the public, private and academic sectors a common language that enables them to speak about and define professional cybersecurity work requirements. Through the framework, NICE aims to develop a cybersecurity workforce that is globally competitive and can protect the United States from existing and emerging cybersecurity challenges.
Why the NICE Framework is important
The NICE Framework enhances communication so U.S. organizations can better identify, recruit, develop and retain cybersecurity workers while also helping workers understand the knowledge, skills and abilities they need to launch and further their careers.
Organizations can use the resource to develop additional publications or tools that meet their requirements to define or provide guidance on various facets of workforce planning, development, training and education.
NICE works with government, industry and academic partners to build on existing successful programs, facilitate change and innovation as well as to help boost the number of skilled cybersecurity professionals who are working to keep the United States secure.
History of the NICE Framework
The NICE Framework is part of NICE (the National Initiative for Cybersecurity Education), established in 2008 as part of President George W. Bush’s Comprehensive National Cybersecurity Initiative. The NICE Framework grew out of the knowledge that it was difficult to define and assess the cybersecurity workforce in the public and private sectors.
Consequently, over 20 government departments and agencies, the private sector and academia joined forces to offer a shared understanding of cybersecurity work, expressed in the first two versions of the NICE Framework and evolving with further collaboration between the public and private sectors and academia.
NICE Framework components
The NICE Framework consists of the following components:
- Seven categories – high-level groupings of common cybersecurity functions
- Thirty-three specialty areas – distinct areas of cybersecurity work
- Fifty-two work roles – detailed groupings of cybersecurity work made up of the specific skills, knowledge and abilities individuals need to perform the tasks in the work roles
Who uses NICE Frameworks
The NICE Framework can be used by:
- Employers – to help define their cybersecurity workforces, identify the critical gaps in their cybersecurity staffing and create descriptions of cybersecurity positions consistent with the language of the United States.
- Current and future cybersecurity workers – to help explore tasks and work roles as well as understand the cybersecurity knowledge, skills and abilities that employers value.
- Staffing specialists and guidance counselors – to use as a resource to support current and future cybersecurity workers.
- Training and certification providers – to help current and future cybersecurity workers acquire and demonstrate the necessary knowledge, skills and abilities.
- Education providers – to help develop curriculum, certificate or degree programs, and research that cover the tasks as well as the knowledge, skills and abilities.
- Technology providers - to identify the cybersecurity work roles, tasks as well as the knowledge, skills and abilities associated with their services, hardware or software
How the NICE Framework can be used
The NICE Framework can be used by employers to:
- Inventory and track their cybersecurity workforces to better understand the
strengths and gaps in their knowledge, skills and abilities as well as the tasks they perform.
- Identify the necessary training and qualifications that workers need to develop critical knowledge, skills and abilities to perform cybersecurity tasks.
- Improve the descriptions of positions and the announcements of job vacancies by selecting the relevant knowledge, skills and abilities as well as tasks as soon as the work roles and tasks are identified.
- Identify the most relevant work roles and develop career paths to help workers acquire the necessary skills for those roles.
- Develop a shared language to enable hiring managers and HR staff to recruit, retain and train a highly-specialized workforce.