Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Back to the Basics: Announcing the New NICE Framework

NICE Framework Blog Image

Three years ago, NIST published the first version of Special Publication (SP) 800-181, the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. Since then, cybersecurity has changed. In the last year the way we think about how we do work has changed, too. Drastically. In order to keep pace with these changes and increase flexibility of the NICE Framework so that it meets the needs of multiple stakeholder groups across both public and private sectors, NIST announced in 2019 a year-long effort to review and update the NICE Framework. This effort has come to a close and we are happy to announce the release of NIST SP 800-181 Revision 1, the Workforce Framework for Cybersecurity (NICE Framework)!

We’ve taken a back-to-the-basics approach in this revision and really focused in on the building blocks of a workforce framework. Describing the foundations of a workforce framework presents a common language for organizations to use internally and with others. This flexible approach also allows organizations to tailor and implement the NICE Framework to their unique operating context.

NIC Framework Building Block

The main building blocks of the NICE Framework are Tasks, Knowledge, and Skills, which each help describe two main concepts: “the work” and “the learner.” In Revision 1 of the NICE Framework, Ability statements have been absorbed by Skill statements, which focus on action by the learner. By describing both the “work” and the “learner,” the NICE Framework provides organizations a common language to describe their cybersecurity work. Furthermore, the NICE Framework provides an interoperable mechanism to communicate across organizations at a peer level, sector level, national level, or international level using the same building blocks.

Competencies, which existed in earlier versions of the NICE Framework, are also re-introduced in NIST SP 800-181 Revision 1. Competencies, a mechanism for organizations to assess learners, further describe the “learners” of cybersecurity work. Competencies allow students, current employees, and job seekers to succinctly communicate and effectively demonstrate that they have the requisite Knowledge and Skills to perform cybersecurity work.

Another major update you’ll find in this revision is that it has been streamlined to include only core, static content. This means only 12 pages of content! In environments that so quickly evolve, like cybersecurity does, informational content needs to be agile. Supplemental content such as lists of Competencies, Work Roles, Tasks, Knowledge, and Skill statements have been removed from the static publication so that they can be updated more frequently. A revision process is being developed for how updates to these supplemental materials will be done.

Now that the revised NICE Framework has been released, we are focusing efforts on the two-year activities of our update plans. Competencies, Work Roles, including Work Role groupings, Tasks, and Knowledge and Skill statements are undergoing a review through 2021. We invite you to remain engaged with the NICE Framework and its continual evolution. Stay tuned for more information on how you can get involved in community groups on the NICE Framework by visiting the NICE Framework Resource Center, subscribing to email updates from NICE, or following @NISTCyber on twitter.

About the author

Comments

NIST SP 800-181 r1 released in I believe November 2020, is still the most current detail, correct? Doesn't EO 14110 require updates to meet those new standards for Cybersecurity as it relates to AI, LLMs, GENAI, and AI Code Development Practices and the WORKFORCE that will support those initiatives?

Yes, the current version of NIST SP 800-181 r1, The Workforce Framework for Cybersecurity (NICE Framework), was released in 2020. However, the data from the NICE Framework (Work Roles, Competency Areas, and Task, Knowledge, and Skill statements) were separated from the SP to allow us to make more regular updates to that content. Information about those updates can be found at nist.gov/nice/framework. Our team at NIST has been working closely with the National Science Foundation and other key stakeholders to determine how topics such as artificial intelligence and machine learning should be included in these updates.

Add new comment

CAPTCHA
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.