The NICE Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181r1) establishes a common language to describe cybersecurity work and the knowledge and skills needed to do that work. It does this via Task, Knowledge, and Skill statements that define Work Roles and Competency Areas.
The distinction between Competency Areas and Work Roles is one that is discussed in more detail in NIST Interagency/Internal Report 8355: NICE Framework Competency Areas: Preparing a Job-Ready Cybersecurity Workforce. However, it is essential to understand how Work Roles, Jobs, and Occupations differ – and how they relate – to each other.
There is often confusion around these similar terms, so much so that sometimes you will hear them used interchangeably. The NICE Framework defines a Work Role as “A grouping of work for which an individual or team is responsible or accountable.” But Work Roles are not synonymous with jobs or occupations. Those can be described as:
The below figure shows how occupations, jobs, and work roles relate to each other.
NICE Framework Work Roles are used discover and plan for careers; develop and align learning courses and programs; create job descriptions and conduct performance-based assessments; track workforce capabilities; and more. Learn how you can use NICE Framework Work Roles and engage with others at the NICE Framework Users Group.
[1] U.S. Bureau of Labor Statistics, “Glossary” (Retrieved 2024). Available at: https://www.bls.gov/bls/glossary.htm#O
[2] U.S. Bureau of Labor Statistics, “Glossary” (Retrieved 2024). Available at: https://www.bls.gov/bls/glossary.htm#J
[3] Credential Engine Technical Site, “Credential Transparency Description Language” (Retrieved 2024). Available at: https://credreg.net/ctdl/terms/Job