Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Updated Workforce Framework for Cybersecurity

NEW NICE FRAMEWORK RELEASED

The National Initiative for Cybersecurity Education (NICE) has released the first revision to the Workforce Framework for Cybersecurity (NICE Framework). The NICE Framework improves communications about how to identify, recruit, develop, and retain cybersecurity talent ­ – offering a common, consistent lexicon that categorizes and describes cybersecurity work.

“The revised NICE Framework provides an improved and simplified conceptual design that helps to better coordinate an integrated ecosystem of cybersecurity education, training, and workforce development,” said Rodney Petersen, Director of NICE, which is led by the National Institute of Standards and Technology (NIST) and is a partnership between government, academia, and the private sector.

 The “cybersecurity workforce,” Petersen noted, “includes those whose primary focus is on cybersecurity as well as those in the workforce who need specific cybersecurity-related knowledge and skills in order to perform their work in a way that enables organizations to properly manage the cybersecurity-related risks to the enterprise.”

Revisions to the NICE Framework (NIST Special Publication 800-181) include:

  • A streamlined set of “building blocks” comprised of Task, Knowledge, and Skill Statements
  • The introduction of Competencies as a mechanism for organizations to assess learners
  • A reference to artifacts, such as Work Roles and Task, Knowledge, and Skills statements, that will live outside of the publication to enable a more fluid update process

“The NICE Framework building blocks (Tasks, Knowledge, and Skill statements) will unleash a variety of ways in which organizations can use and apply the NICE Framework within their unique context and in a manner that is consistent with the attributes of agility, flexibility, interoperability, and modularity,” said Karen Wetzel, Manager of the NICE Framework. “The introduction of Competencies, a mechanism for organizations to assess learners, is designed to increase alignment among employers, learners, and education and training providers and close the cybersecurity skills gap.”

The NICE Framework already has a large following. It is used by organizations in both the private and public sectors to perform workforce audits, develop position descriptions, create learning outcomes for courses, and much more.

Read More About the New NICE Framework

FUTURE UPDATES TO THE NICE FRAMEWORK

Next, NICE is turning its efforts to reviewing and updating the artifacts that support the Framework, including the Competencies, Work Roles, Tasks, and Knowledge and Skill statements.

The NICE Framework was first produced as NIST Special Publication 800-181 in 2017. In the coming year, NICE will be sharing details about a regular process for continually reviewing and updating the NICE Framework and its artifacts. Those interested in the NICE Framework and related cybersecurity workforce, education, and training resources are encouraged to visit the NICE Framework Resource Center

Released November 16, 2020, Updated November 30, 2020