NIST SP 800-181 Rev. 1 (Draft) Workforce Framework for Cybersecurity (NICE Framework)
こんにちは、丸山満彦です。
NISTがSP 800-181 Rev. 1 (Draft) Workforce Framework for Cybersecurity (NICE Framework)の改訂についてのパブリックコメントを2020.08.28まで求めていますね。。。
● NIST - ITL
・2020.07.15 SP 800-181 Rev. 1 (Draft) Workforce Framework for Cybersecurity (NICE Framework)
・[PDF] SP 800-181 Rev. 1 (Draft) (DOI)
・[XLSX] A Reference Spreadsheet for the original NICE Framework
主要な変更案は。。。
- サイバーセキュリティ業務を行う多様な人材をより包括的にするための名称の変更、
- 重要な用語の定義と正規化
- 俊敏性、柔軟性、相互運用性、モジュール性を促進する原則
- コンピテンシーの導入
等ということのようですね。。。
変更のwebiner (1hour)
・NICE Webinar: What’s New - Revisions to the NICE Framework
Abstract
目次
Executive Summary
1 Background
1.1 Attributes of the NICE Framework
1.2 Purpose and Applicability
1.3 Audience
1.4 Organization of this Publication
2 NICE Framework Components
2.1 Task Statements
2.2 Knowledge Statements
2.3 Skill Statements
3 Using the NICE Framework Building Blocks
3.1 Applying the NICE Framework
3.1.1 Using Existing TKS Statements
3.1.2 Creating New TKS Statements
3.2 Work Roles
3.2.1 Using Existing Work Roles
3.2.2 Creating a New Work Role
3.3 Competencies
3.3.1 Using Existing Competencies
3.3.2 Creating New Competencies
3.4 Teams
3.4.1 Building Teams with Work Roles
3.4.2 Building Teams with Competencies
4 Conclusion
References
-----
Executive Summary
Each of us—individually and organizationally—performs important work that provides a contribution to society. However, it is often difficult, to clearly describe the work that one is performing or desires to accomplish. Information and technology, including many evolving types of operational technology, grow increasingly complex and interconnected every day. The National Initiative for Cybersecurity Education (NICE) recognizes that the participants in that evolution are lifelong learners, from their first day in a classroom to long after their retirement party, and that there is a segment of learners that are responsible for maintaining confidentiality, integrity, and availability objectives. In this publication, that segment is referenced as the cybersecurity workforce and the tasks that they perform are referenced as the cybersecurity work. There is value in describing that work with precision when recruiting, hiring, developing, and retaining employees or contractors.
The NICE Framework has been developed by to help provide a reference taxonomy of the cybersecurity work and of the individuals who carry out that work. The NICE Framework supports the NICE mission to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. The NICE Framework provides a set of building blocks for describing the tasks, knowledge, and skills that are needed to perform cybersecurity work performed by individuals and teams. Through these building blocks, the NICE Framework enables organizations to develop their workforces to perform cybersecurity work and helps learners to explore cybersecurity work and to connect with initiatives develop their knowledge and skills. This development, in turn, benefits employers and employees through the identification of career pathways that document how to prepare for cybersecurity work using the data of TKS Statements bundled into Work Roles and Competencies.
There are numerous benefits to both individuals and organizational entities from applying such a framework. The use of common terms and language helps to organize and communicate the work to be done and the attributes of those that are qualified to perform that work. In this way the NICE Framework helps to simplify communications and provide focus on the tasks at hand, such as for cybersecurity work to be accomplished. Use of the NICE Framework improves clarity and consistency at all organizational levels—from an individual to a technology system to a program, organization, sector, state, or nation.
Comments