Government IT Security

NICE Framework

What is the NICE Framework?

With the large talent gap in the cybersecurity workforce, it is increasingly important that employers and employees are able to clearly express their needs and expectations regarding cybersecurity jobs. The National Initiative for Cybersecurity Education (NICE) is led by the National Institute of Standards and Technology (NIST) and is a partnership between government, academia, and the private sector that works to promote cybersecurity education, training, and workforce development. NIST seeks to address a central challenge in cybersecurity education and training, which is how cybersecurity is defined and understood in various jobs and industries. With job descriptions and job titles for the same job roles varying from employer to employer, it makes it difficult for colleges and universities to prepare students for the workforce, and it also strains employers who are tasked with retraining these new workers.

The NICE Cybersecurity Workforce Framework is the foundation for increasing the size and the capability of the U.S. cybersecurity workforce1. The NICE Cybersecurity Workforce Framework proves a common definition for cybersecurity, a comprehensive list of cybersecurity tasks, and explanations of the knowledge, skills, and abilities required to perform those tasks. The Framework helps:

  • Educators to create programs that are aligned to jobs
  • Students to graduate with the knowledge and skills that employers need
  • Employers to recruit from a larger pool of more qualified candidates
  • Employees to acquire portable skills and better-defined career paths and opportunities
  • Policy makers to set standards to promote workforce professionalization

The NICE Framework is comprised of the following components2:

Categories. High-level groupings of common cybersecurity functions:

  • Analyze. Performs highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
  • Collect and operate. Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
  • Investigate. Investigates cybersecurity events or crimes related to IT systems, networks, and digital evidence.
  • Operate and maintain. Provides the support, administration, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.
  • Oversee and govern. Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.
  • Protect and defend. Identifies, analyzes, and mitigates threats to internal IT systems and/or networks.
  • Securely provision. Conceptualizes, designs, and/or builds secure IT systems, with responsibility for aspects of system and/or network development.

Specialty Areas. From within the seven Categories, thirty-three distinct areas of cybersecurity work are identified.

Work Roles. From within the thirty-three Specialty Areas, fifty-two detailed groupings of cybersecurity work comprised of specific knowledge, skills, and abilities required to perform tasks in a Work Role are identified.

1 CISA, 2022, “National Initiative for Cybersecurity (NICE) Cybersecurity Workforce Framework”

2 NICCS, 2022, “Workforce Framework for Cybersecurity (NICE Framework)