The National Institute of Standards and Technology, also known in the field of security as NIST, is well known for setting industry standards. Part of the U.S. Department of Commerce, NIST develops and publishes standards on many things ranging from units of measurement to quantum science. For those who work for the U.S. government as well as organizations that model their security after that of the government, NIST Special Publications provide much the guidance necessary to implement and manage a state-of-the-art cybersecurity program.
You will frequently find references to NIST guides and standards on this site because of their unparalleled influence in the world of information security. Not only are they responsible for the government security standards, they also teamed up with industry leaders to develop the Cybersecurity Framework in response to a presidential executive order aimed at improving security around the nation’s critical infrastructure.
NICE
The National Initiative for Cybersecurity Education, or NICE, began as a U.S. government focused collaborative group comprised of several experts from several federal organizations. One of their primary projects was to develop standards by which to recruit and train cybersecurity talent.
While originally NICE was concerned with only cybersecurity in the U.S. government, they expanded their focus to include civilians. They now exist to develop standards of education for students all the way from kindergarten through graduate schools. Their primary goal is to establish education that will establish safe practices and improve the nation’s security.
NICE Cybersecurity Workforce Framework
NICE began work on their model for cybersecurity education well over a decade ago as a means of developing the federal workforce. It was opened up to private industry in 2010 and the first version of what they called the Nice Cybersecurity Workforce Framework, or NCWF (because the government loves acronyms, even if they contain other acronyms), was finalized and published in 2013.
Since that time, lead by NIST, this framework has been instrumental in helping both government and civilian organizations to build their cybersecurity programs. It has provided academia with information about the core knowledge, skills, and abilities required to develop certifications, training, and even degree programs that produce knowledgeable security professionals capable of filling security roles in all levels of just about any organization.
The Value of the NCWF
Currently undergoing a rewrite, version 2 of the NCWF exists as a NIST draft publication, SP 800-181 and is scheduled to be completed sometime in mid-2017. The framework breaks down the field of cybersecurity into seven common functions that are then broken down into thirty three specific areas of cybersecurity work, and again into fifty two distinct roles that have specific required knowledge, skills, and abilities.
The NCWF serves to provide organizations with valuable information that they can use to assess their own security operations. It helps to better define security positions and responsibilities which is invaluable for recruiting and managing security personnel. Using this framework, organizations can identify critical gaps in their security staffing by better understanding important roles and skillsets that may be going unfulfilled.
Because the field of cybersecurity is rapidly evolving, NICE intends for the NCWF to be a living standard that will continue to provide organizations, students, educators, and systems developers the requisite information needed to stay in front of organizational and educational security needs. This can be a valuable tool for individuals who wish to break into the cybersecurity industry as well as for organizations who have need of cybersecurity talent.