What is the NICE Framework?

What is the NICE Framework? 800 418 N2K

As a security leader thinking through your cyber workforce development strategy, one consideration we hear often is whether or not to align efforts with the industry-recognized NICE Framework. Implementing this behemoth of a publication can appear to be a huge undertaking.

In this mini-series, we’ll break down the purpose behind the framework, when and how to apply the framework in your organization, and steps you can take to get started.

What is the NICE Framework?

The Workforce Framework for Cybersecurity, or NICE Framework (NIST Special Publication 800-181, revision 1), was developed by the National Institute for Cybersecurity Education (NICE), which is led by the National Institute of Standards and Technology (NIST), to help employers strengthen their organization’s security posture through developing their workforce.

The publication creates a common language that aims to simplify, define, and formalize cybersecurity job roles and relevant Task, Knowledge, and Skill (TKS) statements, regardless of where or for whom the work is performed.

The framework was also highlighted on May 2, 2019, when the White House released its Executive Order (EO) on America’s Cybersecurity Workforce, which strongly encourages the adoption of the NICE Framework across the government, private sector, and academia.

What is the purpose of the NICE Framework?

In aggregate, the NICE Framework’s intent is to provide guidance and consistency for employers to improve their practices around identifying, recruiting, developing, and retaining cybersecurity and cyber-adjacent talent.

Emphasis on guidance. As noted within the framework by NICE, the TKS and work roles identified should serve as building blocks and be adapted to the standards, regulations, needs, and mission of each individual organization.

How It’s Structured

The publication outlines 52 specific cybersecurity roles and 33 specialty areas within the field. The job roles and specialty areas defined are organized into seven main categories:

  • Securely Provision. Job roles within the Securely Provision category specialize in the conceptualization, design, and building of secure IT systems and networks.
  • Operate and Maintain. Individuals are responsible for the support, administration, and maintenance of IT system performance and security.
  • Analyze. Professions under Analyze are responsible for conducting thorough reviews and evaluations of incoming cybersecurity information to assess validity and benefits for intelligence.
  • Oversee and Govern. Individuals are responsible for leadership, direction, and advocacy for employees and the greater organization on cybersecurity initiatives and strategy.
  • Protect and Defend. Job roles under Protect and Defend are responsible for the classification, analysis, and mitigation of cyber threats on internal systems.
  • Collect and Operate. Cybersecurity roles responsible for conducting denial and deception operations in addition to cybersecurity data that could be used for intelligence.
  • Investigate. Professions under Investigate are responsible for examining cybersecurity activity and crimes on IT systems and networks.

Who Can Use the NICE Framework and How?

  • Academic Institutions and Training Providers. Educators can create curricula, certificate or degree programs, or professional development courses based on actual job roles and relevant skills.
  • Students. Graduates can enter the workforce with the baseline knowledge and skills that employers need.
  • Employers. Security leaders and hiring managers can have well-defined roles and career pathways in addition to career development opportunities.
  • Employees. Individuals will have a better understanding of how to excel in their current or aspirational roles.
  • Policymakers. Advocates for the framework can use it to set new or improved standards to promote cyber workforce development optimization.


Additional Sources