NICE Framework

What is the NICE cybersecurity workforce framework?

Daniel Brecht
September 14, 2020 by
Daniel Brecht

The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST), is a partnership between government, academia and the private sector which works to promote cybersecurity education, training and workforce development. 

NICE published Special Publication 800-181 with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, which serves as a reference structure that describes the interdisciplinary nature of the cybersecurity work — regardless of where, or for whom, the job is performed. The NICE Cybersecurity Workforce Framework (NCWF) describes cybersecurity work and provides a standard way of defining roles in the field by knowledge, skills and abilities, as well as categories and specialties.

The document provides a great way for employers, human resources personnel and employees to define jobs in the field, speak a common language and identify training needs, career paths and position requirements, as well as agree on proper ways for measuring and assessing abilities.

Why does the NCWF matter?

With a need for standardization, in terms of how cybersecurity work is defined, described and how the workforce is trained, the NICE Framework serves as the foundation for all cyber workforce development activities, says the National Initiative for Cybersecurity Careers & Studies (NICCS). The Workforce Framework provides a common language to talk about cyber roles and jobs and can be referenced by those who wish to define professional requirements in cybersecurity.

The NICE Framework matters because it allows the identification of all roles needed within a company cybersecurity structure as well as the proper certifications, knowledge and skills each role should develop and demonstrate, so as to have a team as complete and efficient as possible. The framework provides guidance on which roles to implement in the organization in order to accomplish all needed cybersecurity tasks and also ways to identify the proper talents by formulating proper position descriptions that correctly identify the right qualifications and duties that can be assigned to each role. It also provides a blueprint of how to further develop employees and provide more focused training opportunities.

The document is also very important for certification and training providers that can bank on the information provided to tailor their courses, as well as provide more meaningful assessment based on each role's characteristics.

The publication, then, can be pivotal in the shaping of a cybersecurity workforce that meets the needs of today’s organizations. But it also provides a standard guidance to prevent improvisation and approximation in the shaping of specialized professionals.

NCWF development: How it’s structured

The NCWF has several components. The first layer is seven categories; each encompasses a number of Specialty Areas (33 total) that go into detail on specific cybersecurity functions. For example, the Strategic Planning and Policy (SPP) specialty listed under the Oversee and Govern (OV) category refers to the development of policies and plans, as well as the needed changes as organization mission changes or when new initiatives require them.

Each specialty includes a number of work roles (fifty-two work roles to be precise) with the specific attributes needed to perform them in the form of knowledge, skills and abilities (KSAs) and tasks.

Here’s what lies within the NICE Framework components …

The framework clearly defines a relationship between categories of work to identify specific specialty areas and job roles within them and pinpointing the KSAs needed for each. But how does a position fit the NICE Cybersecurity Workforce Framework? A Mapping Tool, launched in 2018, does just that by enabling users to enter information about a cyber position and generating reports.

Who uses the NCWF and for what?

The publication for the NICE Framework serves as a fundamental reference for many. So, who should use it?

  • Employers: The Framework allows them to better shape their workforce by identifying gaps whether it is in work roles or skills or knowledge needed. It can also help them write more focused and meaningful position descriptions that allow HR professionals to focus their hiring efforts, as well as provide better guidance to current employees on what is really expected from them in terms of knowledge and competencies to hone. 

“The NICE Framework will allow employers to use focused, consistent language in professional development programs, in their use of industry certifications and academic credentials, and in their selection of relevant training opportunities for their workforce,” writes the NIST Special Publication 800-181.

  • Current and future cybersecurity workers: The Framework can guide all cybersecurity professionals in any stages of their career to help explore tasks and work roles and understand the KSAs that are being valued by employers for in-demand cybersecurity positions. The NICE Framework’s common lexicon is used to provide clear and consistent descriptions of the cybersecurity tasks and training that are needed for those work roles. 

The document provides guidance for professionals looking for positions that better fit for their current knowledge and experience and can provide an idea of a progression for young practitioners just starting in the field.

  • Academic advisors and staffing specialists: To help support students and job seekers in designing their career path towards a job in cybersecurity. The Framework is a compass that provides objective information that any advisors can use in designing specific plans for their customers.
  • Training and certification providers: To help current and future members of the cybersecurity workforce gain and demonstrate the KSAs to perform tasks in a work role.

Note: NICE encourages anyone offering training and certifications to make sure their offerings are included in the DHS Education and Training Catalog, with all courses aligned to the specialty areas of the National Cybersecurity Workforce Framework.) See: How to Align Training With the NICE Framework.

  • Education providers: To help develop curriculum, courses, certificates or degree programs, seminars and research aligned to NICE Framework KSAs and tasks described.
  • Technology providers: To help identify cybersecurity work roles and specific tasks and KSAs associated with services and hardware or software products they supply.

The following two webinars clearly explain the reasons and efforts behind the creation of the NICE Framework and show success stories derived from its use.

Webinar: NICE Cybersecurity Workforce Framework Use Cases and Success Stories (1:00:28)

  • Discover how the NICE Framework can be used to develop, improve, and retain a cybersecurity workforce

Webinar: Efforts to Align Training and Certifications to the NICE Framework (1:00:23)

  • Explore the career paths in cybersecurity

NICE Framework applied

The NICE Framework has evolved with further engagement between the government, private sector and academia that came together to provide a common understanding of cybersecurity work.

National Institute of Standards and Technology (NIST) introduced CyberSeek, “an interactive online tool designed to make it easier for cybersecurity job seekers to find openings and for employers to identify the skilled workers they need”, in an effort to narrow the cybersecurity employment gap. Rodney Petersen, director of the National Initiative for Cybersecurity Education (NICE), explains how “[it] will assist its users — students, employees, employers, policy makers, training providers and guidance counselors — to explore opportunities they may have never considered.” 

CyberSeek’s interactive map helps the user to view information about cybersecurity supply and demand by state or metro area. What’s more, it highlights career pathways that incorporate job categories from the NICE Cybersecurity Workforce Framework and “features information on common job titles, salaries, online job openings, in-demand skills, education and certifications” related to the field.

The U.S. Office of Personnel Management (OPM) works with its partners across government to categorize cyber positions through coding to fully align with the NICE Framework. Since 2013, the OPM role has had federal agencies assign government-wide cybersecurity data standard codes to their positions with cybersecurity functions, as outlined within the Federal Cybersecurity Workforce Assessment Act. “In accordance with the Act, agencies are required to identify and code Federal positions performing information technology, cybersecurity or other cyber-related functions.” As a result, agencies are now able to better identify, recruit, assess, and hire the best candidates with specific cyber-related knowledge, skills and abilities (KSAs).


In 2014, the NICE Cybersecurity Workforce Framework (NCWF) was made available to expedite the recruitment of highly qualified personnel for information technology and cybersecurity roles. The goal of the NICE Framework, in fact, is to align cyber work, a job or position, as described by relevant KSAs, once work roles and tasks are identified.

The NICE Framework, NIST Special Publication 800-181 is a national-focused resource that categorizes and describes cybersecurity work. It is intended to be a living document for organizations to systematically build their workforce and have continuous readiness.


Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.