COMSEC Manager

Work Role ID: 723  |  Workforce Element: Cybersecurity

What does this role do? Manages the Communications Security (COMSEC) resources of an organization (CNSSI No. 4009).

CORE KSATs
KSAT ID Description KSAT
22 * Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge
25 Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]). Knowledge
37 Knowledge of disaster recovery continuity of operations plans. Knowledge
55 Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data. Knowledge
61 Knowledge of incident response and handling methodologies. Knowledge
108 * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge
395 Advise senior management (e.g., CIO) on risk levels and security posture. Task
578 Ensure security improvement actions are evaluated, validated, and implemented as required. Task
824 Recognize a possible security violation and take appropriate action to report the incident, as required. Task
852 Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered. Task
1141A Knowledge of an organization’s information classification program and procedures for information compromise. Knowledge
1157 * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. Knowledge
1158 * Knowledge of cybersecurity principles. Knowledge
1159 * Knowledge of cyber threats and vulnerabilities. Knowledge
6900 * Knowledge of specific operational impacts of cybersecurity lapses. Knowledge
ADDITIONAL KSATs
KSAT ID Description KSAT
129 Knowledge of system life cycle management principles, including software security and usability. Knowledge
143 Knowledge of the organization’s enterprise information technology (IT) goals and objectives. Knowledge
183 Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. Skill
299 Knowledge of information security program management and project management principles and techniques. Knowledge
325 Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management). Knowledge
396 Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements. Task
445 Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders. Task
475 Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance. Task
596 Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy. Task
600 Evaluate cost benefit, economic, and risk analysis in decision making process. Task
1004 Knowledge of critical information technology (IT) procurement requirements. Knowledge
1040A Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure. Knowledge