8A |
Knowledge of access authentication methods. |
Knowledge |
21 |
Knowledge of computer algorithms. |
Knowledge |
22 |
* Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
25 |
Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]). |
Knowledge |
27A |
Knowledge of cryptology. |
Knowledge |
34 |
Knowledge of database systems. |
Knowledge |
38 |
Knowledge of organization’s enterprise information security architecture system. |
Knowledge |
43A |
Knowledge of embedded systems. |
Knowledge |
46 |
Knowledge of fault tolerance. |
Knowledge |
51 |
Knowledge of how system components are installed, integrated, and optimized. |
Knowledge |
52 |
Knowledge of human-computer interaction principles. |
Knowledge |
63 |
Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |
Knowledge |
64 |
Knowledge of information security systems engineering principles. |
Knowledge |
70 |
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). |
Knowledge |
72 |
Knowledge of local area and wide area networking principles and concepts including bandwidth management. |
Knowledge |
79 |
Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). |
Knowledge |
81A |
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
Knowledge |
82A |
Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs. |
Knowledge |
90 |
Knowledge of operating systems. |
Knowledge |
92 |
Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
94 |
Knowledge of parallel and distributed computing concepts. |
Knowledge |
98 |
Knowledge of policy-based and risk adaptive access controls. |
Knowledge |
101 |
Knowledge of process engineering concepts. |
Knowledge |
108 |
* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
109 |
Knowledge of secure configuration management techniques. |
Knowledge |
110A |
Knowledge of security management. |
Knowledge |
118 |
Knowledge of software development models (e.g., Waterfall Model, Spiral Model). |
Knowledge |
119 |
Knowledge of software engineering. |
Knowledge |
121 |
Knowledge of structured analysis principles and methods. |
Knowledge |
124 |
Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools. |
Knowledge |
126 |
Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design. |
Knowledge |
129 |
Knowledge of system life cycle management principles, including software security and usability. |
Knowledge |
130 |
Knowledge of systems testing and evaluation methods. |
Knowledge |
144 |
Knowledge of the systems engineering process. |
Knowledge |
177 |
Skill in designing countermeasures to identified security risks. |
Skill |
179 |
Skill in designing security controls based on cybersecurity principles and tenets. |
Skill |
197 |
Skill in discerning the protection needs (i.e., security controls) of information systems and networks. |
Skill |
199 |
Skill in evaluating the adequacy of security designs. |
Skill |
416 |
Analyze design constraints, analyze trade-offs and detailed system and security design, and consider lifecycle support. |
Task |
419 |
Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications. |
Task |
425 |
Assess the effectiveness of cybersecurity measures utilized by system(s). |
Task |
426 |
Assess threats to and vulnerabilities of computer system(s) to develop a security risk profile. |
Task |
431 |
Build, test, and modify product prototypes using working models or theoretical models. |
Task |
457 |
Conduct Privacy Impact Assessments (PIA) of the application’s security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII). |
Task |
494 |
Design and develop cybersecurity or cybersecurity-enabled products. |
Task |
496A |
Design, develop, integrate, and update system security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation. |
Task |
501 |
Design or integrate appropriate data backup capabilities into overall system designs, and ensure appropriate technical and procedural processes exist for secure system backups and protected storage of backup data. |
Task |
503A |
Design to security requirements to ensure requirements are met for all systems and/or applications. |
Task |
516 |
Develop and direct system testing and validation procedures and documentation. |
Task |
530 |
Develop detailed security design documentation for component and interface specifications to support system design and development. |
Task |
531 |
Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment. |
Task |
630 |
Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable). |
Task |
659 |
Implement security designs for new or existing system(s). |
Task |
662 |
Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts). |
Task |
737B |
Perform an information security risk assessment. |
Task |
766A |
Perform security reviews and identify security gaps in architecture. |
Task |
770 |
Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. |
Task |
809 |
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). |
Task |
850 |
Store, retrieve, and manipulate data for analysis of system capabilities and requirements. |
Task |
856 |
Provide support to security/certification test and evaluation activities. |
Task |
997 |
Design and develop key management functions (as related to cybersecurity). |
Task |
998 |
Analyze user needs and requirements to plan and conduct system security development. |
Task |
1000 |
Ensure security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary. |
Task |
1002 |
Skill in conducting audits or reviews of technical systems. |
Skill |
1072 |
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
Knowledge |
1073 |
Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. |
Knowledge |
1133 |
Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
1142 |
Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). |
Knowledge |
1152 |
Implement and integrate system development life cycle (SDLC) methodologies (e.g., IBM Rational Unified Process) into development environment. |
Task |
1157 |
* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 |
* Knowledge of cybersecurity principles. |
Knowledge |
1159 |
* Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2354 |
Employ configuration management processes. |
Task |
5200 |
Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies. |
Task |
6900 |
* Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 |
* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 |
* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |