NICE Framework (National Initiative for Cybersecurity Education Cybersecurity Workforce Framework)

What is the NICE Framework (National Initiative for Cybersecurity Education Cybersecurity Workforce Framework)?

The NICE Framework (National Initiative for Cybersecurity Education Cybersecurity Workforce Framework) is a reference resource that classifies the typical skill requirements and duties of cybersecurity workers. The framework enables workforce developers, job seekers and educators to explore specific work roles, as well as the skills, abilities and knowledge tied to each role.

Published by the National Institute of Standards and Technology, the framework offers organizations in the public, private and academic sectors a common language that enables them to speak about and define professional cybersecurity work requirements. Through the framework, NICE aims to develop a cybersecurity workforce that is globally competitive and can protect the U.S. from existing and emerging cybersecurity challenges.

Why the NICE Framework is important

The NICE Framework enhances communication so U.S. organizations can better identify, recruit, develop and retain cybersecurity workers while also helping workers understand the knowledge, skills and abilities they need to launch and further their careers.

Organizations can use the NICE Framework to develop additional publications or tools that meet their requirements to define or provide guidance on various facets of workforce planning, development, training and education.

NICE works with government, industry and academic partners to build on existing successful programs, facilitate change and innovation, and help boost the number of skilled cybersecurity professionals who are working to keep the U.S. secure.

History of the NICE Framework

The NICE Framework was established in 2008 as part of President George W. Bush's Comprehensive National Cybersecurity Initiative. The NICE Framework grew out of the knowledge that it was difficult to define and assess the cybersecurity workforce in the public and private sectors.

Consequently, over 20 government departments and agencies, the private sector and academia joined forces to offer a shared understanding of cybersecurity work, expressed in the first two versions of the NICE Framework and evolving with further collaboration between the public and private sectors and academia.

NICE Framework components

The NICE Framework consists of the following components:

• Seven categories covering high-level groupings of common cybersecurity functions.
• Thirty-three specialty areas outlining the distinct areas of cybersecurity work.
• Fifty-two work roles that provide detailed groupings of cybersecurity work made up of the specific skills, knowledge and abilities individuals need to perform the tasks in the work roles.

Who uses the NICE Framework

The NICE Framework can be used by the following:

• Employers to help define their cybersecurity workforces, identify the critical gaps in their cybersecurity staffing and create consistent descriptions of cybersecurity positions across the U.S.
• Current and future cybersecurity workers to help explore tasks and work roles, as well as understand the cybersecurity knowledge, skills and abilities employers value.
• Staffing specialists and guidance counselors to use as a resource to support current and future cybersecurity workers.
• Training and certification providers to help current and future cybersecurity workers acquire and demonstrate the necessary knowledge, skills and abilities.
• Education providers to help develop curriculum, certificate or degree programs, and research that cover the tasks as well as the knowledge, skills and abilities.
• Technology providers to identify the cybersecurity work roles, tasks as well as the knowledge, skills and abilities associated with their services, hardware or software.

How to use the NICE Framework

The NICE Framework can be used by employers to do the following:

• Inventory and track their cybersecurity workforces to better understand the strengths and gaps in their knowledge, skills and abilities, as well as the tasks they perform.
• Identify the necessary training and qualifications that workers need to develop critical knowledge, skills and abilities to perform cybersecurity tasks.
• Improve the descriptions of positions and the announcements of job vacancies by selecting the relevant knowledge, skills and abilities, as well as tasks as soon as the work roles and tasks are identified.
• Identify the most relevant work roles and develop career paths to help workers acquire the necessary skills for those roles.
• Develop a shared language to enable hiring managers and HR staff to recruit, retain and train a highly specialized workforce.

Editor's note: The article was written in 2019. TechTarget editors revised it in 2023 to improve the reader experience.