Updated NICE Cybersecurity Framework Issued by CISA

The National Institute of Standards and Technology (NIST) has released an updated version of the NICE Framework for Cybersecurity Workforce, version 2.0.0. This nationally focused resource is designed to improve communication among stakeholders in the cybersecurity ecosystem across public, private, and academic sectors.

The updated NICE Framework seeks to aid in identifying, recruiting, developing, and retaining cybersecurity talent. It establishes a standard approach and common language for describing cybersecurity work and learner capabilities.

In this new version, two work roles have been updated: digital evidence analysis (IN-WRL-002) and insider threat analysis (PD-WRL-005). Additionally, a new work role has been added: operational technology cybersecurity engineering (DD-WRL-009).

One competency area has also been updated: cyber resiliency (NF-COM-007). Administrative updates include fixing typos and spelling errors, removal of duplicate or redundant TKS statements.

The updated NICE Framework does not provide specific details about the updates it includes, but it is designed to help employers develop their cybersecurity workforce and aid in the development of the cybersecurity workforce as a whole.

It's important to note that users may choose to continue using older versions of the NICE Framework, but outdated versions may not be supported by the NICE Program Office.

The US Cybersecurity and Infrastructure Security Agency (CISA) has also played a role in the update of the NICE Framework, ensuring that it remains a valuable resource for developing the cybersecurity workforce.

The NICE Program Office takes a software update versioning approach for NICE Framework components, meaning that future updates can be expected. However, the release date for version 2.0.0 is not specified.

Finally, it's worth mentioning that the NICE Framework, version 2.0.0, has removed two work role categories, cyberspace effects and cyberspace intelligence, which can now be found in the DoD Cyber Workforce Framework (DCWF).

In conclusion, the updated NICE Framework, version 2.0.0, is a valuable resource for improving communication and developing the cybersecurity workforce across various sectors. Employers are encouraged to utilise this resource to help identify, recruit, develop, and retain cybersecurity talent.