File Date:

Background Information

The Federal Cybersecurity Workforce Assessment Act (FCWAA) of 2015 (contained in Public Law 114-113) require
positions across the Federal Government.:
(a) identifying the percentage of IT, cybersecurity, and cyber-related personnel who currently hold industry-recognize
(b) outlining the preparedness level of cyber-performing personnel without existing credentials to pass certification ex
(c) defining a strategy for mitigating any identified gaps with training and certification.

This illustrative mapping of certifications includes mappings developed by the Health and Human Services Office of Information Security (O
Chief Information Officer (OCIO) with feedback provided by the staff from HHS OpDivs and StaffDivs. Please note that this roster of indus
on is not exhaustive prescriptive. This mapping matrix does not promote or endorse any specific vendor or certification.

References:
Federal Cybersecurity Workforce Assessment Act (FCWAA) of 2015 (contained in Public Law 114-113)
Guidance for Assigning New Cybersecurity Codes to Positions with Information Technology, Cybersecurity, and Cyber-Related
Identifying Agency Point of Contact for Cybersecurity Position Coding
Next Steps in Implementing the Federal Cybersecurity Workforce Assessment Act
Guidance for Identifying, Addressing and Reporting Cybersecurity Work Roles of Critical Need
Preliminary Report on Agency Cybersecurity Work Roles of Critical Need due August 31, 2018

3/26/2019 (updated column headers to reflect current NICE Framework components)

 Certification Mapping to NICE Framework Work Introduction

This document includes commercially available Cybersecurity certifications that may be of value to the cybersecurity workforc
mandatory or an exhaustive listing, but rather a compendium of current certifications identified by public and private sector o
valuable for the determination of certifications that support the National Institute of Standards and Technology (NIST) Special
National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (aka the NICE Framework).

Consistent with the NICE Framework, NIST SP 800-181,

Nothing in this document should be taken to contradict the standards and guidelines made mandatory and binding on federal
Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the e
the Secretary of Commerce, Director of the OMB, or any other federal official. This publication may be used by nongovernmen
a voluntary basis and is not subject to copyright in the United States.

Future versions of this illustrative mapping will be forthcoming and could incorporate proficiency levels for each of the NICE Fr
Also, provisions are being made for proposals for modifications to the mapping which will be made available in the near future
feedback and improvement of the mapping.

The NICE Training and Certification Sub Working Group formed a team of governmental, academic and private industry partici
certifications in use across the cybersecurity workforce to map against the NICE Framework work roles and associated tasks, k
abilities. A series of discussions and meetings were held and the draft mapping was provided to the NICE Training and Certifica
Group for review and then to the larger NICE Working Group for additional review.

It is key to keep in mind that this mapping only includes commercial foundational cybersecurity certifications, it does not, nor
currently include training, academic degree program or credentialing programs in the cybersecurity arena. The certification's l
specific software or system, but rather designed for the broader foundational aspects of cybersecurity. Specific certification/cr
operating systems and supporting software should be identified by the system/software provider.

Users of this mapping should utilize the NICE Framework, NIST SP 800-181, to identify the cybersecurity work role(s) that are m
their efforts. One the work role is identified, the user can then find the work role within this matrix, see of listing of certificatio
value to the area and then review the certifications which might be of use for them.

Individuals within the cybersecurity community or others looking to join the community can use the NICE Framework, NIST SP
and associated tasks and KSAs along with the certification mapping as a tool for career planning and development in their curr
cyber security work roles. Supervisors can use the NIST 800-181 and this matrix as a means to determine work force needs, as
for describing and identifying job requirements, recruiting approaches and applicant qualification.

This version of the illustrative mapping of certifications to the NICE Framework was created and d
NICE Framework Categories

NICE Speciality Areas Threat Analysis (TWA)

Key: H=HHS D=DON C=C3

OPM Cybersecurity Code 141

Threat Warning
# Vendor Certifications Website Analyst (AN-TWA-001)

# Vendor Certifications Website

http://www.abchs.c
Certified in Information
ABCHS om/certification/cia.
Assurance (CIA)
php
http://www.abchs.c
Intelligence Analyst Certified
ABCHS om/certification/iac.
(IAC)
php
http://www.abchs.c
Sensitive Security Information om/certification/ssi.
ABCHS
Certified (SSI)
php
American Society for Quality http://asq.org/cert/s
ASQ (ASQ) - Software Quality oftware-quality-
Certified Engineer (CSQE) engineer
https://www.cwnp.c
Wireless Certified Wireless Network
om/certifications/cw
Network Administrator (CWNA)
Certified na
Professional https://www.cwnp.c
Wireless Certified Wireless Network
om/certifications/cw
Network Expert (CWNE)
Certified ne
Professional https://www.cwnp.c
Wireless Certified Wireless Security
om/certifications/cw
Network Professional (CWSP) sp
Certified
Professional https://www.cwnp.c
Wireless Certified Wireless Technology
om/certifications/cw
Network Specialist (CWTS)
Certified ts
Professional https://www.cwnp.c
Wireless Certified Wireless Analysis
om/certifications/cw
Network Professional (CWAP)
ap
Professional
Certified Computer Security
CERT H
Incident Handler (CSIH)

Cisco CCNA-Security

Cisco CCNP-Security

Cisco SCyber
 https://certification.
CompTIA A+ comptia.org/certifica H
https://certification.
tions/a
comptia.org/certifica
CompTIA Advanced Security Practitioner tions/comptia- C, H
(CASP)
advanced-security-
https://certification.
practitioner
Certified Technical Trainer+
CompTIA comptia.org/certifica
(CTT+)
tions/ctt
https://certification.
comptia.org/certifica
CompTIA Cloud Essentials
tions/cloud-
essentials
https://certification.
CompTIA Cloud+ comptia.org/certifica
tions/cloud
https://certification.
comptia.org/certifica
CompTIA IT Fundamentals
tions/it-
fundamentals
https://certification.
CompTIA Linux+ comptia.org/certifica
tions/linux
https://certification.
CompTIA Mobility+ comptia.org/certifica
tions/mobility
https://certification.
CompTIA Network+ comptia.org/certifica C, H
tions/network
https://certification.
CompTIA Project+ comptia.org/certifica
tions/project
https://certification.
CompTIA Security+ comptia.org/certifica C, H
tions/security
https://certification.
CompTIA Server+ comptia.org/certifica
tions/server
https://certification.
CompTIA Social Media Security comptia.org/certifica
tions/social-media-
https://certification.
security
comptia.org/certifica
CompTIA C
CySA+ tions/cybersecurity-
analyst
https://www.dama.o
Certified Data Management
DAMA rg/content/certificati
Professional on
Department of Defense Cyber
http://www.dcita.ed
DCITA Crime Center (DC3)
u/
Certifications
Defense Acquisition Workforce http://icatalog.dau.
Defense
Improvement Act (DAWIA) mil/onlinecatalog/Ca
Acquisition Information Technology (IT) - reerLvl.aspx?
University Defense
Defense Level I Acquisition Workforce http://icatalog.dau.
lvl=1&cfld=6
Improvement Act (DAWIA) mil/onlinecatalog/Ca
Acquisition
Information Technology (IT) - reerLvl.aspx?
University Defense
Defense Level II Acquisition Workforce http://icatalog.dau.
lvl=2&cfld=6
Improvement Act (DAWIA) mil/onlinecatalog/Ca
Acquisition
Information Technology (IT) - reerLvl.aspx?
University Defense
Defense Level III Acquisition Workforce http://icatalog.dau.
lvl=3&cfld=6
Improvement Act (DAWIA) mil/onlinecatalog/Ca
Acquisition Program Management (PM) - reerLvl.aspx?
University Defense
Defense Level I Acquisition Workforce http://icatalog.dau.
lvl=1&cfld=9
Improvement Act (DAWIA) mil/onlinecatalog/Ca
Acquisition Program Management (PM) - reerLvl.aspx?
University Defense
Defense Level II Acquisition Workforce http://icatalog.dau.
lvl=2&cfld=9
Improvement Act (DAWIA) mil/onlinecatalog/Ca
Acquisition
Program Management (PM) - reerLvl.aspx?
University
Level III lvl=3&cfld=9
 https://ciso.eccounci
Certified Chief Information
EC Council l.org/cciso-
Security Officer (CCISO)
certification/
https://www.eccoun
EC Council EC-Council Certified Encryption cil.org/Certification/
Specialist (ECES) ec-council-certified-
https://www.eccoun
encryption-specialist
EC-Council Certified Incident cil.org/Certification/
EC Council
Handler (ECIH) ec-council-certified-
https://www.eccoun
incident-handler
EC-Council Certified Network cil.org/Certification/
EC Council
Defense Architect (CNDA) certified-network-
https://www.eccoun
defense-architect
EC Council EC-Council Certified Secure cil.org/Certification/
Computer User (CSCU) certified-secure-
https://www.eccoun
computer-user
EC-Council Certified Secure cil.org/Certification/
EC Council
Programmer (ECSP) ec-council-certified-
https://www.eccoun
secure-programmer
EC-Council Certified Security cil.org/about-ec-
EC Council Analyst (ECSA) council-certified- H
https://www.eccoun
security-analyst
Certified Network Defender cil.org/programs/cer
EC Council (CND) tified-network-
defender-cnd/
Certified EC Council Instructor
EC Council (CEI)
https://www.eccoun
EC-Council Certified Security cil.org/Certification/
EC Council Specialist (ECSS) H
ec-council-certified-
https://www.eccoun
security-specialist
EC-Council Certified VoIP cil.org/Certification/
EC Council Professional (ECVP) ec-council-certified-
https://www.eccoun
voip-professional
cil.org/Certification/
EC-Council Disaster Recovery
EC Council ec-council-disaster-
Professional (EDRP)
recovery-
https://www.eccoun
EC-Council Licensed professional
cil.org/about-
EC Council
Penetration Tester (LPT) licensed-
https://www.eccoun
penetration-tester
EC-Council Certified Ethical cil.org/Certification/
EC Council C, D, H
Hacker (CEH) certified-ethical-
https://www.eccoun
hacker
cil.org/certification/c
EC-Council Computer Hacking
EC Council omputer-hacking- C, H
Forensic Investigator (CHFI) forensics-
Licensed penetration Tester investigator
EC Council
(LPT)
Certified Enterprise Architect https://www.feacins
FEAC Institute (CEA) titute.org/feac-
https://www.fai.gov
training/feaf
Federal Acquisition
Federal /drupal/certification
Certification - Program and
Acquisition Project Management (FAC - /program-and-
Institute https://www.fai.gov
project-managers-
Federal Acquisition
P/PM) - Entry/Apprentice
Federal /drupal/certification
fac-ppm
Certification - Program and
Acquisition Project Management (FAC - /program-and-
Institute https://www.fai.gov
project-managers-
Federal
P/PM) - Acquisition
Mid-Level/Journeyman /drupal/certification
Federal fac-ppm
Certification - Program and
Acquisition Project Management (FAC - /program-and-
Institute Federal Acquisition Institute https://www.fai.gov
project-managers-
Federal P/PM) - Senior/Expert
(FAI) Certification in Program /drupal/certification
fac-ppm
Acquisition and Project Management (FAC- /program-and- H
Institute P/PM) (entry, mid, senior, and project-managers-
IT core-plus) https://www.fismac
fac-ppm
FISMA Center Certified FISMA Compliance enter.com/default.a
Practitioner (CFCP)
sp?lnc=certifications
 http://www.giac.org
GASF: GIAC Advanced /certification/advanc
GIAC
Smartphone Forensics ed-smartphone-
http://www.giac.org
forensics-gasf
GIAC GIAC Assessing Wireless /certification/assessi
Networks (GAWN) ng-auditing-wireless-
http://www.giac.org
networks-gawn
GIAC Certified Enterprise /certification/certifie
GIAC H
Defender (GCED) d-enterprise-
http://www.giac.org
defender-gced
GIAC Certified Forensic Analyst /certification/certifie
GIAC H
(GCFA) d-forensic-analyst-
http://www.giac.org
gcfa
GIAC GIAC Certified Forensic /certification/certifie H
Examiner (GCFE) d-forensic-examiner-
gcfe
GIAC Certified Firewall Analyst
GIAC
(GCFW)
http://www.giac.org
GIAC Certified Incident Handler /certification/certifie
GIAC (GCIH) d-incident-handler- H
http://www.giac.org
gcih
GIAC Certified Intrusion Analyst /certification/certifie
GIAC (GCIA) d-intrusion-analyst- D, H
gcia
GIAC Certified Project
GIAC
Manager (GCPM)
http://www.giac.org
GIAC Certified Penetration
GIAC /certification/penetr H
Tester (GPEN) http://www.giac.org
ation-tester-gpen
/certification/certifie
GIAC Certified Perimeter
GIAC Protection Analyst (GPPA) d-perimeter- H
protection-analyst-
http://www.giac.org
GIAC Certified UNIX Security gppa
/certification/certifie
GIAC
Administrator (GCUX) d-unix-security-
http://www.giac.org
administrator-gcux
GIAC GIAC Certified Web Application /certification/certifie H
Defender (GWEB) d-web-application-
http://www.giac.org
defender-gweb
GIAC Certified Windows /certification/certifie
GIAC
Security Administrator (GCWN) d-windows-security-
http://www.giac.org
administrator-gcwn
GIAC Continuous Monitoring /certification/contin
GIAC H
Certification (GMON) uous-monitoring-
http://www.giac.org
certification-gmon
GIAC Critical Controls /certification/critical
GIAC http://www.giac.org H
Certification (GCCC) -controls-
/certification/exploit
certification-gccc
GIAC Exploit Research and
-researcher-
GIAC Advanced Penetration Tester advanced- H
(GXPN) http://www.giac.org
penetration-tester-
GIAC Information Security /certification/inform
gxpn
GIAC C
Fundamentals (GISF) ation-security-
http://www.giac.org
fundamentals-gisf
GIAC Information Security /certification/inform
GIAC
Professional (GISP) ation-security-
http://www.giac.org
professional-gisp
GIAC Law of Data Security & /certification/law-
GIAC Investigations (GLEG) data-security-
http://www.giac.org
investigations-gleg
GIAC Mobile Device Security /certification/mobile
GIAC Analyst (GMOB) -device-security-
http://www.giac.org
analyst-gmob
GIAC Network Forensic Analyst /certification/networ
GIAC
(GNFA) k-forensic-analyst-
gnfa
 http://www.giac.org
GIAC Reverse Engineering /certification/revers
GIAC H
Malware (GREM) e-engineering-
http://www.giac.org
malware-grem
/certification/secure
GIAC GIAC Secure Software -software-
Programmer- .NET (GSSP-.NET) http://www.giac.org
programmer-net-
/certification/secure
gssp-net
GIAC Secure Software
GIAC -software-
Programmer-Java (GSSP-JAVA)
programmer-java-
http://www.giac.org
gssp-java
GIAC Security Essentials
GIAC /certification/securit H
Certification (GSEC)
y-essentials-gsec
http://www.giac.org
GIAC GIAC Security Expert (GSE) /certification/securit H
y-expert-gse
http://www.giac.org
GIAC Security Leadership
GIAC /certification/securit
Certification (GSLC)
y-leadership-gslc
http://www.giac.org
GIAC Systems and Network /certification/system
GIAC Auditor (GSNA) s-network-auditor-
http://www.giac.org
gsna
/certification/web-
GIAC Web Application
GIAC Penetration Tester (GWAPT) application- H
penetration-tester-
http://www.giac.org
Global Cybersecurity Program gwapt /certification/certifie
GIAC
Manager (GCPM) d-project-manager-
http://www.giac.org
gcpm
/certification/global-
Global Industrial Cyber Security
GIAC industrial-cyber-
Professional (GICSP)
security-
https://www.axelos.
professional-gicsp
Information Technology
ICMB Infrastructure Library (ITIL) com/qualifications/i
til-qualifications
Information Technology https://www.axelos.
ICMB Infrastructure Library (ITIL) - V2 com/qualifications/i
Foundations Certification til-qualifications
https://www.axelos.
ICMB ITIL v3 Foundations com/qualifications/i
til-qualifications
IEEE Software Quality Engineer http://www.isaca.or
IEEE
Certification g/Certification/CRISC
Certified in Risk and -Certified-in-Risk-
ISACA Information Systems Control http://www.isaca.or
and-Information- D, H
(CRISC) g/Certification/CGEI
Systems-
T-Certified-in-the-
Certified in the Governance of Control/Pages/defau
http://www.isaca.or
ISACA Governance-of-
lt.aspx
Enterprise IT (CGEIT) g/Certification/CISM
Enterprise-
Certified Information Security -Certified-
IT/Pages/default.asp
http://www.isaca.or
ISACA Manager (CISM) Information-
xg/Certification/CISA- D
Security-
Certified Information Systems Certified-
Manager/Pages/defa
ISACA Information-
ult.aspx D
Auditor (CISA)
Systems-
Cybersecurity Nexus – CSX https://cybersecurity
Auditor/Pages/defau
ISACA Certificate and CSX-P .isaca.org/csx-
lt.aspx
Certification certifications
Certified Authorization https://www.isc2.or
ISC2 Professional (CAP) g/cap/default.aspx C, H

Certified Cloud Security https://www.isc2.or

ISC2 Professional (CCSP) g/ccsp/default.aspx
Certified Cyber Forensics https://www.isc2.or
ISC2 C, H
Professional (CCFP) g/ccfp/default.aspx
 Certified Information Systems https://www.isc2.or
ISC2
Security Professional (CISSP) g/cissp/default.aspx
ISC2 Certified Secure Software
Lifecycle Professional (CSSLP)
CISSP Information Systems
ISC2 Security Architecture
Professional (CISSP-ISSAP)
CISSP Information Systems
ISC2 Security Engineering
Professional (CISSP-ISSEP)
CISSP Information Systems
ISC2 Security Management
Professional (CISSP-ISSMP)
HealthCare Information
ISC2 Security and Privacy
Practitioner (HCISPP)
Systems Security Certified
ISC2 Practitioner (SSCP)
International Society of
Forensic Computer Examiners
ISFCE (ISFCE) Certified Computer
Examiner (CCE)
Logical
CyberSec First Responder (CFR)
Operations
Certified Healthcare IS Security
Mile2
Practitioner (C)HISSP)
Certified Information Systems
Mile2 Risk Manager (C)ISRM)
Certified Information Systems
Mile2
Security Auditor (C)ISSA)
Certified Secure Web
Mile2 Applications Engineer
(C)SWAE)
Certified Vulnerability Assessor
Mile2
(C)VA)
Certified Wireless Security
Mile2
Engineer (C)WSE)
Information Systems
Mile2 Certification and Accreditation
Professional (ISCAP)
Key: D- Department of Navy; C - Certification
Provider; H - Health and Human Services
C, H
https://www.isc2.or
g/csslp/default.aspx
https://www.isc2.or
C
g/issap.aspx
https://www.isc2.or
C
g/issep.aspx
https://www.isc2.or C
g/issmp/default.aspx
https://www.isc2.or
g/hcispp/default.asp
x
http://www.itsecurit
ycareer.com/certific H
ations/sscp/
http://www.isfce.co
m/certification.htm
http://logicaloperati
ons.com/certificatio
https://www.compe
C
ns/1/CyberSec-First-
ndium.pl/training/66
Responder/
28/mile2-
authorized-training-
http://www.mile2.co
chissp-certified-
m/general-security-
healthcare-is-
courses/certified-
http://www.mile2.co
security-practitioner
information-
m/general-security-
systems-risk-
courses/certified-
manager.html
information-
http://www.mile2.co
systems-security-
m/secure-code-
auditor.html
engineer/secure-
http://www.mile2.co
web-app-
m/general-security-
engineer.html
courses/certified-
http://www.mile2.co
vulnerability-
m/secure-code-
assessor.html
engineer/certified-
wireless-security-
http://www.mile2.co
engineer.html
m/general-security-
courses/iscap-
outline-menu.html
*Relation Descriptions:
Foundational: This credential ensures a person has pre-requisite knowledge, skills, and abilities before attempting to work in t
Related: This credential ensures an individual has knowledge, skills, and abilities that are generally aligned to this NICE functio
Specialist: This credential ensures that an individual has demonstrated knowledge, skill, and ability within this NICE functional
 Analyze

Exploitation Analysis
All-Source Analysis (ASA) Targets (TGT)
(EXP)

121 111 112 131 132

Exploitation Analyst All-Source Analyst Mission Assessment Target Developer (AN- Target Network
(AN-EXP-001) (AN-ASA-001) Specialist (AN-ASA- TGT-001) Analyst (AN-TGT-002)
002)

H H

H
 H

C, H

C, H

C, H H H

C, H C, H C C C, H

H
 H H

C, H C, H C C C, H

H D, H H

C, H H H

H
 H

C, H H H

H D, H H

C, H

C, H

H
C, H

C, H

C, H

H D

C, H

C, H
C, H D, H H

C, H

H
bilities before attempting to work in this NICE functional area.
generally aligned to this NICE functional area. Individuals possessing these skills should have conceptional familiarity in this functional are
and ability within this NICE functional area.
 Investigate

Language Analysis Cyber Investigation

Digital Forensics (FOR) Collection Operations (CLO)
(LNG) (INV)

151 221 211 212 311

Multi-Disciplined Cyber Crime Law / Counterintel Cyber Defense All Source-Collection

Language Analyst (AN- Investigator (IN-INV- Forensics Analyst (IN- Forensics Analyst (IN- Manager (CO-CLO-
LNG-001) 001) FOR-001) FOR-002) 001)

C
 C

C D, H H

C C

H H
C C

D, H H

C, D C, D, H C, H
 H H

C C

C C, D, H H

C C, D, H H

C C, D, H H

C, D, H H

H H

H H

H H
C C, D, H H

C C, D

H H

C C

C C, H H
C C, H H

C C

C C

C C

C C

C C

H H

C
ceptional familiarity in this functional area.
 Collect and Operate

Cyber Operations
Collection Operations (CLO) Cyber Operational Planning (OPL)
(OPS)

312 331 332 333 321

All Source-Collection
Requirements Cyber Intel Planner Cyber Ops Planner Partner Integration Cyber Operator (CO-
Manager (CO-CLO- (CO-OPL-001) (CO-OPL-002) Planner (CO-OPL-003) OPS-001)
002)
 H

C C C C C

H
C C C C C

D H

H
H
H

H
D H

H
 Operate and Maintain

Customer Service and

Knowledge Network Services
Data Administration (DTA) Technical Support
Management (KMG) (NET)
(STS)

421 422 431 411 441

Database Data Analyst (OM- Knowledge Manager Technical Support Network Operations
Administrator (OM- DTA-002) (OM-KMG-001) Specialist (OM-STS- Specialist (OM-NET-
DTA-001) 001) 001)

H H

H H

H H

H H

C
C, D D C, D, H C, D, H

D, H C, D

C, D D C, D, H C, D, H

D, H H D, H D, H C, D, H

H H H H

H H H
 H H

C, D C, D

H H H

H H H
 C

H H

H C

H C

H C, H

C
D, H H H D, H C, D

D D

H H H H H

H H H

D, H H H

H C

C
D, H H H D, H C, D, H

H H H C

H H H C

H H H H C, H

D D, H D
 Protect and Defend

Cybersecurity Defense
Systems Systems Analysis Cybersecurity Defense Incident Response
Infrastructure Support
Administration (ADM) (ANA) Analysis (CDA) (CIR)
(INF)

451 461 511 521 531

System Administrator Systems Security Cyber Defense Analyst Cyber Defense Cyber Defense
(OM-ADM-001) Analyst (OM-ANA- (PR-CDA-001) Infrastructure Support Incident Responder
001) Specialist (PR-INF-001) (PR-CIR-001)

H H

H H

H H H

H H D, H

H H H H H

H H H H H

C C
C, D, H C, H C, H C, H C, H

C, D, H C, D, H C, H H C, H

C, H H H

C, D, H C, H C, H H C, H

C, D C, D, H C, H C, D, H C, H

H H H

C C, H H H

H
 C, D

H H

C C, H H H

C, D C, D C, D

H H H H H

C, D, H D, H C, D, H

H H C, H

H H H
 H

C C C, H H C, H

H H C, D, H

H H C, H

C C

C, D, H H C, D, H

C, D, H H C, D, H

C H H H

H H H H

H C, H H

H H H

H H H

H H H

H H H

C H H H

C, H C, H C H C

C, H C, H H C

H
 H H C, H

C, D C, D, H C, H D, H C, H

H H H

C H H H

C C

H H H

H H H

H H H H

D D

H H H

C, H C, D, H C, H H C, H

H H H

C C C, H H C, H
C, D C, D, H C, H D, H C, H

C C, H C C

C C C C

C C, H C H C

C C C C

H H H

C, D C, D, H C, H D, H C, H

C, D C, D

H
nd Securely

Vulnerability
Assessment and Risk Management (RSK) Software Development (DEV)
Management (VAM)

541 611 612 621 622

Authorizing
Vulnerability Official/Designating Security Control Software Developer Secure Software
Assessment Analyst Representative (SP- Assessor (SP-RSK-002) (SP-DEV-001) Assessor (SP-DEV-002)
(PR-VAM-001)
RSK-001)

H H H

C
 C, D C, D, H C, D, H

C, H C, D, H C, H C H

C, D, H C, D H C

C, D, H C, D, H C, H C C, H

C, D, H C, H
 C C H

C, H C, H

C, D, H C, H H

C, D

D H

C, D, H C, H H H H

D H

H H
C, H H H

C H

C H

C, H H H C H

H H H

H H

C, H H C

C, H H C H

C C, H C H

C
 H

C C, H H

C C, H H

C, H C, H H C H

H C, D, H H

H C H H

H H H C H

C C H

H H H H

H H

H D, H H H

H H H H

C, H C, D, H H

H H H

C C
C, D, H C, D, H H D, H

C D, H

C C

C C

C C

C, H C, D, H H

C, D

H H H

H H

H H H

H
 Securely Provision

Systems Requirements Test and Evaluation

Systems Architecture (ARC) Technology R&D (TRD)
Planning (SRP) (TST)

651 652 661 641 671

Research &
Enterprise Architect Security Architect (SP- Development Systems Requirements System Testing and
(SP-ARC-001) ARC-002) Specialist (SP-TRD- Planner (SP-SRP-001) Evaluation Specialist
(SP-TST-001)
001)

H H H H

H H

H
 C D C C, D

C, D, H C, H C, D, H C, H C, D, H

H H H

H H H

C D C C, D, H

C H C, D, H C, H C, D, H

C H C C
 H

H H H H

C H C C

C, D C C, D C

H C, H C, H H

H H H

H
C H

C H

C H

C H

C C

H H

H H

H H H

C C C

H H H H

H H

C H C C

C H C C

C
 H

H C C

H C C

C H C C, H

H H

C D, H C D

C H H

H H

C H

H H D, H

H H D, H

H H

H H H

D, H D, H

H H

C D C C, D, H

H H H H

C C C
C, D, H H D C, H C, D, H

C, D C C

C, D, H H C, H C

C, D, H H C, H C

C C C

C H D C, H C, D, H

H
 Systems Development (SYS) Legal Advice and Advocacy (LGA) Training, Education, and Awareness (TED)

631 632 731 732 711

Information Systems Systems Developer Cyber Legal Advisor Privacy Compliance Cyber Instructional
Security Developer (SP-SYS-002) (OV-LGA-001) Manager (OV-LGA- Curriculum Developer
(SP-SYS-001) 002) (OV-TEA-001)

H H

H H
 C D

C D

D, H

C, H H D, H
 C C

H H

C C

H H

H H H H

H H

H H
H H

H H

H H

H H

C H H
 C

C H H

H H

D, H H

D, H H H H

H H

H H

C H H

H H

C
C, D, H H H H D

C D

C, H H D

C, H H D

C H H

H H

C, H H
 Oversee and Govern

g, Education, and Awareness (TED) Cybersecurity Management (MGT) Strategic Planning and Policy (SPP)

712 722 723 751 752

Cyber Workforce
Cyber Instructor (OV- Information Systems COMSEC Manager Developer and Cyber Policy and
TEA-002) Security Manager (OV- (OV-MGT-002) Manager (OV-SPP- Strategy Planner (OV-
MGT-001) SPP-002)
001)

H H

H
 C C

C, D, H C, D

H H

C, D H C

H H

H C, D, H C, D, H

H
 C, D C C, D C

H H

H H

H H

H H
 H

H H C

C, H C

C, H C H
 C, H C H

C, D, H C, D

C, H H C

H H

H H

D, H H D H

C, D, H C, D H

C C
C, D, H C, D H

C, H C

C, H C

C, H C

C, H C H

H H

C, D, H H C

H
rn

Acquisition and Program/Project Management (PMA)

801 802 803 804 805

IT
Program Manager IT Project Manager Product Support Investment/Portfolio IT Program Auditor
(OV-PMA-001) (OV-PMA-002) Manager (OV-PMA- Manager (OV-PMA- (OV-PMA-005)
003)
004)

H H

H H H
 H H H

H H H

H H

H H

D, H H

D
C C C C, H C

H H

H H H H

H H

H H

H H H

H H H

H H H
H H H

H H H

H H H H
 H H H H

D, H H H H

H H H

D, H H

D, H H H

H H H

H H H H

D, H H H H

H H H H H

H H H H H

H H H H
D, H H H H H

H H

H H

H H

H H H H

H H H H

H H H

H H H
 Executive
Cybersecurity
Leadership (EXL)

901

Executive Cyber
Leadership (OV-EXL-
001)

H
D

H
C, D, H

H
H

H
 H

D, H

D, H

H
D, H