1033

May 21, 2020
KSATs
1033 (NIST ID: K0167)

Knowledge

Knowledge of basic system administration, network, and operating system hardening techniques.
Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSAT for the following Work Roles

Cyber Defense Incident Responder (Core) ID: 531 (NIST ID: PR-IR-001) Workforce Element: Cybersecurity

Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.
System Administrator (Core) ID: 451 (NIST ID: OM-SA-001) Workforce Element: IT (Cyberspace)

Installs, configures, troubleshoots, and maintains hardware, software, and administers system accounts.

Additional KSAT for the following Work Roles

Cyber Defense Analyst (Additional) ID: 511 (NIST ID: PR-DA-001) Workforce Element: Cybersecurity

Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs.) to analyze events that occur within their environments for the purposes of mitigating threats.
Cyber Defense Forensics Analyst (Additional) ID: 212 (NIST ID: IN-FO-002) Workforce Element: Cybersecurity

Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system/network vulnerability mitigation.
Cyberspace Operator (Additional) ID: 322 (NIST ID: N/A) Workforce Element: Cyberspace Effects

Cyberspace Operators use a wide range of software applications for network navigation, tactical forensic analysis, surveillance and reconnaissance, and executing on-net operations in support of offensive cyberspace operations when directed.
Forensics Analyst (Additional) ID: 211 (NIST ID: IN-FO-001) Workforce Element: Cyberspace Enablers / Legal/Law Enforcement

Conducts deep-dive investigations on computer-based crimes establishing documentary or physical evidence, to include digital media and logs associated with cyber intrusion incidents.
Host Analyst (Additional) ID: 463 (NIST ID: N/A) Workforce Element: Cyberspace Effects

A Host Analyst (HA) will have knowledge of various system configurations encountered. This work role also performs analysis using built-in tools and capabilities. A Host Analyst will have knowledge of system services and the security and configuration of them, as well as knowledge of file systems, permissions, and operation system configurations. The Host Analyst conducts analysis using built-in tools and capabilities.
Information Systems Security Manager (Additional) ID: 722 (NIST ID: OV-MG-001) Workforce Element: Cybersecurity

Responsible for the cybersecurity of a program, organization, system, or enclave.
Network Analyst (Additional) ID: 443 (NIST ID: N/A) Workforce Element: Cyberspace Effects

The Network Analyst will understand network traffic signatures and discover anomalies through network traffic and packet capture (PCAP) analysis. The Network Analyst will identify, assess, and mitigate intrusions into networks that are vital to cyberspace operations security. Network Analysts also use GUI or command-line based tools and assist in developing network mapping and signatures. Network Analysts will develop advanced network detection rules and alerts, queries and dashboards to gain a holistic view of the network.
Network Technician (Additional) ID: 442 (NIST ID: N/A) Workforce Element: Cyberspace Effects

The Network Technician provides enterprise and tactical infrastructure knowledge, experience, and integration to the Cyber Protection Team (CPT). The Network Technician supports CPT elements by understanding of network technologies, defining mission scope, and identifying terrain.
Vulnerability Assessment Analyst (Additional) ID: 541 (NIST ID: PR-VA-001) Workforce Element: Cybersecurity

Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.