Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).
Core KSAT for the following Work Roles
No Work Roles with Core KSAT 69A
Additional KSAT for the following Work Roles
Responsible for device, equipment, and system-level cybersecurity configuration and day-to-day security operations of control systems, including security monitoring and maintenance along with stakeholder coordination to ensure the system and its interconnections are secure in support of mission operations.
Develops and maintains business, systems, and information processes to support enterprise mission needs; develops information technology (IT) rules and requirements that describe baseline and target architectures.
Responsible for the cybersecurity of a program, organization, system, or enclave.
Manages a portfolio of IT capabilities that align with the overall needs of mission and business enterprise priorities.
Conducts evaluations of an IT program or its individual components, to determine compliance with published standards.
Work that involves directly managing information technology projects to provide a unique service or product.
Manages the development of products including the resource management, product strategy (physical or digital), functional requirements, and releases. Coordinate work done by functions (like software engineers, data scientists, and product designers).
Manages the package of support functions required to field and maintain the readiness and operational capability of systems and components.
Leads, coordinates, communicates, integrates and is accountable for the overall success of the program, ensuring alignment with critical agency priorities.
Designs enterprise and systems security throughout the development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into security designs and processes.
Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST 800-37).