936

936 (NIST ID: T0251)

Task

Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).

Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.


Core KSAT for the following Work Roles

Systems Security Analyst (Core) ID: 461 (NIST ID: OM-AN-001) Workforce Element: Software Engineering

Responsible for analysis and development of systems/software security through the product lifecycle to include integration, testing, operations and maintenance.

Additional KSAT for the following Work Roles

Information Systems Security Developer (Additional) ID: 631 (NIST ID: SP-SYS-001) Workforce Element: Cybersecurity

Designs, develops, tests, and evaluates information system security throughout the systems development lifecycle.

IT Program Auditor (Additional) ID: 805 (NIST ID: OV-PM-005) Workforce Element: Cyberspace Enablers / Acquisition

Conducts evaluations of an IT program or its individual components, to determine compliance with published standards.

Product Support Manager (Additional) ID: 803 (NIST ID: OV-PM-003) Workforce Element: Cyberspace Enablers / Acquisition

Manages the package of support functions required to field and maintain the readiness and operational capability of systems and components.

Secure Software Assessor (Additional) ID: 622 (NIST ID: SP-DEV-002) Workforce Element: Cybersecurity

Analyzes the security of new or existing computer applications, software, or specialized utility programs and provides actionable results.

Security Architect (Additional) ID: 652 (NIST ID: SP-ARC-002) Workforce Element: Cybersecurity

Designs enterprise and systems security throughout the development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into security designs and processes.

Security Control Assessor (Additional) ID: 612 (NIST ID: SP-RM-002) Workforce Element: Cybersecurity

Conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST 800-37).