991

May 21, 2020
KSATs
991 (NIST ID: K0161)

Knowledge

Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSAT for the following Work Roles

Cyber Defense Analyst (Core) ID: 511 (NIST ID: PR-DA-001) Workforce Element: Cybersecurity

Uses data collected from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs.) to analyze events that occur within their environments for the purposes of mitigating threats.
Cyber Defense Incident Responder (Core) ID: 531 (NIST ID: PR-IR-001) Workforce Element: Cybersecurity

Investigates, analyzes, and responds to cyber incidents within the network environment or enclave.

Additional KSAT for the following Work Roles

Network Technician (Additional) ID: 442 (NIST ID: N/A) Workforce Element: Cyberspace Effects

The Network Technician provides enterprise and tactical infrastructure knowledge, experience, and integration to the Cyber Protection Team (CPT). The Network Technician supports CPT elements by understanding of network technologies, defining mission scope, and identifying terrain.
Vulnerability Assessment Analyst (Additional) ID: 541 (NIST ID: PR-VA-001) Workforce Element: Cybersecurity

Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.