COMSEC Manager

COMSEC Manager Work Role ID: 723 (NIST: OV-MG-002) Category/Specialty Area: Oversee & Govern / Cybersecurity Management Workforce Element: Cybersecurity

Manages the Communications Security (COMSEC) resources of an organization (CNSSI No. 4009).


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
25

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge
37

Knowledge of disaster recovery continuity of operations plans.

Knowledge
55

Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.

Knowledge
61

Knowledge of incident response and handling methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
395

Advise senior management (e.g., CIO) on risk levels and security posture.

Task
578

Ensure security improvement actions are evaluated, validated, and implemented as required.

Task
824

Recognize a possible security violation and take appropriate action to report the incident, as required.

Task
852

Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered.

Task
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs

KSAT ID Description KSAT
129

Knowledge of system life cycle management principles, including software security and usability.

Knowledge
143

Knowledge of the organization’s enterprise information technology (IT) goals and objectives.

Knowledge
183

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Skill
299

Knowledge of information security program management and project management principles and techniques.

Knowledge
325

Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management).

Knowledge
396

Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.

Task
445

Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.

Task
475

Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.

Task
596

Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.

Task
600

Evaluate cost benefit, economic, and risk analysis in decision making process.

Task
1004

Knowledge of critical information technology (IT) procurement requirements.

Knowledge
1040A

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge