Enterprise Architect

Enterprise Architect Work Role ID: 651 (NIST: SP-ARC-001) Workforce Element: IT (Cyberspace)

Develops and maintains business, systems, and information processes to support enterprise mission needs; develops information technology (IT) rules and requirements that describe baseline and target architectures.


Qualification Matrix

  BasicIntermediateAdvancedNotes
Foundational Qualification OptionsEducation A BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRCA BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRCTBDFor additional information pertaining to ABET: www.abet.org or CAE: www.caecommunity.org
Foundational Qualification OptionsOR OR OR
Foundational Qualification OptionsDoD/Military TrainingTBDTBDTBDSee TAB C (DCWF Training Repository) below for additional course information.
Foundational Qualification OptionsCommercial TrainingTBDTBDTBD
Foundational Qualification OptionsOR OR OR
Foundational Qualification OptionsPersonnel CertificationCNDFITSP-D or GDSA or CASP+ or CCSP or Cloud+ or CSSLP or GSECCISSO or GCIA or GCSA or GCLD or GICSP or CISSP-ISSAP or CISSP-ISSEPSee TAB B (Certification Index) below for certification vendor information. Courses at higher proficiency levels qualify lower levels.
Foundational Qualification AlternativeExperienceConditional AlternativeConditional AlternativeConditional AlternativeRefer to Section 3 of the DoD 8140 Manual for more information.
Residential QualificationOn-the-Job QualificationAlways RequiredAlways RequiredAlways RequiredIndividuals must demonstrate capability to perform their duties in their resident environment.
Residential QualificationEnvironment-Specific RequirementsComponent DiscretionComponent DiscretionComponent Discretion
Annual Maintenance Continuous Professional Development Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.

Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
38

Knowledge of organization’s enterprise information security architecture system.

Knowledge
68A

Ability to build architectures and frameworks.

Ability
79

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge
82A

Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
141A

Knowledge of the enterprise information technology (IT) architectural concepts and patterns to include baseline and target architectures.

Knowledge
143A

Knowledge of integrating the organization’s goals and objectives into the architecture.

Knowledge
144

Knowledge of the systems engineering process.

Knowledge
413A

Analyze user needs and requirements to plan architecture.

Task
569A

Document and update as necessary all definition and architecture activities.

Task
579

Ensure acquired or developed system(s) and architecture(s) are consistent with organization’s cybersecurity architecture guidelines.

Task
780A

Plan implementation strategy to ensure enterprise components can be integrated and aligned.

Task
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs

KSAT ID Description KSAT
34

Knowledge of database systems.

Knowledge
40

Knowledge of organization’s evaluation and validation requirements.

Knowledge
42

Knowledge of electrical engineering as applied to computer architecture, including circuit boards, processors, chips, and associated computer hardware.

Knowledge
43A

Knowledge of embedded systems.

Knowledge
46A

Knowledge of system fault tolerance methodologies.

Knowledge
51

Knowledge of how system components are installed, integrated, and optimized.

Knowledge
53A

Knowledge of risk assessments and authorization per Risk Management Framework processes.

Knowledge
62

Knowledge of industry-standard and organizationally accepted analysis principles and methods.

Knowledge
63

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge
65A

Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).

Knowledge
69A

Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).

Knowledge
70A

Knowledge of cybersecurity methods, such as firewalls, demilitarized zones, and encryption.

Knowledge
81A

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge
90

Knowledge of operating systems.

Knowledge
92

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
94

Knowledge of parallel and distributed computing concepts.

Knowledge
108A

Knowledge of the DoD implementation of the Risk Management Framework (RMF) to include processes.

Knowledge
109A

Knowledge of configuration management techniques.

Knowledge
110

Knowledge of key concepts in security management (e.g., Release Management, Patch Management).

Knowledge
111

Knowledge of security system design tools, methods, and techniques.

Knowledge
113A

Knowledge of N-tiered typologies including server and client operating systems.

Knowledge
119

Knowledge of software engineering.

Knowledge
130

Knowledge of systems testing and evaluation methods.

Knowledge
132A

Ability to execute technology integration processes.

Ability
133

Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

Knowledge
155

Skill in applying and incorporating information technologies into proposed solutions.

Skill
180

Skill in designing the integration of hardware and software solutions.

Skill
183

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Skill
183A

Knowledge in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Knowledge
224

Skill in design modeling and building use cases (e.g., unified modeling language).

Skill
483A

Captures and integrates essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event.

Task
484

Define appropriate levels of system availability based on critical system functions and ensure system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recover/restoration.

Task
502B

Develop enterprise architecture required to meet user needs.

Task
602

Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.

Task
631

Identify and prioritize critical business functions in collaboration with organizational stakeholders.

Task
765A

Integrate results regarding the identification of gaps in security architecture.

Task
797

Provide advice on project costs, design concepts, or design changes.

Task
809

Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Task
864A

Translate proposed capabilities into technical requirements.

Task
993A

Ability to apply the methods, standards, and approaches for describing, analyzing, and documenting an organization’s enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF]).

Ability
994A

Document how the implementation of a new system or new interface between systems impacts the current and target environment including but not limited to security posture.

Task
996B

Integrate key management functions as related to cyberspace.

Task
1037B

Knowledge of program protection planning to include information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements.

Knowledge
1038B

Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability).

Knowledge
1073

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Knowledge
1130

Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).

Knowledge
1133

Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
1136A

Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud).

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
1142

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Knowledge
1147A

Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce.

Task
2014

Analyze candidate architectures, allocate security services, and select security mechanisms.

Task
2390

Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.

Task
2887

Write detailed functional specifications that document the architecture development process.

Task
3153

Knowledge of circuit analysis.

Knowledge
3246

Knowledge of confidentiality, integrity, and availability requirements.

Knowledge
3307

Knowledge of cybersecurity-enabled software products.

Knowledge
3642

Knowledge of various types of computer architectures.

Knowledge
6030

Ability to apply an organization’s goals and objectives to develop and maintain architecture.

Ability
6150

Ability to optimize systems to meet enterprise performance requirements.

Ability
6330

Knowledge of multi-level/security cross domain solutions.

Knowledge
6680

Skill in the use of design methods.

Skill
6918

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

Ability
6942

Skill in designing or implementing cloud computing deployment models.

Skill
6945

Skill in migrating workloads to, from, and among the different cloud computing service models.

Skill