System Testing and Evaluation Specialist

System Testing and Evaluation Specialist Work Role ID: 671 (NIST: SP-TE-001) Category/Specialty Area: Securely Provision / Test and Evaluation Workforce Element: IT (Cyberspace)

Plans, prepares, and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results.


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
40

Knowledge of organization’s evaluation and validation requirements.

Knowledge
53

Knowledge of the Security Assessment and Authorization process.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
169

Skill in conducting test events.

Skill
176

Skill in designing a data analysis structure (i.e., the types of data your test must generate and how to analyze those data).

Skill
182

Skill in determining an appropriate level of test rigor for a given system.

Skill
190

Skill in developing operations-based testing scenarios.

Skill
220

Skill in systems integration testing.

Skill
239

Skill in writing test plans.

Skill
412A

Analyze the results of software, hardware, or interoperability testing.

Task
508

Determine level of assurance of developed capabilities based on test results.

Task
550

Develop test plans to address specifications and requirements.

Task
694

Make recommendations based on test results.

Task
748A

Perform developmental testing on systems under development.

Task
757A

Perform interoperability testing on systems exchanging electronic information with other systems.

Task
761A

Perform operational testing.

Task
858A

Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.

Task
858B

Record and manage test data.

Task
950

Skill in evaluating test plans for applicability and completeness.

Skill
951

Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated.

Task
1006

Create auditable evidence of security measures.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5650

Validate specifications and requirements for testability.

Task
6020

Ability to analyze test data.

Ability
6060

Ability to collect, verify, and validate test data.

Ability
6170

Ability to translate data and test results into evaluative conclusions.

Ability
6430

Knowledge of Test & Evaluation processes.

Knowledge
6500

Skill in conducting Test Readiness Reviews.

Skill
6530

Skill in designing and documenting overall program Test & Evaluation strategies.

Skill
6580

Skill in identifying Test & Evaluation infrastructure (people, ranges, tools, instrumentation) requirements.

Skill
6600

Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.

Skill
6630

Skill in preparing Test & Evaluation reports.

Skill
6641

Skill in providing Test & Evaluation resource estimate.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs

KSAT ID Description KSAT
38

Knowledge of organization’s enterprise information security architecture system.

Knowledge
63

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge
81A

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge
83

Knowledge of network hardware devices and functions.

Knowledge
127

Knowledge of systems administration concepts.

Knowledge
144

Knowledge of the systems engineering process.

Knowledge
238A

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Skill
904

Knowledge of interpreted and compiled computer languages.

Knowledge
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1034B

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
1037

Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.

Knowledge
1038

Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance, and reliability.

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1131

Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
1142

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Knowledge
3307

Knowledge of cybersecurity-enabled software products.

Knowledge