Software Engineering

Software Engineering


Below are the associated Work Roles. Click the arrow to expand/collapse the Work Role information and view the associated Core and Additional KSATs (Knowledge, Skills, Abilties, and Tasks). Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role. Click on the other blue links to further explore the information.
DevSecOps Specialist Work Role ID: 627 (NIST: N/A) Workforce Element: Software Engineering

Selects/Deploys/Maintains the set of Continuous Integration/Continuous Deployment (CI/CD) tools and processes used by the development team and/or maintains the deployed software product and ensures observability and security across the lifecycle.

Core KSATs

KSAT ID Description KSAT
3C

Skill in recognizing vulnerabilities in information and/or data systems.

Skill
3B

Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.

Skill
4

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

Ability
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
34

Knowledge of database systems.

Knowledge
58

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
130

Knowledge of systems testing and evaluation methods.

Knowledge
130A

Knowledge of systems security testing and evaluation methods.

Knowledge
142A

Knowledge of the operations and processes for incident, problem, and event management.

Knowledge
144

Knowledge of the systems engineering process.

Knowledge
190

Skill in developing operations-based testing scenarios.

Skill
238A

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Skill
412A

Analyze the results of software, hardware, or interoperability testing.

Task
420

Apply security policies to meet security objectives of the system.

Task
421a

Apply security architecture principles to meet organization’s confidentiality, integrity, and availability requirements.

Task
452

Conduct functional and connectivity testing to ensure continuing operability.

Task
559B

Analyze and report system security posture trends.

Task
568

Employ secure configuration management processes.

Task
572

Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.

Task
576

Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

Task
653B

Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk.

Task
661A

Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.

Task
708A

Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.

Task
726

Oversee and make recommendations regarding configuration management.

Task
729A

Verify minimum security requirements are in place for all applications.

Task
754

Perform cybersecurity testing of developed applications and/or systems.

Task
880A

Work with stakeholders to resolve computer security incidents and vulnerability compliance.

Task
1037A

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2054

Assess the effectiveness of security controls.

Task
3030

Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.

Ability
3822

Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.

Skill
5940

Work with designers and developers throughout the design, development and testing process.

Task
5939

Choose and deploy the appropriate automated application security testing tools.

Task
5941

Utilize tools and techniques like risk assessment, threat modeling, and cybersecurity to detect and analyze the threats.

Task
5942

Work with Security Engineers to ensure that all security threats are dealt with during the development phase.

Task
5943

Work with Automation tools are used to identify the vulnerabilities.

Task
5944

Identify and implement tooling for controlling the steps in a continuous integration (CI) and continuous deployment (CD) pipeline.

Task
5945

Develop and implement automatic test tools in a CI/CD pipeline, which could include Static Application Security Test (SAST) tools, Dynamic Application Security Test (DAST) tools, Unit Test tools, Static Code Analysis (SCA) tools, etc.

Task
5946

Develop code within a CI/CD Pipeline.

Task
5947

Select appropriate language and coding standards for software application for appropriate Continuous Integration/Continuous Deployment (CI/CD) framework.

Task
5948

Apply testing activities, understands fault vs. failures, conduct basic test planning, develop test selection or adequacy criteria, crafts test documentation, ensures test coverages, and conducts automated testing.

Task
5950

Develop and deploy software using continuous integration methods, processes, and tools, including test case writing against completion criteria (for each release, capability, micro-service, or component), build automation, and build processes.

Task
5953

Provide DevSecOps guidance to leadership.

Task
5955

Work closely with development teams to provide and support the environment needed to deliver an organization’s services.

Task
6090

Ability to develop curriculum for use within a virtual environment.

Ability
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7087

Knowledge of programming languages.

Knowledge
7088

Knowledge of continuous integration/continuous deployment (CI/CD) processes and pipeline tools.

Knowledge
7089

Knowledge of portable, extensible, open source platform for managing containerized workloads and services.

Knowledge
7090

Knowledge of cloud hosting providers.

Knowledge
7091

Knowledge of threat modeling, risk assessment techniques, code reviews, current best practices and the latest cybersecurity threats.

Knowledge
7092

Knowledge of how security impacts each development phase and the services.

Knowledge
7093

Knowledge of a Continuous Integration/Continuous Deployment (CI/CD) environment and processes.

Knowledge
7094

Knowledge of the steps for release to higher levels of integration testing, certification activities, and/or operations using testbeds, modeling and simulation to synchronize software releases with the development of an operations environment(s) to ensure compatibility.

Knowledge
7095

Knowledge of every stage in the software project lifecycle, from initial design and build to rollout and maintenance.

Knowledge

Additional KSATs

KSAT ID Description KSAT
21

Knowledge of computer algorithms.

Knowledge
25B

Knowledge of encryption algorithms.

Knowledge
27A

Knowledge of cryptology.

Knowledge
75B

Knowledge of statistics.

Knowledge
94

Knowledge of parallel and distributed computing concepts.

Knowledge
220

Skill in systems integration testing.

Skill
225A

Skill in the use of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).

Skill
571

Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.

Task
717A

Assess and monitor cybersecurity related to system implementation and testing practices.

Task
765

Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

Task
795

Properly document all systems security implementation, operations and maintenance activities and update as necessary.

Task
806A

Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

Task
809

Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Task
876

Verify and update security documentation reflecting the application/system security design features.

Task
938A

Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Task
1040A

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge
1139A

Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
3642

Knowledge of various types of computer architectures.

Knowledge
5050

Assess all the configuration management (change configuration/release management) processes.

Task
5949

Transition embedded and non-embedded software developed and sustained using traditional software methods into a DevSecOps environment.

Task
5951

Select and implement telemetry within the CI/CD pipeline and Ops software to support metrics and problem discovery and resolution.

Task
5954

Build test interfaces and perform complex integration.

Task
6240

Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).

Knowledge
Product Designer User Interface (UI) Work Role ID: 625 (NIST: N/A) Workforce Element: Software Engineering

Manages the user interface design portion of the design process of a product.

Core KSATs

KSAT ID Description KSAT
16

Knowledge of capabilities and requirements analysis.

Knowledge
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
102

Knowledge of programming language structures and logic.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
155

Skill in applying and incorporating information technologies into proposed solutions.

Skill
414

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Task
927A

Research and evaluate available technologies and standards to meet customer requirements.

Task
968

Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
3822A

Skill in managing user relationships, including determining user needs/requirements, managing user expectations, and demonstrating commitment to delivering quality results.

Skill
5965

Design and prototype user interfaces.

Task
5966

Create prototypes, wireframes, and storyboards based on customer requirements.

Task
5967

Ensure proper integration of the user interface with back-end functionality.

Task
5969

Create style guides and unified approach (libraries, visual languages, etc) to the product.

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7101

Knowledge of end to end product development processes.

Knowledge
7102

Skill in using industry-standard design and prototyping tools.

Skill
7103

Knowledge of design thinking processes.

Knowledge

Additional KSATs

KSAT ID Description KSAT
35

Knowledge of digital rights management.

Knowledge
40

Knowledge of organization’s evaluation and validation requirements.

Knowledge
90

Knowledge of operating systems.

Knowledge
132

Knowledge of technology integration processes.

Knowledge
467

Consult with engineering staff to evaluate interface between hardware and software.

Task
797

Provide advice on project costs, design concepts, or design changes.

Task
5968

Lead integrated design team to achieve a finished product.

Task
Product Manager Work Role ID: 806 (NIST: N/A) Workforce Element: Software Engineering

Manages the development of products including the resource management, product strategy (physical or digital), functional requirements, and releases. Coordinate work done by functions (like software engineers, data scientists, and product designers).

Core KSATs

KSAT ID Description KSAT
16

Knowledge of capabilities and requirements analysis.

Knowledge
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
129

Knowledge of system life cycle management principles, including software security and usability.

Knowledge
130

Knowledge of systems testing and evaluation methods.

Knowledge
414

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Task
461

Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces.

Task
487

Define project scope and objectives based on customer requirements.

Task
797

Provide advice on project costs, design concepts, or design changes.

Task
811

Provide ongoing optimization and problem solving support.

Task
863A

Manage the translation of functional requirements into technical solutions.

Task
911A

Ability to interpret and translate customer requirements into operational capabilities.

Ability
968

Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2839

Supervise and assign work to programmers, designers, technologists and technicians and other engineering and scientific personnel.

Task
3822

Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.

Skill
5150

Coordinate and manage the overall service provided to a customer end-to-end.

Task
5961

Orchestrate the various activities associated with ensuring that a product is delivered that meets users’ needs.

Task
5962

Create integrated vision, roadmaps, and strategies to enable product delivery.

Task
5963

Manage product releases.

Task
5964

Manage dependencies and risks.

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7098

Skill in conducting strategy development and implementation.

Skill
7100

Skill in leading and managing multiple teams simultaneously.

Skill
7101

Knowledge of end to end product development processes.

Knowledge

Additional KSATs

KSAT ID Description KSAT
9

Knowledge of applicable business processes and operations of customer organizations.

Knowledge
35

Knowledge of digital rights management.

Knowledge
40

Knowledge of organization’s evaluation and validation requirements.

Knowledge
69A

Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).

Knowledge
90

Knowledge of operating systems.

Knowledge
130A

Knowledge of systems security testing and evaluation methods.

Knowledge
182

Skill in determining an appropriate level of test rigor for a given system.

Skill
190

Skill in developing operations-based testing scenarios.

Skill
220

Skill in systems integration testing.

Skill
225B

Knowledge of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).

Knowledge
524

Develop and maintain strategic plans.

Task
528A

Develop cost estimates for new or modified system(s).

Task
680A

Lead and oversee budget, staffing, and contracting.

Task
760

Perform needs analysis to determine opportunities for new and improved business process solutions.

Task
965

Knowledge of organization’s risk tolerance and/or risk management approach.

Knowledge
967

Knowledge of current and emerging threats/threat vectors.

Knowledge
980A

Skill in performing root cause analysis.

Skill
1017A

Participate in the acquisition process as necessary.

Task
1125

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Knowledge
3268

Knowledge of staff management, assignment, and allocation processes.

Knowledge
5380

Gather feedback on customer satisfaction and internal service performance to foster continual improvement.

Task
5660

Work with other service managers and product owners to balance and prioritize services to meet overall customer requirements, constraints, and objectives.

Task
7099

Skill in conducting market and user research.

Skill
Service Designer User Experience (UX) Work Role ID: 626 (NIST: N/A) Workforce Element: Software Engineering

Manages the user experience of a product focused on human factors by making products intuitive and maximizing usability, accessibility, and simplicity.

Core KSATs

KSAT ID Description KSAT
16

Knowledge of capabilities and requirements analysis.

Knowledge
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
414

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Task
466

Consult with customers to evaluate functional requirements.

Task
797

Provide advice on project costs, design concepts, or design changes.

Task
813

Provide recommendations for possible improvements and upgrades.

Task
850

Store, retrieve, and manipulate data for analysis of system capabilities and requirements.

Task
927A

Research and evaluate available technologies and standards to meet customer requirements.

Task
1144

Develop and document User Experience (UX) requirements including information architecture and user interface requirements.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
3822A

Skill in managing user relationships, including determining user needs/requirements, managing user expectations, and demonstrating commitment to delivering quality results.

Skill
5150

Coordinate and manage the overall service provided to a customer end-to-end.

Task
5970

Plan and conduct user research and competitor analysis.

Task
5971

Determine information architecture and create sitemaps.

Task
5972

Conduct usability testing.

Task
5973

Conduct qualitative and quantitative research and analysis.

Task
5974

Work with users as a human factors liaison to determine user needs/requirements, manage user expectations, perform analysis, and demonstrate commitment to delivering quality results.

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7102

Skill in using industry-standard design and prototyping tools.

Skill
7104

Skill in interpreting data and feedback.

Skill
7105

Skill in operating UX tools and methods.

Skill
7106

Knowledge of developing user-centered conceptual and logical designs.

Knowledge
7107

Knowledge of usability standards and application of usability standards.

Knowledge
7108

Knowledge of user centered design principles.

Knowledge
7109

Knowledge of usability testing.

Knowledge

Additional KSATs

KSAT ID Description KSAT
35

Knowledge of digital rights management.

Knowledge
40

Knowledge of organization’s evaluation and validation requirements.

Knowledge
Software Developer Work Role ID: 621 (NIST: SP-DEV-001) Workforce Element: Software Engineering

Executes software planning, requirements, risk management, design, development, architecture, modeling, estimation, configuration management, quality, security, and tests using software development methodologies, architectural structures, viewpoints, styles, design decisions, and frameworks across all lifecycle phases.

Core KSATs

KSAT ID Description KSAT
20

Knowledge of complex data structures.

Knowledge
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
23

Knowledge of computer programming principles such as object-oriented design.

Knowledge
56

Knowledge of cybersecurity principles and methods that apply to software development.

Knowledge
90

Knowledge of operating systems.

Knowledge
102

Knowledge of programming language structures and logic.

Knowledge
105

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
116

Knowledge of software debugging principles.

Knowledge
117

Knowledge of software design tools, methods, and techniques.

Knowledge
118A

Knowledge of software development models, methodologies, and practices (Waterfall Model, Spiral, Agile, DevSecOps).

Knowledge
119

Knowledge of software engineering.

Knowledge
121

Knowledge of structured analysis principles and methods.

Knowledge
124

Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.

Knowledge
149

Knowledge of web services, including service-oriented architecture, Simple Object Access Protocol, and web service description language.

Knowledge
168

Skill in conducting software debugging.

Skill
174

Skill in creating programs that validate and process multiple inputs including command line arguments, environmental variables, and input streams.

Skill
185A

Skill in developing applications that can log and handle errors, exceptions, and application faults and logging.

Skill
191A

Knowledge of development and application of security system access controls.

Knowledge
238A

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Skill
408

Analyze information to determine, recommend, and plan the development of a new application or modification of an existing application.

Task
414

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Task
417

Apply coding and testing standards, apply security testing tools including “‘fuzzing” static-analysis code scanning tools, and conduct code reviews.

Task
418

Apply secure code documentation.

Task
432

Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.

Task
446

Compile and write documentation of program development and subsequent revisions, inserting comments in the coded instructions so others can understand the program.

Task
459A

Conduct trial runs of programs and software applications to ensure the desired information is produced and instructions and security levels are correct.

Task
461

Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces.

Task
467

Consult with engineering staff to evaluate interface between hardware and software.

Task
477

Correct errors by making appropriate changes and rechecking the program to ensure desired results are produced.

Task
506

Design, develop, and modify software systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.

Task
515A

Develop software system testing and validation procedures, programming, and documentation.

Task
543

Develop secure code and error handling.

Task
634

Identify basic common coding flaws at a high level.

Task
709A

Modify and maintain existing software to correct errors, to adapt it to new hardware, or to upgrade interfaces and improve performance.

Task
764

Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities.

Task
785

Prepare detailed workflow charts and diagrams that describe input, output, and logical operation, and convert them into a series of instructions coded in a computer language.

Task
865

Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.

Task
904A

Knowledge of interpreted and compiled computer languages.

Knowledge
905A

Skill in applying secure coding techniques.

Skill
905

Knowledge of secure coding techniques.

Knowledge
968

Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization).

Knowledge
970A

Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities.

Task
973A

Skill in using code analysis tools.

Skill
1071A

Ability to develop secure software according to secure software deployment methodologies, tools, and practices.

Ability
1151

Identify and leverage the enterprise-wide version control system while designing and developing secure applications.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2335

Direct software programming and development of documentation.

Task
5200

Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies.

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs

KSAT ID Description KSAT
3B

Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.

Skill
38

Knowledge of organization’s enterprise information security architecture system.

Knowledge
40

Knowledge of organization’s evaluation and validation requirements.

Knowledge
43A

Knowledge of embedded systems.

Knowledge
63

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge
72

Knowledge of local area and wide area networking principles and concepts including bandwidth management.

Knowledge
74

Knowledge of low-level computer languages (e.g., assembly languages).

Knowledge
81A

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge
95B

Knowledge of penetration testing principles, tools, and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).

Knowledge
100

Knowledge of Privacy Impact Assessments.

Knowledge
109

Knowledge of secure configuration management techniques.

Knowledge
172

Skill in creating and utilizing mathematical or statistical models.

Skill
177

Skill in designing countermeasures to identified security risks.

Skill
197

Skill in discerning the protection needs (i.e., security controls) of information systems and networks.

Skill
602

Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.

Task
644

Identify security implications and apply methodologies within centralized and decentralized environments across the enterprises computer systems in software development.

Task
645

Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.

Task
726

Oversee and make recommendations regarding configuration management.

Task
756

Perform integrated quality assurance testing for security functionality and resiliency attack.

Task
770

Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.

Task
826

Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.

Task
850

Store, retrieve, and manipulate data for analysis of system capabilities and requirements.

Task
971

Design countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.

Task
972A

Determine and document software patches or the extent of releases that would leave software vulnerable.

Task
976

Knowledge of software quality assurance process.

Knowledge
978A

Knowledge of root cause analysis techniques.

Knowledge
979

Knowledge of supply chain risk management standards, processes, and practices.

Knowledge
980A

Skill in performing root cause analysis.

Skill
1020A

Skill in secure test plan design (e. g. unit, integration, system, acceptance).

Skill
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
1034B

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1037A

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

Knowledge
1038B

Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability).

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1131

Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).

Knowledge
1135

Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).

Knowledge
1140A

Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).

Skill
1149A

Enable applications with public keying by leveraging existing public key infrastructure (PKI) libraries and incorporating certificate management and encryption functionalities when appropriate.

Task
1150A

Identify and leverage the enterprise-wide security services while designing and developing secure applications (e.g., Enterprise PKI, Federated Identity server, Enterprise AV solution) when appropriate.

Task
2156

Consult with customers about software system design and maintenance.

Task
2839

Supervise and assign work to programmers, designers, technologists and technicians and other engineering and scientific personnel.

Task
3080

Ability to use and understand complex mathematical concepts (e.g., discrete math).

Ability
3822A

Skill in managing user relationships, including determining user needs/requirements, managing user expectations, and demonstrating commitment to delivering quality results.

Skill
6918

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

Ability
6919

Ability to determine the best cloud deployment model for the appropriate operating environment.

Ability
6942

Skill in designing or implementing cloud computing deployment models.

Skill
6945

Skill in migrating workloads to, from, and among the different cloud computing service models.

Skill
7097

Knowledge of planning for long-term maintainability using architectural structures, viewpoints, styles, design decisions and frameworks, and the underlying data structures.

Knowledge
Software Test & Evaluation Specialist Work Role ID: 673 (NIST: N/A) Workforce Element: Software Engineering

Plans, prepares, and performs testing, evaluation, verification, and validation of software to evaluate results against specifications, requirements, and operational need.

Core KSATs

KSAT ID Description KSAT
16

Knowledge of capabilities and requirements analysis.

Knowledge
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
130

Knowledge of systems testing and evaluation methods.

Knowledge
130A

Knowledge of systems security testing and evaluation methods.

Knowledge
144

Knowledge of the systems engineering process.

Knowledge
169

Skill in conducting test events.

Skill
176

Skill in designing a data analysis structure (i.e., the types of data your test must generate and how to analyze those data).

Skill
182

Skill in determining an appropriate level of test rigor for a given system.

Skill
190

Skill in developing operations-based testing scenarios.

Skill
220

Skill in systems integration testing.

Skill
239

Skill in writing test plans.

Skill
412A

Analyze the results of software, hardware, or interoperability testing.

Task
414

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Task
452

Conduct functional and connectivity testing to ensure continuing operability.

Task
508

Determine level of assurance of developed capabilities based on test results.

Task
515A

Develop software system testing and validation procedures, programming, and documentation.

Task
550

Develop test plans to address specifications and requirements.

Task
694

Make recommendations based on test results.

Task
748A

Perform developmental testing on systems under development.

Task
757A

Perform interoperability testing on systems exchanging electronic information with other systems.

Task
761A

Perform operational testing.

Task
858A

Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.

Task
858B

Record and manage test data.

Task
950

Skill in evaluating test plans for applicability and completeness.

Skill
951

Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated.

Task
978A

Knowledge of root cause analysis techniques.

Knowledge
1020A

Skill in secure test plan design (e. g. unit, integration, system, acceptance).

Skill
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
5650

Validate specifications and requirements for testability.

Task
5866A

Create or customize existing Test and Evaluation Master Plans (TEMPs) for systems.

Task
5877A

Develop possible solutions for technical risks and limitations of planned tests.

Task
5914

Report test and evaluation deficiencies and possible solutions to appropriate personnel.

Task
5920A

Test components to ensure they work as intended in a variety of scenarios for all aspects of the application.

Task
5933

Conduct automated testing for acceptance testing, functional testing, integration testing, interoperability testing, load/stress testing, performance testing, regression testing, and unit testing.

Task
5934

Develop and maintain a tool framework for automated test and evaluation.

Task
5936

Evaluate reliability, availability, and maintainability data.

Task
5937

Assess the system’s effectiveness and suitability for meeting user need and based on test and evaluation results.

Task
6020

Ability to analyze test data.

Ability
6060

Ability to collect, verify, and validate test data.

Ability
6170

Ability to translate data and test results into evaluative conclusions.

Ability
6430

Knowledge of Test & Evaluation processes.

Knowledge
6530

Skill in designing and documenting overall program Test & Evaluation strategies.

Skill
6630

Skill in preparing Test & Evaluation reports.

Skill
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7003A

Knowledge of security risks, threats, and vulnerabilities and potential risk mitigation solutions.

Knowledge
7004A

Knowledge of Test & Evaluation frameworks.

Knowledge
7006A

Knowledge of best practices from industry and academia in test design activities for verification and validation of systems.

Knowledge
7025A

Knowledge of how software solutions integrate with cloud or other IT infrastructure.

Knowledge
7044

Knowledge of testing, evaluation, validation, and verification (T&E V&V) tools and procedures to ensure systems are working as intended.

Knowledge
7054A

Knowledge of tools for testing the robustness and resilience of software products and solutions.

Knowledge
7077A

Skill in translating operation requirements for systems into testing requirements.

Skill
7085

Knowledge of software environments (e.g., development, testing, integration, production, etc.) and appropriate T&E application in those environments.

Knowledge
7086

Ability to construct, maintain, and conduct testing in various test environments.

Ability

Additional KSATs

KSAT ID Description KSAT
40

Knowledge of organization’s evaluation and validation requirements.

Knowledge
53

Knowledge of the Security Assessment and Authorization process.

Knowledge
81A

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge
83

Knowledge of network hardware devices and functions.

Knowledge
238A

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Skill
393A

Administer test bed(s), and test and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of platforms managed by service provider(s).

Task
431A

Build, assess, and modify product prototypes using working models or theoretical models.

Task
874

Utilize models and simulations to analyze or predict system performance under different operating conditions.

Task
904

Knowledge of interpreted and compiled computer languages.

Knowledge
965

Knowledge of organization’s risk tolerance and/or risk management approach.

Knowledge
980A

Skill in performing root cause analysis.

Skill
5910A

Provide quality assurance of software products throughout their lifecycle.

Task
5935

Perform usability surveys on operators/users of the system.

Task
5938

Integrate digital engineering models and data into test designs.

Task
6500

Skill in conducting Test Readiness Reviews.

Skill
6580

Skill in identifying Test & Evaluation infrastructure (people, ranges, tools, instrumentation) requirements.

Skill
6600

Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.

Skill
6641

Skill in providing Test & Evaluation resource estimate.

Skill
7009A

Knowledge of coding and scripting in languages that support software development and use.

Knowledge
7012A

Knowledge of current test standards and safety standards that are applicable to software development.

Knowledge
7028A

Knowledge of how to automate development, testing, security, and deployment of software to the DoD.

Knowledge
7034A

Knowledge of interactions and integration of DataOps, MLOps, and DevSecOps solution.

Knowledge
7036A

Knowledge of laws, regulations, and policies related to software development, cybersecurity, data security/privacy, and use of publicly procured data for government.

Knowledge
7070A

Skill in integrating software Test & Evaluation frameworks into test strategies for specific projects.

Skill
7083

Ability to measure human systems interaction (usability, workload, system trust).

Ability
7084

Ability to evaluate user training and documentation update processes.

Ability
Software/Cloud Architect Work Role ID: 628 (NIST: N/A) Workforce Element: Software Engineering

Manages and identifies program high-level technical specifications, which may include application design, cloud computing strategy and adoption, and integration of software applications into a functioning system to meet requirements.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
42A

Knowledge of engineering concepts as applied to computer architecture and associated computer hardware/software.

Knowledge
56

Knowledge of cybersecurity principles and methods that apply to software development.

Knowledge
68A

Ability to build architectures and frameworks.

Ability
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
116

Knowledge of software debugging principles.

Knowledge
117

Knowledge of software design tools, methods, and techniques.

Knowledge
118A

Knowledge of software development models, methodologies, and practices (Waterfall Model, Spiral, Agile, DevSecOps).

Knowledge
119

Knowledge of software engineering.

Knowledge
129

Knowledge of system life cycle management principles, including software security and usability.

Knowledge
141A

Knowledge of the enterprise information technology (IT) architectural concepts and patterns to include baseline and target architectures.

Knowledge
170

Skill in configuring and optimizing software.

Skill
180

Skill in designing the integration of hardware and software solutions.

Skill
413A

Analyze user needs and requirements to plan architecture.

Task
414

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Task
467

Consult with engineering staff to evaluate interface between hardware and software.

Task
502A

Develop enterprise architecture or system components required to meet user needs.

Task
569A

Document and update as necessary all definition and architecture activities.

Task
785A

Prepare detailed workflow charts, models, and diagrams that describe input, output, and logical operation.

Task
1125

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Knowledge
1151A

Leverage enterprise-wide version control system while designing and developing secure applications.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2156

Consult with customers about software system design and maintenance.

Task
2335

Direct software programming and development of documentation.

Task
5956

Provide Cloud and Cloud Security guidance to leadership.

Task
5957

Develop a company’s cloud computing strategy.

Task
5958

Develop and implements cloud strategies.

Task
5959

Convert the technical requirements of a project into the architecture and design that will guide the final product.

Task
5960

Design and implement cloud computing solutions, including designing the cloud infrastructure, the cloud application architecture, and the cloud security architecture.

Task
6210

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7096

Knowledge of both cloud computing and how it is applied in a variety of industries.

Knowledge

Additional KSATs

KSAT ID Description KSAT
38

Knowledge of organization’s enterprise information security architecture system.

Knowledge
44

Knowledge of enterprise messaging systems and associated software.

Knowledge
75

Knowledge of mathematics, including logarithms, trigonometry, linear algebra, calculus, and statistics.

Knowledge
126

Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.

Knowledge
143A

Knowledge of integrating the organization’s goals and objectives into the architecture.

Knowledge
412A

Analyze the results of software, hardware, or interoperability testing.

Task
414A

Analyze security needs and software requirements to determine feasibility of design within time and cost constraints and security mandates.

Task
971

Design countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.

Task
1136A

Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud).

Knowledge
1147A

Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce.

Task
3080

Ability to use and understand complex mathematical concepts (e.g., discrete math).

Ability
Systems Security Analyst Work Role ID: 461 (NIST: OM-AN-001) Workforce Element: Software Engineering

Responsible for analysis and development of systems/software security through the product lifecycle to include integration, testing, operations and maintenance.

Core KSATs

KSAT ID Description KSAT
3C

Skill in recognizing vulnerabilities in information and/or data systems.

Skill
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
25

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge
27A

Knowledge of cryptology.

Knowledge
34

Knowledge of database systems.

Knowledge
51

Knowledge of how system components are installed, integrated, and optimized.

Knowledge
58

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

Knowledge
63

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge
70

Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

Knowledge
79

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge
82A

Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs.

Knowledge
90

Knowledge of operating systems.

Knowledge
92

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
109A

Knowledge of configuration management techniques.

Knowledge
110A

Knowledge of security management.

Knowledge
111

Knowledge of security system design tools, methods, and techniques.

Knowledge
130A

Knowledge of systems security testing and evaluation methods.

Knowledge
144

Knowledge of the systems engineering process.

Knowledge
177B

Knowledge of countermeasures for identified security risks.

Knowledge
179A

Skill in assessing security controls based on cybersecurity principles and tenets.

Skill
183

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Skill
191

Skill in developing and applying security system access controls.

Skill
199

Skill in evaluating the adequacy of security designs.

Skill
420

Apply security policies to meet security objectives of the system.

Task
421

Apply service oriented security architecture principles to meet organization’s confidentiality, integrity, and availability requirements.

Task
559A

Analyze and report organizational security posture trends.

Task
559B

Analyze and report system security posture trends.

Task
571

Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.

Task
572

Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.

Task
576

Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

Task
593A

Assess adequate access controls based on principles of least privilege and need-to-know.

Task
653B

Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk.

Task
660

Implement specific cybersecurity countermeasures for systems and/or applications.

Task
661A

Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.

Task
671

Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.

Task
710

Monitor and evaluate a system’s compliance with information technology (IT) security, resilience, and dependability requirements.

Task
717A

Assess and monitor cybersecurity related to system implementation and testing practices.

Task
729A

Verify minimum security requirements are in place for all applications.

Task
754

Perform cybersecurity testing of developed applications and/or systems.

Task
765

Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

Task
806A

Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

Task
806

Provide cybersecurity guidance to leadership.

Task
809

Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Task
876

Verify and update security documentation reflecting the application/system security design features.

Task
880A

Work with stakeholders to resolve computer security incidents and vulnerability compliance.

Task
922A

Knowledge of how to use network analysis tools to identify vulnerabilities.

Knowledge
936

Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).

Task
938A

Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Task
1006

Create auditable evidence of security measures.

Task
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1037A

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

Knowledge
1039B

Knowledge of how to evaluate the trustworthiness of the supplier and/or product.

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1073

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Knowledge
1135

Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).

Knowledge
1138A

Knowledge of developing and applying user credential management system.

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2054

Assess the effectiveness of security controls.

Task
3642

Knowledge of various types of computer architectures.

Knowledge
5050

Assess all the configuration management (change configuration/release management) processes.

Task
5928

Identify, define, and document system security requirements and recommend solutions to management.

Task
5929

Install software that monitors systems and networks for security breaches and intrusions.

Task
5930

Educate and train staff on information system security best practices.

Task
5931

Select and use appropriate security testing tools.

Task
5932

Select and use appropriate secure coding standards and analyze code for common weaknesses, vulnerabilities, and hardening against common attack patterns.

Task
6140

Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.

Ability
6210

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge
6240

Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge
7079

Knowledge of security systems including anti-virus applications, content filtering, firewalls, authentication systems, and intrusion detection and notification systems.

Knowledge
7080

Knowledge of database security.

Knowledge
7081

Knowledge of vulnerabilities of various encryption systems.

Knowledge

Additional KSATs

KSAT ID Description KSAT
21

Knowledge of computer algorithms.

Knowledge
43A

Knowledge of embedded systems.

Knowledge
52

Knowledge of human-computer interaction principles.

Knowledge
94

Knowledge of parallel and distributed computing concepts.

Knowledge
119

Knowledge of software engineering.

Knowledge
133

Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

Knowledge
160A

Skill in assessing security systems designs.

Skill
180

Skill in designing the integration of hardware and software solutions.

Skill
238A

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Skill
417

Apply coding and testing standards, apply security testing tools including “‘fuzzing” static-analysis code scanning tools, and conduct code reviews.

Task
419

Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.

Task
525A

Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.

Task
602

Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.

Task
670A

Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment.

Task
782

Plan and recommend modifications or adjustments based on exercise results or system environment.

Task
795

Properly document all systems security implementation, operations and maintenance activities and update as necessary.

Task
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
1034B

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge
1040A

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge
1132A

Knowledge of information technology (IT) service catalogues.

Knowledge
1133

Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
1139A

Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.

Knowledge
1142

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Knowledge
6918

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

Ability
7082

Ability to implement Zero Trust security in DoD Systems/Software.

Ability