NICE Framework

NICE Workforce Framework for Cybersecurity (NICE Framework), created by the National Institute for Standards and Technology (NIST), provides a standardized taxonomy to define and organize the cybersecurity workforce across public, private, and academic sectors. It outlines:

• 52 Work Roles grouped into 7 categories

• Knowledge, Skills, and Abilities (KSAs) needed per role

• A structured way for organizations to align job descriptions, training, career paths, and hiring

The updated version v2.0.0 released in March 2025, introduced several critical changes:

• Shift from Work Roles to Work Role Capabilities

• More emphasis on emerging tech areas such as AI/ML security, zero-trust, and OT/ICS

• Integration with frameworks like the NIST CSF 2.0 and CMMC 2.0, making it more interoperable with compliance initiatives

The NICE framework is non-optional in the government and defense space. It’s used for:

• Hiring and vetting cyber personnel

• Building contract proposals that align with recognized federal frameworks to make stronger bids

Department of Defense Directive (DoDD) 8140

DoDD 8140, titled “Cyberspace Workforce Management,” replaces the older DoDD 8570.01. It establishes the baseline requirements for anyone performing cybersecurity or Information Assurance (IA) functions across DoD agencies, including military, civilian, and contractor personnel. It ensures all personnel conducting cybersecurity work possess the proper certifications and training for their job role.

Helia Cortex

Equip every government and DoD user with role-based, NICE-aligned awareness training that reinforces compliance and insider threat prevention.