| 3A |
Skill in recognizing vulnerabilities in security systems. |
Skill |
| 43A |
Knowledge of embedded systems. |
Knowledge |
| 69A |
Knowledge of risk management processes and requirements per the Risk Management Framework (RMF). |
Knowledge |
| 79 |
Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). |
Knowledge |
| 88A |
Knowledge of current and emerging cyber technologies. |
Knowledge |
| 106 |
Knowledge of remote access technology concepts. |
Knowledge |
| 342A |
Knowledge of operating system command line/prompt. |
Knowledge |
| 420 |
Apply security policies to meet security objectives of the system. |
Task |
| 708A |
Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative. |
Task |
| 809 |
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). |
Task |
| 3277 |
Knowledge of general SCADA system components. |
Knowledge |
| 3353 |
Knowledge of the Risk Management Framework Assessment Methodology. |
Knowledge |
| 3740 |
Skill in determining installed patches on various operating systems and identifying patch signatures. |
Skill |
| 5821 |
Act as a liaison between facility operations/engineer teams and IT or network security teams to coordinate security activities. |
Task |
| 5822 |
Apply tailored organizational security policies and procedures for control system environments to maintain security, but also to ensure system availability. |
Task |
| 5823 |
Apply updates, patches, and security technical implementation while maintaining control system performance and availability requirements. |
Task |
| 5826 |
Consult on control system security matters (e.g., risk assessment, configuration management) as needed. |
Task |
| 5828 |
Ensure configuration and collection of control system audit logs for monitoring and forensic analysis as appropriate. |
Task |
| 5829 |
Establish and maintain security configuration baseline for the control system(s), including field devices, IT components, interconnections, and interfaces. |
Task |
| 5830 |
Implement Risk Management Framework (RMF) Assessment requirements for control systems, and document/maintain records for them. |
Task |
| 5831 |
Maintain knowledge of the function and security of control system and IT technologies with which the control systems interface. |
Task |
| 5832 |
Maintain network segmentation to isolate control systems from business networks and other external connections as directed. |
Task |
| 5833 |
Off-load and review control system audit logs and review for anomalies. |
Task |
| 5834 |
Participate in control system change management in conjunction with IT personnel and control system experts (e.g., system supplier). |
Task |
| 5835 |
Participate in control system incident and disaster response, including secure system recovery. |
Task |
| 5836 |
Perform asset management and maintain inventory of control system devices and components through physical inspection or logical scans. |
Task |
| 5840 |
Support risk assessments by reviewing and documenting the implementation status of security requirements of control systems. |
Task |
| 6929 |
Knowledge of control system technologies, such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, Distributed Control Systems (DCS) and Operational Technology (OT). |
Knowledge |
| 6927 |
Knowledge of control system environment risks, threats and vulnerabilities. |
Knowledge |
| 6928 |
Knowledge of control system performance and availability requirements. |
Knowledge |
| 6933 |
Knowledge of risk management processes specific to control systems. |
Knowledge |
| 6934 |
Knowledge of RMF assessment types (e.g., Assess & Authorize (A&A), Assess Only) and authorization boundaries (e.g., Closed Restricted Network (CRN), Stand-alone Information System (SIS)). |
Knowledge |
| 6937 |
Knowledge of what “normal” control system operations for specific mission/business functions look like. |
Knowledge |
| 6939 |
Skill in active and passive methods to safely gather information and conduct vulnerability and network analysis scans in control system environments. |
Skill |
| 6940 |
Skill in applying security and managing risk in resource-constrained systems and networks. |
Skill |
| 6941 |
Skill in architecting compensating security controls to reduce risk for control systems and control system components that do not have adequate or compliant security capabilities. |
Skill |
| 6943 |
Skill in identifying and investigating “abnormal” control system operations based on what specific mission/business functions look like. |
Skill |
| 6946 |
Skill in securing control system communication protocols (e.g., IP/TCP, SSL/TLS, MODBUS/DNP3/PROFINET SCADA, GOOSE) and media used for field device control. |
Skill |
