| 8 |
Knowledge of authentication, authorization, and access control methods. |
Knowledge |
| 21 |
Knowledge of computer algorithms. |
Knowledge |
| 25 |
Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]). |
Knowledge |
| 27 |
Knowledge of cryptography and cryptographic key management concepts. |
Knowledge |
| 34 |
Knowledge of database systems. |
Knowledge |
| 40A |
Knowledge of organization’s evaluation and validation criteria. |
Knowledge |
| 42 |
Knowledge of electrical engineering as applied to computer architecture, including circuit boards, processors, chips, and associated computer hardware. |
Knowledge |
| 43A |
Knowledge of embedded systems. |
Knowledge |
| 46A |
Knowledge of system fault tolerance methodologies. |
Knowledge |
| 51 |
Knowledge of how system components are installed, integrated, and optimized. |
Knowledge |
| 52 |
Knowledge of human-computer interaction principles. |
Knowledge |
| 53A |
Knowledge of security risk assessments and authorization per Risk Management Framework processes. |
Knowledge |
| 53 |
Knowledge of the Security Assessment and Authorization process. |
Knowledge |
| 62 |
Knowledge of industry-standard and organizationally accepted analysis principles and methods. |
Knowledge |
| 65A |
Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression). |
Knowledge |
| 69A |
Knowledge of risk management processes and requirements per the Risk Management Framework (RMF). |
Knowledge |
| 75 |
Knowledge of mathematics, including logarithms, trigonometry, linear algebra, calculus, and statistics. |
Knowledge |
| 78 |
Knowledge of microprocessors. |
Knowledge |
| 79 |
Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). |
Knowledge |
| 81A |
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
Knowledge |
| 82A |
Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs. |
Knowledge |
| 90 |
Knowledge of operating systems. |
Knowledge |
| 92 |
Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
| 94 |
Knowledge of parallel and distributed computing concepts. |
Knowledge |
| 109A |
Knowledge of configuration management techniques. |
Knowledge |
| 110 |
Knowledge of key concepts in security management (e.g., Release Management, Patch Management). |
Knowledge |
| 111A |
Ability to apply secure system design tools, methods and techniques. |
Ability |
| 113A |
Knowledge of N-tiered typologies including server and client operating systems. |
Knowledge |
| 119 |
Knowledge of software engineering. |
Knowledge |
| 124A |
Ability to apply system design tools, methods, and techniques, including automated systems analysis and design tools. |
Ability |
| 130 |
Knowledge of systems testing and evaluation methods. |
Knowledge |
| 132 |
Knowledge of technology integration processes. |
Knowledge |
| 133 |
Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers). |
Knowledge |
| 141A |
Knowledge of the enterprise information technology (IT) architectural concepts and patterns to include baseline and target architectures. |
Knowledge |
| 144 |
Knowledge of the systems engineering process. |
Knowledge |
| 155 |
Skill in applying and incorporating information technologies into proposed solutions. |
Skill |
| 180 |
Skill in designing the integration of hardware and software solutions. |
Skill |
| 224 |
Skill in design modeling and building use cases (e.g., unified modeling language). |
Skill |
| 238A |
Skill in writing code in a currently supported programming language (e.g., Java, C++). |
Skill |
| 413A |
Analyze user needs and requirements to plan architecture. |
Task |
| 465 |
Develop threat model based on customer interviews and requirements. |
Task |
| 483 |
Define and prioritize essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event. |
Task |
| 484 |
Define appropriate levels of system availability based on critical system functions and ensure system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recover/restoration. |
Task |
| 502A |
Develop enterprise architecture or system components required to meet user needs. |
Task |
| 525A |
Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements. |
Task |
| 569A |
Document and update as necessary all definition and architecture activities. |
Task |
| 602 |
Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration. |
Task |
| 669 |
Integrate and align information security and/or cybersecurity policies to ensure system analysis meets security requirements. |
Task |
| 797 |
Provide advice on project costs, design concepts, or design changes. |
Task |
| 807 |
Provide input on security requirements to be included in statements of work and other appropriate procurement documents. |
Task |
| 809 |
Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). |
Task |
| 864A |
Translate proposed capabilities into technical requirements. |
Task |
| 865 |
Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria. |
Task |
| 936 |
Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers). |
Task |
| 993A |
Ability to apply the methods, standards, and approaches for describing, analyzing, and documenting an organization’s enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF]). |
Ability |
| 996A |
Assess and design security management functions as related to cyberspace. |
Task |
| 1034C |
Knowledge of Personal Health Information (PHI) data security standards. |
Knowledge |
| 1034B |
Knowledge of Payment Card Industry (PCI) data security standards. |
Knowledge |
| 1034A |
Knowledge of Personally Identifiable Information (PII) data security standards. |
Knowledge |
| 1037B |
Knowledge of program protection planning to include information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements. |
Knowledge |
| 1038 |
Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance, and reliability. |
Knowledge |
| 1038B |
Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability). |
Knowledge |
| 1073 |
Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. |
Knowledge |
| 1125 |
Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. |
Knowledge |
| 1130 |
Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions). |
Knowledge |
| 1133 |
Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
| 1135 |
Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing). |
Knowledge |
| 1136A |
Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud). |
Knowledge |
| 1140A |
Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic). |
Skill |
| 1141A |
Knowledge of an organization’s information classification program and procedures for information compromise. |
Knowledge |
| 1142B |
Skill in applying security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). |
Skill |
| 1147A |
Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce. |
Task |
| 2014 |
Analyze candidate architectures, allocate security services, and select security mechanisms. |
Task |
| 2887 |
Write detailed functional specifications that document the architecture development process. |
Task |
| 3153 |
Knowledge of circuit analysis. |
Knowledge |
| 3246 |
Knowledge of confidentiality, integrity, and availability requirements. |
Knowledge |
| 3642 |
Knowledge of various types of computer architectures. |
Knowledge |
| 6150 |
Ability to optimize systems to meet enterprise performance requirements. |
Ability |
| 6210 |
Knowledge of cloud service models and possible limitations for an incident response. |
Knowledge |
| 6330 |
Knowledge of multi-level/security cross domain solutions. |
Knowledge |
| 6640 |
Skill in designing multi-level security/cross domain solutions. |
Skill |
| 6680 |
Skill in the use of design methods. |
Skill |
| 6918 |
Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments. |
Ability |
| 6919 |
Ability to determine the best cloud deployment model for the appropriate operating environment. |
Ability |
| 6942 |
Skill in designing or implementing cloud computing deployment models. |
Skill |
| 6945 |
Skill in migrating workloads to, from, and among the different cloud computing service models. |
Skill |
