Welcome to the National Security Agency - NSA/CSS

The National Centers of Academic Excellence in Cyber Operations Education Program (CAECyber Operations, Cyber Operations CAE) is open to four-year colleges and graduate-level universities. The Cyber Operations CAE program must be based within a computer science, electrical engineering or computer engineering department, or a degree program of equivalent technical depth, or a collaboration between two or more of these departments.

Applications must be submitted electronically via the on-line application process. Applications are assessed against a specific set of academic requirements and programmatic criteria, listed below, which are intended to measure the depth and maturity of programs of instruction in Cyber Operations at the graduate and/or undergraduate levels. The criteria and requirements will be updated year to year as the program matures, as technology advances and the cyber domain evolves.

Applications must clearly demonstrate how the program meets each of the requirements and criteria to obtain designation. Successful applicant institutions are designated as a CAE-Cyber Operations for a period of five academic years, after which they must successfully reapply to retain the designation. The criteria are reviewed annually and strengthened as appropriate to keep pace with the evolving nature of the Cyber Operations field. Designation as a National Center of Academic Excellence in Cyber Operations does not carry a commitment of funding from the CAE-Cyber Operations program sponsor (i.e., the National Security Agency).

Criterion #	Criterion Name	Requirement
1	Academic Content (includes mandatory and optional content)	100% of mandatory / 60% of optional
2	Cyber Operations Recognized via Degree, Certificate or Focus Area	Cyber Operations must be explicitly recognized as a focus area or specialization and students must meet requirements to be awarded such recognition.
3	Program Accreditation or Curricula Review	Accreditation of the academic program (CS, EE, CE) on which the proposal is based will be considered a significant plus. All programs will undergo an in-person curriculum review.
4	Cyber Operations Treated as an Inter-Disciplinary Science	Cyber operations concepts must be integrated into foundational curriculum courses as appropriate.
5	Cyber Operations Academic Program is Robust and Active	Evidence that courses are maintained current and offered frequently (e.g., every 18 months).
6	Faculty Involvement in Cyber Operations-related Research	Evidence of faculty grants, papers published, conference presentations related to the field of Cyber Operations (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response. These technologies and techniques are critical to intelligence, military and law enforcement organizations authorized to perform these specialized operations).
7	Student Involvement in Cyber Operations-related Research	Evidence of student work on grant research, papers published, conference presentations related to the field of Cyber Operations (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response. These technologies and techniques are critical to intelligence, military and law enforcement organizations authorized to perform these specialized operations).
8	Student Participation in Cyber Service-Learning Activities	Evidence of participation in local/regional/national cyber exercises, outreach to community colleges and high schools, etc.
9	Commitment to Participate in Summer Seminars Provided by the CAE-Cyber Operations Program	First application: stated commitment. Renewals: 2 students and 1 faculty member per year.
10	Number of Faculty Involved in Cyber Operations Education and Research Activities	At least 2 faculty actively teaching cyber (i.e., non CS/EE/CE core) courses.

MINIMUM REQUIREMENTS MUST BE MET FOR EACH OF THE CRITERIA.

Return to the Top

---

Criterion 1: Academic Content

The program must include "knowledge units" (single or multiple courses, or course modules within single or multiple courses) covering 100% of the mandatory academic content and a minimum of 60% of the optional academic content.

Accreditation Board for Engineering and Technology (ABET) accreditation can be used to show satisfaction of required and optional academic content requirements (i.e., knowledge units) for topics explicitly covered by the ABET accreditation process. For academic content requirements not covered by ABET accreditation review and procedures, an on-site, detailed curriculum review, looking at the details of each course contributing to coverage of the knowledge units, will be performed by representatives of the CAE-Cyber Operations program office and the relevant faculty at the applying institution.

Scoring for optional knowledge units:

100% covered: 15 points
90% covered: 13 points
80% covered: 10 points
70% covered: 7 points
60% covered: 5 points
Less than 60% covered: 0 points

Minimum required score: 5

Return to table   |   Return to the Top

---

Criterion 2: Cyber Recognized via Certificate or Focus Area

Students who participate sufficiently in the cyber operations curriculum (i.e., take and pass courses that completely satisfy all of the mandatory knowledge unit requirements and at least four of the optional knowledge unit requirements described in criterion 1) must be distinguished from other students through the awarding of a degree, certificate, or a reference to a focus area or specialization on their transcript and/or degree.

Degree in Cyber Operations: 10 points
Focus or specialty area formally recognized on awarded degree: 8 points
Focus or specialty area recognized on official transcripts: 5 points

Minimum required score: 5

Return to table   |   Return to the Top

---

Criterion 3: Curricula Review

The CAE in Cyber Operations program must be based within a technically deep computer science, computer engineering or electrical engineering program, or a degree program of equivalent technical depth. Representatives of the CAE-Cyber Operations program office will perform an on-site, detailed curriculum review focused on course content, course relevance (how current it is), course frequency (how often is the course taught, when was it last taught) with the participation of the faculty members who maintain and teach each course.

All applicants may be subject to an on-site, detailed curriculum review. When the applying CS/EE/CE program is accredited by the Accreditation Board for Engineering and Technology (ABET), the CAE-Cyber Operations program office will rely on the accreditation review of course content, for those courses which were subject to the accreditation review. For cyber operations knowledge units not addressed by ABET accreditation, the CAE-Cyber Operations program office will conduct a curriculum review as described above.

This visit will likely be for one day, but may require a second day in some circumstances.

For required knowledge units:

ABET accreditation: 10 points
Other accreditation: 5 points
No accreditation, curriculum review only: 5 points
Can have 2 (e.g., ABET and curriculum review)

Minimum required score: 5

Return to table   |   Return to the Top

---

Criterion 4: Cyber Operations Treated as an Inter-Disciplinary Science

The goal of the CAE-Cyber Operations program is to produce graduating students with a well-rounded educational foundation that enables them to better function in the world of specialized cyber operations. To best achieve this, Cyber Operations must not be isolated as a different discipline, offered only as an option or set of elective courses. Instead, concepts related to specialized cyber operations must be appropriately integrated into existing CS, CE, and EE courses and programs within the institution, and then augmented with courses focused on specific cyber operations topics.

Evidence that specialized cyber operations concepts are integrated into:

All mandatory knowledge unit courses: 15 points
At least 3 mandatory knowledge unit courses: 10 points
Between 1 and 3 mandatory knowledge unit courses: 5 points

Minimum required score: 5

Return to table   |   Return to the Top

---

Criterion 5: Cyber Operations Academic Program is Robust and Active

To demonstrate that the academic program being submitted for designation as a CAE in Cyber Operations is robust and active, the applicant institutions must provide a list of courses (number, title, catalog description) included in meeting the cyber operations academic requirements and provide data showing when each course was last taught. (Note: this is not a detailed mapping of the course content, but rather just the course identification of all courses that significantly contribute to the satisfaction of a knowledge unit requirement).

School policies on updating course materials to remain relevant should also be cited and included. If no explicit policy exists, the list of courses referenced above should also indicate the date when each course was last reviewed and updated.

All courses must be identified in the course catalog.

Official school policy on course updates: 5 points
No official policy, but 100% of the courses are up to date and recently offered: 10 points
No official policy, but at least 90% of the courses are up to date and recently offered: 5 points

Minimum required score: 5

Return to table   |   Return to the Top

---

Criterion 6: Faculty Involvement in Cyber Operations-related Research

The application should provide evidence that the faculty involved in cyber operations education are also active in research related to cyber operations (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response).

Evidence may be provided in the form of information:

• related to research grants,
• that demonstrates the faculty contributes to the common body of knowledge through the publication of papers, and
• related to attendance and presentations at conferences related to cyber operations.

Cyber relevant research grants: up to 10 points
Publication in peer-reviewed or refereed technical journals, magazines: up to 10 points
Publications in non-refereed/reviewed technical journals, magazines: up to 5 points
Conference presentations, session chairs, conference attendance: up to 5 points

Minimum required score: 15

Return to table   |   Return to the Top

---

Criterion 7: Student Involvement in Cyber Operations Research

Since hands-on research reinforces the cyber operations curricula, the application should provide evidence that students are involved in cyber operations research (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response).

Evidence may be provided in the form of information showing:

• student participation in research grant activities,
• student research papers are required as part of cyber related courses,
• student publications related to cyber operations topics, and
• student attendance and presentations of cyber operations related topics at conferences.

Participation in research grant activities: up to 10 points
Student research as part of cyber related courses: up to 10 points
Student publications and conference presentations and attendance: up to 5 points

Minimum required score: 10

Return to table   |   Return to the Top

---

Criterion 8: Student Participation in Cyber Service-Learning Activities

To encourage the spread of education related to cyber operations, students are required to participate in activities that contribute to growing and strengthening the cyber operations community.

Examples of cyber service-learning activities might include:

• participation in cyber exercise activities, at the local, regional and/or national level,
• outreach activities and/or collaboration with other universities, 2-year schools, or local high schools.

Participation in cyber exercises: up to 10 points (e.g., offensive role in national level exercise = 10 points)
Student presentations to local community colleges and/or high schools: up to 5 points

Minimum required score: 5

Return to table   |   Return to the Top

---

Criterion 9: Commitment to Participate in Summer Seminars Provided by the CAE-Cyber Operations Program

For initial application to the CAE-Cyber Operations Program, the applying institution must make a stated commitment to participate in the summer seminars sponsored by the CAE-Cyber Operations program. (Note: these seminars will be hosted at no cost to the school/student).

For renewal applications to the CAE-Cyber Operations Program, the applying institution must provide evidence of participation in the summer seminars hosted by the CAE-Cyber Operations program. At a minimum, two students and one faculty member should participate each year.

For program renewal:

Participation by > 2 students and 1 faculty member: 15 points
Participation by students: 5 points per student per seminar
Participation by faculty: up to 5 points

Minimum required score: 15

Return to table   |   Return to the Top

---

Criterion 10: Number of Faculty Involved in Cyber Operations Education and Research Activities

There must be the equivalent of at least two full-time faculty members teaching relevant cyber operations courses who are also active in relevant cyber operations research.

For the purposes of meeting this criterion, full time is considered to be teaching 3 courses associated with the required knowledge units per semester. Faculty with significant active research clearly and directly associated with cyber operations, or who are advising multiple students at the Master's or Doctoral level on clearly cyber operations research topics, may request that credit for such be allowed for one or two of the required courses.

A biography or curriculum vitae for each faculty member must be provided as part of the program application.

More than 2 full time equivalents: up to 15 points
2 full time equivalents: 10 points
Guest/Visiting professors/lecturers: up to 5 points

Minimum required score: 10

Return to table   |   Return to the Top

---