The Framework lists and defines 31 common types of cybersecurity work. These 31 common types of work are known as Specialty Areas. Specialty Areas in a given Category are typically more similar to one another than to Specialty Areas in other Categories.
|
Information Assurance Compliance
Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements. Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. |
|
Systems Requirements Planning
Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions. Provides guidance to customers about applicability of information systems to meet business needs. |
|
Systems Security Architecture
Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes. |
|
Test and Evaluation
Develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating IT. |
Official website of the Department of Homeland Security