Sweeping Changes Ahead for NSA CNSS Standards and Designation of CAE-2Y, CAE, CAE-R, CAE-OP
We are informing our CWW Members that there will be drastic changes to the CNSS standards and the CAE(s).
At this point, we know that CNSS standards will no longer be a pre-requisite for designation for CAE(s). Instead of the CNSS standards, they are in the process of moving to Knowledge Units (KU) which align with the NIST (National Institute of Standards and Technology) and NICE ( National Institute of Cybersecurity Education) framework. We will let you know more about the new system and new criteria for CAE(s) as it becomes available.
National Centers of Academic Excellence
NSA (National Security Agency) and the Department of Homeland Security (DHS) jointly sponsored the National Centers of Academic Excellence in IA Education (CAE/IAE), IA 2-year Education and Training (CAE/2Y) and IA Research (CAE/R) programs. The goal of these programs was to reduce vulnerability in our national information infrastructure by promoting higher education and research in IA and producing a growing number of professionals with IA expertise in various disciplines.
Applying to the National Centers of Excellence Program in Cyber Operations
NSA (National Security Agency) is pleased to announce the establishment of a National Centers of Academic Excellence (CAE) in Cyber Operations Program. The CAE-Cyber Operations Program will follow the same time line as the Centers for Academic Excellence in Information Assurance Education/Research programs with applications accepted from four-year colleges and graduate-level universities annually by 15 January each year.
Frequently Asked questions
(Please Note that most of the information below is in draft form and subject to change.)
What is the NICE NIST Framework?
The purpose of the National Cybersecurity Workforce Framework is to define and categorize fields and specialties within Cybersecurity. What do we call a network security specialist? How do we ensure quality and consistency among different universities? How do we ensure curriculum prepares students for the workforce? Are we using the same vocabulary to discuss the same issues? These are all questions the framework deals with. The Framework is a dictionary, a tool, and it is meant to create an environment for collaboration.
Click here for more information on the National Initiative For Cybersecurity Education (NICE)
- The National Institute of Standards and Technology (NIST)
NIST the is leading the NICE initiative, including more than 20 federal departments and agencies, to ensure coordination, cooperation, focus, public engagement, technology transfer and sustainability. Many NICE activities are already underway and NIST will highlight these activities, engage various stakeholder groups and create forums for sharing information and leveraging best practices. NIST will also be looking for “gaps” in the initiative -- areas of the overarching mission that are not addressed by ongoing activities.
The Framework was developed over four phases: Data Gathering, Expert Review and Analysis, Public Comment Period, and Finalization of the Framework.
Phase 1: Data Gathering
The first phase was done by gathering information from the following sources: DoD Cybersecurity Workforce Framework, IC Cyber Subdirectory, OPM Cybersecurity Model, Fed CIO Council Matrix Project, DHS Essential Body of Knowledge and other existing competencies and job analysis work.
Phase 2: Expert Review and Analysis
A draft framework was refined during this phase. Focus Groups were conducted, gathering input from experts across the government, academia, and industry. After this, a revised Framework was established.
Phase 3: Public Comment Period
During this phase a draft of the Framework was released (through NICE) for public comment. The input was then compiled and analyzed on the draft Framework.
Phase 4: Finalizing the Framework
In the last phase a verification process was conducted by experts and the finalized version of the National Cybersecurity Workforce Framework (1.0) was released.
What are the Benefits of the Framework?
In short, the framework benefits organizations, the workforce, and even the nation. The benefit of consistent language and classifications is that organizations can use such a repository to describe and define their workers in the Cybersecurity workforce. An additional benefit of such consistent language is that skills can be more easily assessed and developed. The classification of roles also has the additive benefit of streamlining human capital efforts (who can and will take care of certain tasks) .
What are Knowledge Units?
In short, knowledge units are measurements of how prepared a student is on certain or specific subjects. A course may fufill the requirements of one or more Knowledge units. It is one of the criteria's for CAE.
What is the criteria for CAE/CAE2Y?
The criteria is still in draft form, but there will be an application process, along with requiring unversities to map to knowledge units.
What is the status of the CNSS standards?
The CNSS standards still exist and federal agencies still map to it, hence your students will still receive the same benefits of a solid curriculum. However, the CNSS standards will NOT be applicable to CAE/CAE2Y