Standards in this Framework
| Standard | Description |
|---|---|
| 19.01 | Define cybersecurity. |
| 19.02 | Describe how information security evolved into cybersecurity and the impact of the Internet on the pace and nature of the evolution. |
| 19.03 | Describe the individual elements that comprise the CIA triad (i.e., Confidentiality, Integrity, Availability). |
| 19.04 | Define and explain the various types of hackers and the role each plays in cybersecurity. |
| 19.05 | Describe various methodologies used by hackers and the basis for their employment. |
| 19.06 | Describe the individual elements of the AAA model (Authentication, Authorization and Accounting). |
| 20.01 | Describe the role of the National Security Agency. |
| 20.02 | Describe current trends in cyberattacks and strategies for combating them. |
| 20.03 | Describe the legal implications of computer hacking and other forms of cyberattacks. |
| 20.04 | Understand the importance of the weekly bulletins distributed by the United States Computer Emergency Readiness Team (US-CERT). |
| 20.05 | Determine if any software or hardware on a given network has vulnerabilities outlined in the most recent US-CERT bulletin. |
| 21.01 | Differentiate between cybersecurity and information assurance. |
| 21.02 | Define confidentiality and give examples of security breaches. |
| 21.03 | Define integrity and give examples of security breaches. |
| 21.04 | Define authenticity and give examples of security breaches. |
| 21.05 | Define accountability (non-repudiation) and give examples of security breaches. |
| 22.01 | Describe the internal components of a computer (e.g., power supply, hard drive, mother board, I/O cards/ports, cabling). |
| 22.02 | Demonstrate and understanding of common computer and programming terminology. |
| 22.03 | Explain the physical and logical architecture of a microcomputer system. |
| 22.04 | Describe the file types used in the operation of a computer. |
| 22.05 | Compare and contrast memory technologies (e.g., RAM, ROM, virtual memory, memory management). |
| 23.01 | Compare operating system file naming conventions. |
| 23.02 | Describe the common elements that comprise the architecture of an operating system (e.g., kernel, file manager, memory manager, device manager, network manager). |
| 23.03 | Demonstrate proficiency with file management and structure (e.g., folder creation, file creation, backup, copy, delete, open, save). |
| 23.04 | Demonstrate a working knowledge of standard file formats. |
| 23.05 | Describe the purpose of various operating systems (e.g., Windows, Mac, iOS, Android and Linux). |
| 23.06 | Describe the difference between client and network operating systems. |
| 23.07 | Differentiate between different operating systems and applications and Macros. |
| 23.08 | Explain the basics of boot sequences, methods and startup utilities. |
| 23.09 | Compare and contrast open source and proprietary software. |
| 23.10 | Describe common system utilities used in performing computer maintenance. |
| 24.01 | Explain the interrelations of the seven layers of the Open Systems Interconnection (OSI) as it relates to hardware and software. |
| 24.02 | Describe the purpose of the OSI model and each of its layers. |
| 24.03 | Explain specific functions belonging to each OSI model layer. |
| 24.04 | Understand how two network nodes communicate through the OSI model. |
| 24.05 | Discuss the structure and purpose of data packets and frames. |
| 24.06 | Describe the two types of addressing covered by the OSI model. |
| 25.01 | Explain the interrelations of the four layers of the TCP/IP model as it relates to hardware and software. |
| 25.02 | Describe the purpose of the TCP/IP model and each of its layers. |
| 25.03 | Explain specific functions belonging to each TCP/IP model layer. |
| 25.04 | Understand how two network nodes communicate through the TCP/IP model. |
| 25.05 | Describe the two types of addressing covered by the TCP/IP model. |
| 26.01 | Describe the services and protocols used in the OSI Application Layer (i.e., DHCP, DNS, FTP, HTTP, SMTP, Telnet, IMAP). |
| 26.02 | Describe the services and protocols used in the OSI Transport Layer (i.e., TCP, TLS/SSL, UDP). |
| 26.03 | Describe the services and protocols used in the OSI Network Layer (i.e., IP, ICMP, IGMP, IPsec). |
| 26.04 | Describe the services and protocols used in the OSI Data Link Layer (i.e., ARP, OSPF, L2TP, PPP). |
| 27.01 | Define networking and describe the purpose of a network. |
| 27.02 | Describe the conceptual background of digital networks and cloud computing including terminology and basics. |
| 27.03 | Describe various types of networks and the advantages and disadvantages of each (e.g., peer to peer, client/server, server/thin client, ROI). |
| 27.04 | Describe the use, advantages, and disadvantages of various network media (e.g. coaxial, twisted pair, fiber optics). |
| 27.05 | Describe the function of various network devices (e.g., managed switch, switched hub or switch, router, bridge, gateway, access points, modem). |
| 27.06 | Describe how network devices are identified (i.e., IP addressing). |
| 27.07 | Explain the protocols commonly used in a network environment. |
| 27.08 | Differentiate between public and private IP addresses. |
| 27.09 | Describe the common ports and corresponding protocols used in a network. |
| 27.10 | Describe the difference between the Internet and intranet. |
| 27.11 | Compare and contrast IPv4 and IPv6. |
| 27.12 | Compare and contrast the different methods for network connectivity (e.g., broadband, wireless, Bluetooth, cellular). |
| 27.13 | Discuss the differences between Local Area Network (LAN), Wide Area Network (WAN), Metropolitan Area Network (MAN), Virtual Local Area Network (VLAN), and Virtual Private Network (VPN). |
| 28.01 | Describe the various types of cloud computing (IaaS, PaaS, SaaS) and modes of delivery (Public, Private, Community, Hybrid). |
| 28.02 | Describe practices that aid in protecting the Hybrid cloud model. |
| 28.03 | Describe the challenges and solutions associated with securing embedded devices. |
| 29.01 | Distinguish between vulnerability and a threat. |
| 29.02 | Discuss the different types of attacks (e.g., active, passive). |
| 29.03 | Define security policy and explain its role in cybersecurity. |
| 29.04 | Describe the basic methods of authentication (e.g., password, biometrics, smart cards. two-factor authentication, multifactor authentication). |
| 29.05 | Describe the various forms of encryption methodologies (e.g., symmetric, asymmetric, block cipher, stream cipher). |
| 29.06 | Describe hash functions and their role in authentication. |
| 29.07 | Describe various method of access control used in computer security (e.g., policies, groups, Access Control List (ACL)). |
| 29.08 | Understand the concept of malware (i.e., ransomware, worms, viruses, adware) and how attackers use it to steal sensitive or confidential information. |
| 30.01 | Define cybercrime and discuss the challenges facing law enforcement. |
| 30.02 | Identify the key legislative acts that impact cybersecurity. |
| 30.03 | Describe the Federal criminal code related to computers and give examples of cybercrimes and penalties, particularly those involving inappropriate access. |
| 30.04 | Discuss the concept of digital forensics and its place in cybercrime investigations and incident response. |
| 30.05 | Distinguish among the Intellectual Property Rights of trademark, patent, and copyright. |
| 30.06 | Explain digital rights management and the implications of the Digital Millennium Copyright Act (DMCA). |
| 30.07 | Describe the implications of various social media on the safeguarding of personal or sensitive information. |
| 30.08 | Describe various safeguards that can be employed to help ensure that sensitive or confidential information is not inadvertently divulged or obtained. |
| 31.01 | Define virtual computing. |
| 31.02 | Explain the benefits of virtual computing. |
| 31.03 | Differentiate between guest and host operating systems. |
| 31.04 | Install desktop virtualization software. |
| 31.05 | Describe the role of the hypervisor. |
| 31.06 | Create and upgrade a virtual machine. |
| 31.07 | Optimize the performance of a virtual machine. |
| 31.08 | Preserve the state of a virtual machine. |
| 31.09 | Clone, move and share virtual machines. |
| 31.10 | Use basic (static) and dynamic virtual disks and disk drives. |
| 31.11 | Configure a virtual network. |
| 31.12 | Connect devices to a virtual machine. |
| 31.13 | Enable security settings on a virtual machine. |
| 32.01 | Configure 802.1x authentication for a given scenario. |
| 32.02 | Connect clients to a VPN. |
| 32.03 | Understand Authentication, Authorization and Accounting (AAA) management. |
| 32.04 | Differentiate between TACACS+ (Terminal Access Controller Access Control System) and RADIUS. |
| 32.05 | Differentiate between Layer 2 Tunneling Protocol (L2TP) and Point-to-Point Tunneling Protocol (PPTP) protocols as they apply to VPN options. |
| 32.06 | Implement the use of SSH (Secure Shell). |
| 32.07 | Implement the use of IPsec (Internet Protocol Security). |
| 32.08 | Identify vulnerabilities associated with authentication. |
| 32.09 | Understand ways to implement VoIP technologies. |
| 32.10 | Demonstrate the use and purpose of Kerberos. |
| 33.01 | Configure access controls including biometric devices, keypads and security tokens. |
| 33.02 | Recognize social engineering attempts. |
| 33.03 | Evaluate environmental controls (e.g., EMI shielding, temperature, humidity and fire suppression). |
| 33.04 | Develop a method of training users to recognize, report, and avoid social engineering attempts. |
| 33.05 | Identify components of physical security, including mantraps, motion detection, alarm systems, locks, video surveillance, and fences/barricades. |
| 33.06 | Install a camera for a video surveillance system. |
| 33.07 | Configure an alarm system including a keypad and motion detector. |
| 33.08 | Recognize vulnerabilities associated with physical security. |
| 33.09 | Explain how a mantrap is used as a counter measure against tailgating. |
| 34.01 | Configure and maintain software and hardware firewalls. |
| 34.02 | Configure and secure routers. |
| 34.03 | Apply security settings to switches. |
| 34.04 | Configure and secure wireless devices. |
| 34.05 | Secure a LAN connected to a DSL/cable modem. |
| 34.06 | Configure a RAS (Remote Access Server) for remote connectivity. |
| 34.07 | Securely deploy a PBX (Private Branch Exchange). |
| 34.08 | Explain the benefits of implementing a VPN (Virtual Private Network). |
| 34.09 | Deploy IDS (intrusion detection system) and IPS (intrusion prevention systems). |
| 34.1 | Analyze the performance, efficiency and security of the network based on network monitoring and diagnostic software. |
| 34.11 | Employ techniques used to lock down workstations. |
| 34.12 | Configure and secure servers for a given scenario. |
| 34.13 | Understand and assess the security of mobile devices including but not limited to those using the Android, iOS and Windows platforms. |
| 35.01 | Explain the security implications of the Internet of Things (IoT) (i.e., understand the efforts to address authentication and updates to IoT devices). |
| 35.02 | Explain societal and security challenges associated with robotics. |
| 35.03 | Explain security challenges associated with serverless computing. |
| 35.04 | Explain societal and security challenges associated with the implementation of 5G. |
| 35.05 | Describe and explain the security challenges of Autonomous vehicles (i.e., the significance of vehicular cybersecurity and its relation to: computer vision, artificial intelligence, machine learning and deep learning). |
| 36.01 | Understand access control as it applies to MAC (Mandatory Access Control). |
| 36.02 | Understand access control as it applies to DAC (Discretionary Access Control). |
| 36.03 | Understand access control as it applies to RBAC (Role Based Access Control). |
| 37.01 | Understand and identify security concerns with the use of Coaxial Cable. |
| 37.02 | The student should be able to identify and understand security concerns for UTP/STP (Unshielded Twisted Pair / Shielded Twisted Pair). |
| 37.03 | Identify and understand security concerns fiber optic cable. |
| 37.04 | Identify security concerns associated with removable media. |
| 37.05 | Address pitfalls associated with tape backups. |
| 37.06 | Apply drive encryption to hard drives. |
| 37.07 | Secure flash drives. |
| 37.08 | Smartcards and secure USB memory. |
| 38.01 | Determine Security Zones. |
| 38.02 | Point out vulnerabilities on a DMZ (Demilitarized Zone). |
| 38.03 | Explain the security benefits of using an intranet. |
| 38.04 | Explain the security benefits of using an extranet. |
| 38.05 | Secure a VLAN (Virtual Local Area Network). |
| 38.06 | Describe the security benefits associated with NAT (Network Address Translation). |
| 38.07 | Justify the implementation of tunneling, for security purpose. |
| 39.01 | Select and employ appropriate communication concepts and strategies to enhance oral and written communication in the workplace. |
| 39.02 | Locate, organize and reference written information from various sources. |
| 39.03 | Design, develop and deliver formal and informal presentations using appropriate media to engage and inform diverse audiences. |
| 39.04 | Interpret verbal and nonverbal cues/behaviors that enhance communication. |
| 39.05 | Apply active listening skills to obtain and clarify information. |
| 39.06 | Develop and interpret tables and charts to support written and oral communications. |
| 39.07 | Exhibit public relations skills that aid in achieving customer satisfaction. |
| 40.01 | Employ critical thinking skills independently and in teams to solve problems and make decisions. |
| 40.02 | Employ critical thinking and interpersonal skills to resolve conflicts. |
| 40.03 | Identify and document workplace performance goals and monitor progress toward those goals. |
| 40.04 | Conduct technical research to gather information necessary for decision-making. |
| 41.01 | Use personal information management (PIM) applications to increase workplace efficiency. |
| 41.02 | Employ technological tools to expedite workflow including word processing, databases, reports, spreadsheets, multimedia presentations, electronic calendar, contacts, email, and internet applications. |
| 41.03 | Employ computer operations applications to access, create, manage, integrate, and store information. |
| 41.04 | Employ collaborative/groupware applications to facilitate group work. |
| 42.01 | Describe the nature and types of business organizations. |
| 42.02 | Explain the effect of key organizational systems on performance and quality. |
| 42.03 | List and describe quality control systems and/or practices common to the workplace. |
| 42.04 | Explain the impact of the global economy on business organizations. |
| 43.01 | Evaluate and justify decisions based on ethical reasoning. |
| 43.02 | Evaluate alternative responses to workplace situations based on personal, professional, ethical, legal responsibilities, and employer policies. |
| 43.03 | Identify and explain personal and long-term consequences of unethical or illegal behaviors in the workplace. |
| 43.04 | Interpret and explain written organizational policies and procedures. |
| 43.05 | Display proficiency in using team-oriented collaboration and video teleconferencing software (e.g. Teams, Zoom). |
