Standards in this Framework
Standard | Description |
---|---|
1.1.1 | Identify career pathways in cybersecurity. |
1.1.2 | Identify industry certification options for career pathways. |
1.1.3 | Identify postsecondary options that will advance career pathway goals. |
1.2.1 | Describe the objective of cybersecurity in businesses and organizations. |
1.2.2 | Identify the mindsets and traits (e.g., continuous learning, passion, integrity, curiosity) of the cybersecurity professional. |
2.1.1 | Describe data and data types. |
2.1.2 | Explain the CIA model (confidentiality, integrity, availability). |
2.1.3 | Explain the concepts of authentication, authorization and auditing (AAA). |
2.1.4 | Identify basic cryptography concepts, methods, and uses. |
2.1.5 | Identify the concepts of access control principles. |
2.1.6 | Identify access control models. |
2.1.7 | Explain the principle of least privilege. |
2.1.8 | Describe Zero Trust architecture. |
2.1.9 | Identify techniques to protect data in all three states (i.e., “data in use”, “data at rest” and “data in motion”). |
2.1.10 | Explain types of vulnerabilities, exploits, and cyber threats. |
2.1.11 | Identify the common types of cyber threat actors. |
2.1.12 | Describe the phases of Cyber Kill Chain framework. |
2.1.13 | Describe vulnerability management. |
2.1.14 | Explain the importance of asset inventory. |
2.1.15 | Define risk and risk management. |
2.1.16 | Describe the value of risk assessment. |
2.1.17 | Describe the importance of cybersecurity policies and procedures. |
2.2.1 | Explain ethical and legal issues related to cybersecurity. |
2.2.2 | Describe ethical hacking and non-ethical hacking. |
2.2.3 | Identify cyber laws and regulations for individuals and businesses. |
2.2.4 | Explain the importance of protecting intellectual property. |
3.1.1 | Compare storage media. |
3.1.2 | Describe the architecture of a computer. |
3.1.3 | Compare read-only memory (ROM) and random-access memory (RAM). |
3.1.4 | Describe basic boot methods and boot order. |
3.1.5 | Compare the file structures of Windows and Linux |
3.1.6 | Describe password policies. |
3.1.7 | Identify programming languages used in cybersecurity. |
3.1.8 | Program with a text-based language (e.g., Python), using version control, unit testing and recommended styles and idioms. |
3.1.9 | Describe the role of Bash and PowerShell, used by cybersecurity analysts. |
3.2.1 | Describe types of area networks (e.g., LAN, WAN, MAN). |
3.2.2 | Describe various network communication technologies (e.g., Wi-Fi, mobile data, Ethernet). |
3.2.3 | Identify networkable devices (i.e., Internet of Things [IoT]), their categories, benefits and security risks. |
3.2.4 | Compare the Open Systems Interconnection (OSI) model and the TCP/IP model. |
3.2.5 | Describe tools and techniques available to identify networking interfaces and their settings. |
3.2.6 | Describe the following network services: Address Resolution Protocol (ARP), Dynamic Host Configuration Protocol (DHCP), and Domain Name System (DNS). |
3.2.7 | Describe subnetting of Layer 3 addresses. |
3.2.8 | Identify the common TCP and UDP ports used in networking. |
3.2.9 | Compare the two transport methods used in Layer 4 of the OSI model within the TCP/IP stack. |
3.2.10 | Describe the use of an access control list on an interface |
3.2.11 | Describe the use of IP tables for access control. |
3.2.12 | Describe the use of Windows firewall for access control. |
3.2.13 | Compare communication types: unicast, broadcast, multicast, and anycast. |
3.2.14 | Describe the purposes and types of virtual access. |
3.2.15 | Define Cloud Computing |
4.1.1 | Install and configure Windows desktop operating system. |
4.1.2 | Install and configure Linux desktop operating system. |
4.1.3 | Install and configure server operating system. |
4.1.4 | Manage a desktop operating system through its lifecycle. |
4.1.5 | Manage a server operating system through its lifecycle. |
4.1.6 | Recover a desktop operating system. |
4.1.7 | Recover a server operating system. |
4.1.8 | Explain reasons and options for segmentation. |
4.1.9 | Describe the value of logging and monitoring. |
4.1.10 | Obtain information and navigate an operating system, using command line. |
4.1.11 | Perform basic configurations for routers and switches. |
4.1.12 | Implement IP addressing schemes, given an address space. |
4.1.13 | Map different network layer identifiers for a process. |
4.1.14 | Describe network device port security and hardening. |
4.1.15 | Describe operating system hardening. |
4.1.16 | Apply encryption methods and tools to decipher encrypted data. |
4.1.17 | Identify different options for redundancy. |
4.1.18 | Implement redundancy. |
4.1.19 | Identify important data or systems that need redundancy. |
4.1.20 | Define high availability (HA). |
4.2.1 | Describe basic hardware and software problems, using industry terminology. |
4.2.2 | Describe troubleshooting techniques used with hardware and software to identify and fix errors. |
4.2.3 | Implement systematic troubleshooting strategies used with hardware and software to identify and fix errors. |
5.1.1 | Perform device discovery. |
5.1.2 | Identify types of tools that can be used to monitor, collect, and analyze information across platforms. |
5.1.3 | Describe how a security framework is used to assess the security posture of an enterprise environment. |
5.1.4 | Define defense in depth. |
5.1.5 | Describe social engineering. |
5.2.1 | Explain the proper use of penetration testing versus vulnerability scanning. |
5.2.2 | Describe the steps of a penetration test and its role in securing a business. |
5.2.3 | Identify the Open Web Application Security Project (OWASP) Top 10. |
5.2.4 | Identify Common Vulnerability and Exposure (CVE), a list of specific vulnerabilities for specific products. |
5.3.1 | Describe the different types of attacks that affect physical security. |
5.3.2 | Describe physical access controls. |
6.1.1 | Define incident response. |
6.1.2 | Describe the steps of incident response. |
6.1.3 | Explain basic forensic concepts and practices including eDiscovery, documentation, chain of custody, and data transport. |
6.1.4 | Describe the importance of policies and procedures in incident response. |
6.1.5 | Define recovery. |