Standards in this Framework
| Standard | Description |
|---|---|
| 1.12.3. | Interpret security policies through job specific training and training updates. |
| 1.12.4. | Apply secure password behavior. |
| 1.12.5. | Apply physical and virtual situational awareness (e.g., clean desk policies, shoulder surfing, social engineering, tailgating). |
| 2.1.1. | Explain the need for confidentiality, integrity, and availability (CIA) of information. |
| 2.1.2. | Describe authentication, authorization, and auditing. |
| 2.1.3. | Describe multilevel security. |
| 2.1.4. | Identify security risks and describe associated safeguards and methodologies (e.g., auditing). |
| 2.1.5. | Describe major threats to computer systems (e.g., insider threats, viruses, worms, spyware, ransomware, spoofing, hacking, social engineering, phishing). |
| 2.1.10. | Describe computer forensics, its importance in information security and cybersecurity, and its relevance to law enforcement. |
| 2.1.11. | Identify the need for personal security in digital information and describe how personal information can be safeguarded. |
| 2.1.13. | Describe privacy security compliance on systems (e.g., Health Insurance Portability and Accountability Act [HIPAA], Payment Card Industry [PCI], Sarbanes Oxley Act [SOX], Americans with Disabilities Act [ADA], General Data Protection Regulation [GDPR], European Union Data Protection Regulation [EUDPR]). |
| 2.4.1. | Investigate the scope and the impact of mobile computing environments on society. |
| 2.4.2. | Describe the differences, advantages, and limitations of cloud computing (e.g., public cloud, private cloud, hybrid cloud) and on-premises computing. |
| 2.4.4. | Describe emerging technologies (e.g., Bring your Own Device [BYOD], Services Virtualization, Augmented Reality [AR], SMART Devices, Additive Manufacturing [3D Printing]). |
| 3.1.1. | Differentiate between authentication and authorization. |
| 3.1.2. | Compare authentication techniques (e.g. single factor, multifactor, passwords, biometrics, certificates, Radio Frequency Identification [RFID] cards). |
| 3.1.4. | Describe Virtual Private Networks (VPNs) using tunneling protocols (e.g., Layer 2 Tunneling Protocol [L2TP], Secure Socket Tunneling Protocol [SSTP], Point-to-Point Tunneling Protocol [PPTP] and encrypting techniques). |
| 3.2.1. | Identify and implement data and application security. |
| 3.2.8. | Identify the need for disaster recovery policies and procedures. |
| 3.3.1. | Describe network security policies (e.g., acceptable use policy). |
| 3.3.5. | Assess risks based on vulnerability of the organization, likelihood of risk, and impact on the organization. |
| 3.3.6. | Describe the functions and uses of patch management. |
| 3.4.3. | Compare network analysis software (e.g., network analyzer) and hardware tools to identify security risks and vulnerabilities. |
| 3.4.4. | Identify the components of human security (e.g., social engineering) and techniques to mitigate human security threats (e.g., policies, procedures, training). |
| 3.5.1. | Describe wireless security risks (e.g., unauthorized access) and how to mitigate them. |
| 3.5.2 | Compare methods of increasing the security of wireless networks and devices (e.g., Media Access Control [MAC] address filtering, Wi-Fi Protected Access [WPA], 802.1x, Remote Authentication Dial In User Service [RADIUS]). |
| 3.5.3 | Research security enhancements provided by Institute of Electrical and Electronics Engineers (IEEE). |
| 3.5.4 | Describe practices and policies for preventing and detecting installation of rogue networks. |
| 3.5.5. | Describe security practices and policies for personal devices. |
| 3.5.6. | Implement and test the security of a wireless network. |
| 4.1.1. | Determine the basic point-to-point (PTP) and point-to-multipoint (PTMP) network topologies (e.g., star, ring, tree, mesh, hybrid) and identify broadband and baseband (e.g., Ethernet) transmission methods and standards. |
| 4.1.4. | Identify standard and emerging network technologies (e.g., broadband, satellite, optic, cellular, Local-Area Network (LAN) and WiFi). |
| 4.1.6. | Configure and build a network. (e.g., server, switch, router) |
| 4.2.3. | Compare the seven layers of the Open Systems Interconnection stack to the four layers of the Transmission Control Protocol/Internet Protocol (TCP/IP) stack. |
| 4.2.5. | Describe actions to be performed at each of the Open Systems Interconnection physical layers. |
| 4.3.1. | Identify the criteria used in selecting media (e.g., physical properties, transmission technologies, transmission span, bandwidth, topology, security, noise immunity, installation considerations, cost). |
| 4.3.2. | Differentiate between media types (e.g., coaxial, twisted pair, fiber optic) and interfaces. |
| 4.3.3. | Compare media categories (e.g., single mode, multimode, CAT5, CAT5E, CAT6+). |
| 4.3.4. | Describe types of media connectors (e.g., Bayonet Neill-Concelman [BNC], Registered Jack [RJ]-45, LC, ST) and grounding techniques. |
| 4.3.6. | Identify the advantages and disadvantages of cabling systems. |
| 4.4.1. | Compare wireless standards in common use (e.g., Institute of Electrical and Electronics Engineers [IEEE] 802.11, Cellular, Bluetooth, Worldwide Interoperability for Microwave Access [WiMAX], Radio Frequency Identification [RFID], Near Field Communication [NFC]). |
| 4.5.3. | Describe the Service Set Identifier (SSID) as used in wireless communications. |
| 4.5.4. | Select and install access points, wireless Network Interface Cards (NICs), antennas, and other hardware and software components to provide a wireless networking solution as determined by a site and customer survey. |
| 4.5.6. | Secure the wireless network. |
| 9.1.1. | Identify the goals, objectives and purposes of cybersecurity. |
| 9.1.2. | Describe the concepts of malware attack vectors. |
| 9.1.5. | Identify types of controls (e.g., Deterrent, Preventive, Detective, Compensating, Technical, and Administrative). |
| 9.3.1. | Identify application vulnerabilities (e.g., Cross-site scripting, SQL injection, LDAP injection, XML injection, Directory traversal/command injection, Buffer overflow, Integer overflow, Zero-day, Cookies and attachments, Locally Shared Objects (LSOs), Flash cookies, Malicious add-ons, Session hijacking, Header manipulation, Arbitrary code execution/remote code execution). |
| 9.3.5 | Discover and mitigate common database vulnerabilities and attacks. |
| 9.3.6. | Differentiate between Server-side vs. client-side validation. |
| 9.5.1. | Describe, locate, and mitigate security threats (e.g., Adware, Viruses, Spyware, Trojan, Rootkits, Logic bomb, Botnets, Ransomware, Polymorphic malware). |
| 9.5.2. | Describe and discover vulnerabilities to and mitigate network attacks. (e.g., Man-in-the-middle, DDoS, DoS, Replay, Smurf attack, Spoofing, Spam, Phishing, Spim, Spit and other attacks). |
| 9.5.4. | Describe, appraise for, and mitigate Social Engineering attacks (e.g., Shoulder surfing, Dumpster diving, Tailgating, Impersonation, Hoaxes, Phishing, Spear Phishing, Whaling, Vishing, Principles, URL hijacking, Watering Hole). |
| 9.5.5. | Perform penetration testing. |
| 9.7.1. | Recognize digital reconnaissance techniques (e.g., packet capture, OS fingerprinting, topology discovery, DNS harvesting). |
| 9.7.2. | Use tools and procedures for digital reconnaissance (e.g., host scanning, network mapping, NMAP, packet analyzer, vulnerability scanner). |
| 9.7.3. | Analyze reconnaissance results (data correlation, data analytics, point-in-time, data logs, packet captures). |
| 9.7.4. | Collect digital evidence according to established policies and protocols (e.g., system image, packet captures). |
| 9.7.5. | Maintain chain of custody on evidence. |
| 9.7.6. | Generate file hash. |
| 9.8.2. | Differentiate between detection controls and prevention controls (e.g., IDS vs. IPS, Camera vs. guard). |
| 9.8.3. | Use discovery tools and utilities to identify threats (e.g., Protocol analyzer, Vulnerability scanner, Honeypots, Honeynets, Port scanner). |
| 9.8.9 | Interpret alarms and alert trends. |
| 9.8.10 | Apply Incident response procedures (e.g., Preparation, Incident identification, Escalation and notification, Mitigation steps, Lessons learned, Reporting, Recovery procedures, First responder, Incident isolation, Quarantine, Device removal, Data breach). |
| 9.8.11 | Differentiate between types of Penetration testing (e.g., Black box, White box, Gray box). |
| 9.10.1 | Enforce concepts related to threat vectors and probability/threat likelihood. |
| 9.10.2 | Identify concepts of risk calculation (Likelihood, ALE, Impact, SLE, ARO, MTTR, MTTF, MTBF). |
