Evaluates collection operations and develops effects-based collection requirements strategies using available sources and methods to improve collection. Develops, processes, validates, and coordinates submission of collection requirements. Evaluates performance of collection assets and collection operations.
*Certification Declaration
Certification Declaration
Each certification is mapped to the NICE Framework, which organizes cybersecurity into seven high-level Categories, each comprised of several specialty areas, work roles, knowledge, skills, abilities, and tasks. These seven high-level Categories are aligned directly to the CCE® Program’s certification Concentration Areas. Candidates often prepare for an exam by using a variety of resources that familiarize them with the authoritative sources and the exam’s concentration area.
Third-party products and services, including course instructors have helped many candidates to close knowledge and skill gaps. The CCE® Program does not endorse any particular provider and encourages candidates to use a variety of tools and resources that will enhance their understanding of relevant principles and the exam’s concentration area.
NICE Framework Category
CCE® Concentration Area:
Collect and Operate (CO)
NICE Specialty Area:
Collection Operations (CLO)
NICE Work Role ID:
CO-CLO-002
OPM Code | DCWF Code:
312
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
ID & Description
- K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 – Knowledge of cybersecurity and privacy principles.
- K0005 – Knowledge of cyber threats and vulnerabilities.
- K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
- K0036 – Knowledge of human-computer interaction principles.
- K0058 – Knowledge of network traffic analysis methods.
- K0109 – Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
- K0177 – Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- K0353 – Knowledge of possible circumstances that would result in changing collection management authorities.
- K0361– Knowledge of asset availability, capabilities and limitations.
- K0364 – Knowledge of available databases and tools necessary to assess appropriate collection tasking.
- K0380 – Knowledge of collaborative tools and environments.
- K0382 – Knowledge of collection capabilities and limitations.
- K0383 – Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan.
- K0384 – Knowledge of collection management functionality (e.g., positions, functions, responsibilities, products, reporting requirements).
- K0386 – Knowledge of collection management tools.
- K0387 – Knowledge of collection planning process and collection plan.
- K0390 – Knowledge of collection strategies.
- K0395 – Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).
- K0401 – Knowledge of criteria for evaluating collection products.
- K0404 – Knowledge of current collection requirements.
- K0412 – Knowledge of cyber lexicon/terminology
- K0417 – Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
- K0419 – Knowledge of database administration and maintenance.
- K0421 – Knowledge of databases, portals and associated dissemination vehicles.
- K0425 – Knowledge of different organization objectives at all levels, including subordinate, lateral and higher.
- K0427 – Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).
- K0431 – Knowledge of evolving/emerging communications technologies.
- K0435 – Knowledge of fundamental cyber concepts, principles, limitations, and effects.
- K0444 – Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP).
- K0445 – Knowledge of how modern digital and telephony networks impact cyber operations.
- K0446 – Knowledge of how modern wireless communications systems impact cyber operations.
- K0448 – Knowledge of how to establish priorities for resources.
- K0453 – Knowledge of indications and warning.
- K0454 – Knowledge of information needs.
- K0467 – Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).
- K0474 – Knowledge of key cyber threat actors and their equities.
- K0475 – Knowledge of key factors of the operational environment and threat.
- K0477 – Knowledge of leadership’s Intent and objectives.
- K0480 – Knowledge of malware.
- K0482 – Knowledge of methods for ascertaining collection asset posture and availability.
- K0492 – Knowledge of non-traditional collection methodologies.
- K0495 – Knowledge of ongoing and future operations.
- K0496 – Knowledge of operational asset constraints.
- K0498 – Knowledge of operational planning processes.
- K0505 – Knowledge of organization objectives and associated demand on collection management.
- K0513 – Knowledge of organizational priorities, legal authorities and requirements submission processes.
- K0516 – Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
- K0521 – Knowledge of priority information, how it is derived, where it is published, how to access, etc.
- K0526 – Knowledge of research strategies and knowledge management.
- K0527 – Knowledge of risk management and mitigation strategies.
- K0552 – Knowledge of tasking mechanisms.
- K0554 – Knowledge of tasking, collection, processing, exploitation and dissemination.
- K0558 – Knowledge of the available tools and applications associated with collection requirements and collection management.
- K0560 – Knowledge of the basic structure, architecture, and design of modern communication networks.
- K0561 – Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
- K0562 – Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes.
- K0563 – Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities.
- K0565 – Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
- K0568 – Knowledge of the definition of collection management and collection management authority.
- K0569 – Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture.
- K0570 – Knowledge of the factors of threat that could impact collection operations.
- K0579 – Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.
- K0580 – Knowledge of the organization’s established format for collection plan.
- K0581 – Knowledge of the organization’s planning, operations and targeting cycles.
- K0584 – Knowledge of the organizational policies/procedures for temporary transfer of collection authority.
- K0587 – Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products.
- K0588 – Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization.
- K0596 – Knowledge of the request for information process.
- K0605 – Knowledge of tipping, cueing, mixing, and redundancy.
- K0610 – Knowledge of virtualization products (VMware, Virtual PC).
- K0612 – Knowledge of what constitutes a “threat” to a network.
ID & Description
- S0189 – Skill in assessing and/or estimating effects generated during and after cyber operations.
- S0194 – Skill in conducting non-attributable research.
- S0203 – Skill in defining and characterizing all pertinent aspects of the operational environment.
- S0211 – Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
- S0216 – Skill in evaluating available capabilities against desired effects to provide effective courses of action.
- S0218 – Skill in evaluating information for reliability, validity, and relevance.
- S0227 – Skill in identifying alternative analytical interpretations to minimize unanticipated outcomes.
- S0228 – Skill in identifying critical target elements, to include critical target elements for the cyber domain.
- S0229 – Skill in identifying cyber threats which may jeopardize organization and/or partner interests.
- S0249 – Skill in preparing and presenting briefings.
- S0254 – Skill in providing analysis to aid writing phased after action reports.
- S0256 – Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships.
- S0271 – Skill in reviewing and editing assessment products.
- S0278 – Skill in tailoring analysis to the necessary levels (e.g., classification and organizational).
- S0285 – Skill in using Boolean operators to construct simple and complex queries.
- S0288 – Skill in using multiple analytic tools, databases, and techniques (e.g., Analyst’s Notebook, A-Space, Anchory, M3, divergent/convergent thinking, link charts, matrices, etc.).
- S0289 – Skill in using multiple search engines (e.g., Google, Yahoo, LexisNexis, DataStar) and tools in conducting open-source searches.
- S0292 – Skill in using targeting databases and software packages.
- S0296 – Skill in utilizing feedback to improve processes, products, and services.
- S0297 – Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint).
- S0303 – Skill in writing, reviewing and editing cyber-related Intelligence/assessment products from multiple sources.
- S0360 – Skill to analyze and assess internal and external partner cyber operations capabilities and tools.
ID & Description
- A0069 – Ability to apply collaborative skills and strategies.
- A0070 – Ability to apply critical reading/thinking skills.
- A0078 – Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations.
ID & Description
- T0564 – Analyze feedback to determine extent to which collection products and services are meeting requirements.
- T0565 – Analyze incoming collection requests.
- T0568 – Analyze plans, directives, guidance and policy for factors that would influence collection management’s operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements).
- T0577 – Assess efficiency of existing information exchange and management systems.
- T0578 – Assess performance of collection assets against prescribed specifications.
- T0580 – Assess the effectiveness of collections in satisfying priority information gaps, using available capabilities and methods, and adjust collection strategies and collection requirements accordingly.
- T0596 – Close requests for information once satisfied.
- T0602 – Collaborate with customer to define information requirements.
- T0605 – Compile lessons learned from collection management activity’s execution of organization collection objectives.
- T0613 – Conduct formal and informal coordination of collection requirements in accordance with established guidelines and procedures.
- T0651 – Develop a method for comparing collection reports to outstanding requirements to identify information gaps.
- T0668 – Develop procedures for providing feedback to collection managers, asset managers, and processing, exploitation and dissemination centers.
- T0675 – Disseminate reports to inform decision makers on collection issues.
- T0675 – Conduct and document an assessment of the collection results using established procedures.
- T0682 – Validate the link between collection requests and critical information requirements and priority intelligence requirements of leadership.
- T0689 – Evaluate extent to which collected information and/or produced intelligence satisfy information requests.
- T0693 – Evaluate extent to which collection operations are synchronized with operational requirements.
- T0694 – Evaluate the effectiveness of collection operations against the collection plan.
- T0714 – Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups.
- T0725 – Identify and mitigate risks to collection management ability to support the plan, operations and target cycle.
- T0730 – Inform stakeholders (e.g., collection managers, asset managers, processing, exploitation and dissemination centers) of evaluation results using established procedures.
- T0734 – Issue requests for information.
- T0746 – Modify collection requirements as necessary.
- T0780 – Provide advisory and advocacy support to promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans.
- T0809 – Review capabilities of allocated collection assets.
- T0810 – Review intelligence collection guidance for accuracy/applicability
- T0811 – Review list of prioritized collection requirements and essential information.
- T0819 – Solicit and manage to completion feedback from requestors on quality, timeliness, and effectiveness of collection against collection requirements.
- T0822 – Submit information requests to collection requirement management section for processing as collection requests.
- T0830 – Track status of information requests, including those processed as collection requests and production requirements, using established procedures.
- T0831 – Translate collection requests into applicable discipline-specific collection requirements.
- T0832 – Use feedback results (e.g., lesson learned) to identify opportunities to improve collection management efficiency and effectiveness.
- T0833 – Validate requests for information according to established criteria.
- Knowledge
-
ID & Description
- K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 – Knowledge of cybersecurity and privacy principles.
- K0005 – Knowledge of cyber threats and vulnerabilities.
- K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
- K0036 – Knowledge of human-computer interaction principles.
- K0058 – Knowledge of network traffic analysis methods.
- K0109 – Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).
- K0177 – Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- K0353 – Knowledge of possible circumstances that would result in changing collection management authorities.
- K0361– Knowledge of asset availability, capabilities and limitations.
- K0364 – Knowledge of available databases and tools necessary to assess appropriate collection tasking.
- K0380 – Knowledge of collaborative tools and environments.
- K0382 – Knowledge of collection capabilities and limitations.
- K0383 – Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan.
- K0384 – Knowledge of collection management functionality (e.g., positions, functions, responsibilities, products, reporting requirements).
- K0386 – Knowledge of collection management tools.
- K0387 – Knowledge of collection planning process and collection plan.
- K0390 – Knowledge of collection strategies.
- K0395 – Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).
- K0401 – Knowledge of criteria for evaluating collection products.
- K0404 – Knowledge of current collection requirements.
- K0412 – Knowledge of cyber lexicon/terminology
- K0417 – Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).
- K0419 – Knowledge of database administration and maintenance.
- K0421 – Knowledge of databases, portals and associated dissemination vehicles.
- K0425 – Knowledge of different organization objectives at all levels, including subordinate, lateral and higher.
- K0427 – Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).
- K0431 – Knowledge of evolving/emerging communications technologies.
- K0435 – Knowledge of fundamental cyber concepts, principles, limitations, and effects.
- K0444 – Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP).
- K0445 – Knowledge of how modern digital and telephony networks impact cyber operations.
- K0446 – Knowledge of how modern wireless communications systems impact cyber operations.
- K0448 – Knowledge of how to establish priorities for resources.
- K0453 – Knowledge of indications and warning.
- K0454 – Knowledge of information needs.
- K0467 – Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).
- K0474 – Knowledge of key cyber threat actors and their equities.
- K0475 – Knowledge of key factors of the operational environment and threat.
- K0477 – Knowledge of leadership’s Intent and objectives.
- K0480 – Knowledge of malware.
- K0482 – Knowledge of methods for ascertaining collection asset posture and availability.
- K0492 – Knowledge of non-traditional collection methodologies.
- K0495 – Knowledge of ongoing and future operations.
- K0496 – Knowledge of operational asset constraints.
- K0498 – Knowledge of operational planning processes.
- K0505 – Knowledge of organization objectives and associated demand on collection management.
- K0513 – Knowledge of organizational priorities, legal authorities and requirements submission processes.
- K0516 – Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
- K0521 – Knowledge of priority information, how it is derived, where it is published, how to access, etc.
- K0526 – Knowledge of research strategies and knowledge management.
- K0527 – Knowledge of risk management and mitigation strategies.
- K0552 – Knowledge of tasking mechanisms.
- K0554 – Knowledge of tasking, collection, processing, exploitation and dissemination.
- K0558 – Knowledge of the available tools and applications associated with collection requirements and collection management.
- K0560 – Knowledge of the basic structure, architecture, and design of modern communication networks.
- K0561 – Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
- K0562 – Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes.
- K0563 – Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities.
- K0565 – Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.
- K0568 – Knowledge of the definition of collection management and collection management authority.
- K0569 – Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture.
- K0570 – Knowledge of the factors of threat that could impact collection operations.
- K0579 – Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.
- K0580 – Knowledge of the organization’s established format for collection plan.
- K0581 – Knowledge of the organization’s planning, operations and targeting cycles.
- K0584 – Knowledge of the organizational policies/procedures for temporary transfer of collection authority.
- K0587 – Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products.
- K0588 – Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization.
- K0596 – Knowledge of the request for information process.
- K0605 – Knowledge of tipping, cueing, mixing, and redundancy.
- K0610 – Knowledge of virtualization products (VMware, Virtual PC).
- K0612 – Knowledge of what constitutes a “threat” to a network.
- Skills
-
ID & Description
- S0189 – Skill in assessing and/or estimating effects generated during and after cyber operations.
- S0194 – Skill in conducting non-attributable research.
- S0203 – Skill in defining and characterizing all pertinent aspects of the operational environment.
- S0211 – Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
- S0216 – Skill in evaluating available capabilities against desired effects to provide effective courses of action.
- S0218 – Skill in evaluating information for reliability, validity, and relevance.
- S0227 – Skill in identifying alternative analytical interpretations to minimize unanticipated outcomes.
- S0228 – Skill in identifying critical target elements, to include critical target elements for the cyber domain.
- S0229 – Skill in identifying cyber threats which may jeopardize organization and/or partner interests.
- S0249 – Skill in preparing and presenting briefings.
- S0254 – Skill in providing analysis to aid writing phased after action reports.
- S0256 – Skill in providing understanding of target or threat systems through the identification and link analysis of physical, functional, or behavioral relationships.
- S0271 – Skill in reviewing and editing assessment products.
- S0278 – Skill in tailoring analysis to the necessary levels (e.g., classification and organizational).
- S0285 – Skill in using Boolean operators to construct simple and complex queries.
- S0288 – Skill in using multiple analytic tools, databases, and techniques (e.g., Analyst’s Notebook, A-Space, Anchory, M3, divergent/convergent thinking, link charts, matrices, etc.).
- S0289 – Skill in using multiple search engines (e.g., Google, Yahoo, LexisNexis, DataStar) and tools in conducting open-source searches.
- S0292 – Skill in using targeting databases and software packages.
- S0296 – Skill in utilizing feedback to improve processes, products, and services.
- S0297 – Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint).
- S0303 – Skill in writing, reviewing and editing cyber-related Intelligence/assessment products from multiple sources.
- S0360 – Skill to analyze and assess internal and external partner cyber operations capabilities and tools.
- Abilities
-
ID & Description
- A0069 – Ability to apply collaborative skills and strategies.
- A0070 – Ability to apply critical reading/thinking skills.
- A0078 – Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations.
- Tasks
-
ID & Description
- T0564 – Analyze feedback to determine extent to which collection products and services are meeting requirements.
- T0565 – Analyze incoming collection requests.
- T0568 – Analyze plans, directives, guidance and policy for factors that would influence collection management’s operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements).
- T0577 – Assess efficiency of existing information exchange and management systems.
- T0578 – Assess performance of collection assets against prescribed specifications.
- T0580 – Assess the effectiveness of collections in satisfying priority information gaps, using available capabilities and methods, and adjust collection strategies and collection requirements accordingly.
- T0596 – Close requests for information once satisfied.
- T0602 – Collaborate with customer to define information requirements.
- T0605 – Compile lessons learned from collection management activity’s execution of organization collection objectives.
- T0613 – Conduct formal and informal coordination of collection requirements in accordance with established guidelines and procedures.
- T0651 – Develop a method for comparing collection reports to outstanding requirements to identify information gaps.
- T0668 – Develop procedures for providing feedback to collection managers, asset managers, and processing, exploitation and dissemination centers.
- T0675 – Disseminate reports to inform decision makers on collection issues.
- T0675 – Conduct and document an assessment of the collection results using established procedures.
- T0682 – Validate the link between collection requests and critical information requirements and priority intelligence requirements of leadership.
- T0689 – Evaluate extent to which collected information and/or produced intelligence satisfy information requests.
- T0693 – Evaluate extent to which collection operations are synchronized with operational requirements.
- T0694 – Evaluate the effectiveness of collection operations against the collection plan.
- T0714 – Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups.
- T0725 – Identify and mitigate risks to collection management ability to support the plan, operations and target cycle.
- T0730 – Inform stakeholders (e.g., collection managers, asset managers, processing, exploitation and dissemination centers) of evaluation results using established procedures.
- T0734 – Issue requests for information.
- T0746 – Modify collection requirements as necessary.
- T0780 – Provide advisory and advocacy support to promote collection planning as an integrated component of the strategic campaign plans and other adaptive plans.
- T0809 – Review capabilities of allocated collection assets.
- T0810 – Review intelligence collection guidance for accuracy/applicability
- T0811 – Review list of prioritized collection requirements and essential information.
- T0819 – Solicit and manage to completion feedback from requestors on quality, timeliness, and effectiveness of collection against collection requirements.
- T0822 – Submit information requests to collection requirement management section for processing as collection requests.
- T0830 – Track status of information requests, including those processed as collection requests and production requirements, using established procedures.
- T0831 – Translate collection requests into applicable discipline-specific collection requirements.
- T0832 – Use feedback results (e.g., lesson learned) to identify opportunities to improve collection management efficiency and effectiveness.
- T0833 – Validate requests for information according to established criteria.