Develops and maintains cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
*Certification Declaration
Certification Declaration
Each certification is mapped to the NICE Framework, which organizes cybersecurity into seven high-level Categories, each comprised of several specialty areas, work roles, knowledge, skills, abilities, and tasks. These seven high-level Categories are aligned directly to the CCE® Program’s certification Concentration Areas. Candidates often prepare for an exam by using a variety of resources that familiarize them with the authoritative sources and the exam’s concentration area.
Third-party products and services, including course instructors have helped many candidates to close knowledge and skill gaps. The CCE® Program does not endorse any particular provider and encourages candidates to use a variety of tools and resources that will enhance their understanding of relevant principles and the exam’s concentration area.
NICE Framework Category
CCE® Concentration Area:
Oversee and Govern (OV)
NICE Specialty Area:
Strategic Planning and Policy (SPP)
NICE Work Role ID:
OV-SPP-002
OPM Code | DCWF Code:
752
Common Controls Provider (SP062-WBT)
Counterintelligence for IT and Cybersecurity Professionals (AN209)
Counterintelligence for IT and Cybersecurity Professionals - SP (AN209-SP)
Cyber Policy and Strategy Planner (OV204-RBT)
Cybersecurity Fundamentals for Managers - WBT (OV053-WBT)
Cybersecurity Operations and Planning (AN165)
Cybersecurity Operations and Planning - SP (AN165-SP)
Cybersecurity Strategy (OV301)
FISMA Overview (SP106)
FISMA Overview - SP (SP106-SP)
Healthcare Security & Privacy for IT Professionals (OV105)
HIPAA / HITECH Compliance (OV110)
HIPAA / HITECH Compliance - WBT (OV010-WBT)
NIST 800-171 (SP105b)
NIST 800-171 - Remote (SP105a)
NIST 800-171 - SP (SP105-SP)
Privacy for IT/ISS Professionals (OV231)
Privacy for IT/ISS Professionals - SP (OV231-SP)
Risk Management Framework (RMF) Common Controls (SP111)
Risk Management Framework (RMF) Common Controls - SP (SP111-SP)
Social Media and Privacy - WBT (CYB080-WBT)
USCG War Game Exercise (CYB302)
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
ID & Description
- K0001 - Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 - Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 - Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 - Knowledge of cybersecurity and privacy principles.
- K0005 - Knowledge of cyber threats and vulnerabilities.
- K0006 - Knowledge of specific operational impacts of cybersecurity lapses.
- K0070 - Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- K0127 - Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).
- K0146 - Knowledge of the organization’s core business/mission processes.
- K0168 - Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
- K0234 - Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation).
- K0248 - Knowledge of strategic theory and practice.
- K0309 - Knowledge of emerging technologies that have potential for exploitation.
- K0311 - Knowledge of industry indicators useful for identifying technology trends.
- K0313 - Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).
- K0335 - Knowledge of current and emerging cyber technologies.
- K0624 - Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
ID & Description
- S0176 - Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.
- S0250 - Skill in preparing plans and related correspondence.
ID & Description
- A0003 - Ability to determine the validity of technology trend data.
- A0033 - Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
- A0037 - Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
ID & Description
- T0074 - Develop policy, programs, and guidelines for implementation.
- T0094 - Establish and maintain communication channels with stakeholders.
- T0222 - Review existing and proposed policies with stakeholders.
- T0226 - Serve on agency and interagency policy boards.
- T0341 - Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.
- T0369 - Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
- T0384 - Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals.
- T0390 - Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.
- T0408 - Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.
- T0425 - Analyze organizational cyber policy.
- T0429 - Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
- T0441 - Define and integrate current and future mission environments.
- T0445 - Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.
- T0472 - Draft, staff, and publish cyber policy.
- T0505 - Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
- T0506 - Seek consensus on proposed policy changes from stakeholders.
- T0529 - Provide policy guidance to cyber management, staff, and users.
- T0533 - Review, conduct, or participate in audits of cyber programs and projects.
- T0537 - Support the CIO in the formulation of cyber-related policies.
- Knowledge
-
ID & Description
- K0001 - Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002 - Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 - Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 - Knowledge of cybersecurity and privacy principles.
- K0005 - Knowledge of cyber threats and vulnerabilities.
- K0006 - Knowledge of specific operational impacts of cybersecurity lapses.
- K0070 - Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- K0127 - Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).
- K0146 - Knowledge of the organization’s core business/mission processes.
- K0168 - Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
- K0234 - Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation).
- K0248 - Knowledge of strategic theory and practice.
- K0309 - Knowledge of emerging technologies that have potential for exploitation.
- K0311 - Knowledge of industry indicators useful for identifying technology trends.
- K0313 - Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).
- K0335 - Knowledge of current and emerging cyber technologies.
- K0624 - Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
- Skills
-
ID & Description
- S0176 - Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.
- S0250 - Skill in preparing plans and related correspondence.
- Abilities
-
ID & Description
- A0003 - Ability to determine the validity of technology trend data.
- A0033 - Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
- A0037 - Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
- Tasks
-
ID & Description
- T0074 - Develop policy, programs, and guidelines for implementation.
- T0094 - Establish and maintain communication channels with stakeholders.
- T0222 - Review existing and proposed policies with stakeholders.
- T0226 - Serve on agency and interagency policy boards.
- T0341 - Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.
- T0369 - Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.
- T0384 - Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals.
- T0390 - Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.
- T0408 - Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.
- T0425 - Analyze organizational cyber policy.
- T0429 - Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
- T0441 - Define and integrate current and future mission environments.
- T0445 - Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.
- T0472 - Draft, staff, and publish cyber policy.
- T0505 - Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
- T0506 - Seek consensus on proposed policy changes from stakeholders.
- T0529 - Provide policy guidance to cyber management, staff, and users.
- T0533 - Review, conduct, or participate in audits of cyber programs and projects.
- T0537 - Support the CIO in the formulation of cyber-related policies.