Welcome to Lunarline School of Cybersecurity (SCS) - Providing Excellence in Cybersecurity Training and Certifications Since 2008
Contact SCS
School of Cybersecurity
To get started, contact us today at 571-481-9307
LinkedIn
YouTube
shopping_cart
Product was added to your cart

Cart

Program/Project Management (PMA) and Acquisition

Home NICE Framework Oversee and Govern (OV) Program/Project Management (PMA) and Acquisition

Program/Project Management (PMA) and Acquisition NICE Specialty Area

Applies knowledge of data, information, processes, organizational interactions, skills, and analytical expertise, as well as systems, networks, and information exchange capabilities to manage acquisition programs. Executes duties governing hardware, software, and information system acquisition programs and other program management policies. Provides direct support for acquisitions that use information technology (IT) (including National Security Systems), applying IT-related laws and policies, and provides IT-related guidance throughout the total acquisition life cycle.
NICE Framework Work Role Name:
Program Manager
NICE Framework Work Role ID:
OV-PMA-001
NICE Framework Category:
Oversee & Govern (OV)
NICE Framework Work Role Description:

Leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with agency or enterprise priorities.

School of Cybersecurity Training
School of Cybersecurity Training
  1. Cybersecurity for Managers (OV314)
  2. Cybersecurity for Managers – SP (OV214-SP)
  3. Cybersecurity Operations and Planning (AN165)
  4. Cybersecurity Operations and Planning – SP (AN165-SP)
  5. FISMA Overview (SP106)
  6. FISMA Overview – SP (SP106-SP)
  7. Information Systems Owners (SP063-WBT)
  8. Program Manager (OV205-RBT)
  9. Risk Management Framework (RMF) for Program Managers – Overview (SP203)
  10. Risk Management Framework (RMF) for Program Managers – Overview – SP (SP203-SP)
CCE<sup><small>®</sup></small> Program
CCE® Program
  1. Certified Expert Program Manager (CEPM)®
Knowledge, Skills, Abilities and Tasks
Knowledge, Skills, Abilities and Tasks
Knowledge
Knowledge
  1. K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
  2. K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  3. K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  4. K0004 – Knowledge of cybersecurity and privacy principles.
  5. K0005 – Knowledge of cyber threats and vulnerabilities.
  6. K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
  7. K0047 – Knowledge of information technology (IT) architectural concepts and frameworks.
  8. K0048 – Knowledge of Risk Management Framework (RMF) requirements.
  9. K0072 – Knowledge of resource management principles and techniques.
  10. K0090 – Knowledge of system life cycle management principles, including software security and usability.
  11. K0101 – Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
  12. K0120 – Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
  13. K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  14. K0146 – Knowledge of the organization’s core business/mission processes..
  15. K0148 – Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
  16. K0154 – Knowledge of supply chain risk management standards, processes, and practices.
  17. K0164 – Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).
  18. K0165 – Knowledge of risk/threat assessment.
  19. K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  20. K0194 – Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
  21. K0196 – Knowledge of Import/Export Regulations related to cryptography and other security technologies.
  22. K0198 – Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
  23. K0200 – Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  24. K0235 – Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
  25. K0257 – Knowledge of information technology (IT) acquisition/procurement requirements.
  26. K0270 – Knowledge of the acquisition/procurement life cycle process.
Skills
Skills
  1. S0038 – Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
  2. S0372 – Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
Abilities
Abilities
  1. A0009 – Ability to apply supply chain risk management standards.
  2. A0039 – Ability to oversee the development and update of the life cycle cost estimate.
  3. A0045 – Ability to evaluate/ensure the trustworthiness of the supplier and/or product.
  4. A0056 – Ability to ensure security practices are followed throughout the acquisition process.
Tasks
Tasks
  1. T0066 – Develop and maintain strategic plans.
  2. T0072 – Develop methods to monitor and measure risk, compliance, and assurance efforts.
  3. T0174 – Perform needs analysis to determine opportunities for new and improved business process solutions.
  4. T0199 – Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
  5. T0220 – Resolve conflicts in laws, regulations, policies, standards, or procedures.
  6. T0223 – Review or conduct audits of information technology (IT) programs and projects.
  7. T0256 – Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
  8. T0273 – Develop and document supply chain risks for critical system elements, as appropriate.
  9. T0277 – Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
  10. T0302 – Develop contract language to ensure supply chain, system, network, and operational security are met.
  11. T0340 – Act as a primary stakeholder in the underlying information technology (IT) operational processes and functions that support the service, provide direction and monitor all significant activities so the service is delivered successfully.
  12. T0354 – Coordinate and manage the overall service provided to a customer end-to-end.
  13. T0377 – Gather feedback on customer satisfaction and internal service performance to foster continual improvement.
  14. T0379 – Manage the internal relationship with information technology (IT) process owners supporting the service, assisting with the definition and agreement of Operating Level Agreements (OLAs).
  15. T0407 – Participate in the acquisition process as necessary.
  16. T0412 – Conduct import/export reviews for acquiring systems and software.
  17. T0414 – Develop supply chain, system, network, performance, and cybersecurity requirements.
  18. T0415 – Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.
  19. T0481 – Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training).
  20. T0493 – Lead and oversee budget, staffing, and contracting.
  21. T0551 – Draft and publish supply chain security and risk management documents.
NICE Framework Work Role Name:
IT Project Manager
NICE Framework Work Role ID:
OV-PMA-002
NICE Framework Category:
Oversee & Govern (OV)
NICE Framework Work Role Description:

Directly manages information technology projects.

School of Cybersecurity Training
School of Cybersecurity Training
  1. Cybersecurity Operations and Planning (AN165)
  2. Cybersecurity Operations and Planning – SP (AN165-SP)
  3. Information Systems Owners (SP063-WBT)
  4. IT Project Manager (OV206-RBT)
CCE<sup><small>®</sup></small> Program
CCE® Program
  1. Certified Expert Acquisition Professional (CEAP)®
Knowledge, Skills, Abilities and Tasks
Knowledge, Skills, Abilities and Tasks
Knowledge
Knowledge
  1. K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
  2. K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  3. K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  4. K0004 – Knowledge of cybersecurity and privacy principles.
  5. K0005 – Knowledge of cyber threats and vulnerabilities.
  6. K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
  7. K0012 – Draft and publish supply chain security and risk management documents.
  8. K0043 – Knowledge of industry-standard and organizationally accepted analysis principles and methods.
  9. K0047 – Knowledge of information technology (IT) architectural concepts and frameworks.
  10. K0048 – Knowledge of Risk Management Framework (RMF) requirements.
  11. K0059 – Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
  12. K0072 – Knowledge of resource management principles and techniques.
  13. K0090 – Knowledge of system life cycle management principles, including software security and usability.
  14. K0101 – Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
  15. K0120 – Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
  16. K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  17. K0146 – Knowledge of the organization’s core business/mission processes.
  18. K0148 – Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
  19. K0154 – Knowledge of supply chain risk management standards, processes, and practices.
  20. K0164 – Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes) 
  21. K0165 – Knowledge of risk/threat assessment.
  22. K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  23. K0194 – Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
  24. K0196 – Knowledge of Import/Export Regulations related to cryptography and other security technologies.
  25. K0198 – Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
  26. K0200 – Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  27. K0235 – Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
  28. K0257 – Knowledge of information technology (IT) acquisition/procurement requirements.
  29. K0270 – Knowledge of the acquisition/procurement life cycle process.
Skills
Skills
  1. S0038 – Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
  2. S0372 – Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
Abilities
Abilities
  1. A0009 – Ability to apply supply chain risk management standards.
  2. A0039 – Ability to oversee the development and update of the life cycle cost estimate.
  3. A0045 – Ability to evaluate/ensure the trustworthiness of the supplier and/or product.
  4. A0056 – Ability to ensure security practices are followed throughout the acquisition process.
Tasks
Tasks
  1. T0072 – Develop methods to monitor and measure risk, compliance, and assurance efforts.
  2. T0174 – Perform needs analysis to determine opportunities for new and improved business process solutions.
  3. T0196 – Provide advice on project costs, design concepts, or design changes.
  4. T0199 – Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.
  5. T0207 – Provide ongoing optimization and problem-solving support.
  6. T0208 – Provide recommendations for possible improvements and upgrades.
  7. T0220 – Resolve conflicts in laws, regulations, policies, standards, or procedures.
  8. T0223 – Review or conduct audits of information technology (IT) programs and projects.
  9. T0256 – Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
  10. T0273 – Develop and document supply chain risks for critical system elements, as appropriate.
  11. T0277 – Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
  12. T0340 – Act as a primary stakeholder in the underlying information technology (IT) operational processes and functions that support the service, provide direction and monitor all significant activities so the service is delivered successfully.
  13. T0354 – Coordinate and manage the overall service provided to a customer end-to-end.
  14. T0370 – Ensure that appropriate Service-Level Agreements (SLAs) and underpinning contracts have been defined that clearly set out for the customer a description of the service and the measures for monitoring the service.
  15. T0377 – Gather feedback on customer satisfaction and internal service performance to foster continual improvement.
  16. T0379 – Manage the internal relationship with information technology (IT) process owners supporting the service, assisting with the definition and agreement of Operating Level Agreements (OLAs).
  17. T0389 – Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
  18. T0394 – Work with other service managers and product owners to balance and prioritize services to meet overall customer requirements, constraints, and objectives.
  19. T0407– Participate in the acquisition process as necessary.
  20. T0412 – Conduct import/export reviews for acquiring systems and software.
  21. T0414 – Develop supply chain, system, network, performance, and cybersecurity requirements.
  22. T0415 – Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.
  23. T0481 – Identify and address cyber workforce planning and management issues (e.g. recruitment, retention, and training).
  24. T0493 – Lead and oversee budget, staffing, and contracting.
  25. T0551 – Draft and publish supply chain security and risk management documents.
NICE Framework Work Role Name:
Product Support Manager
NICE Framework Work Role ID:
OV-PMA-003
NICE Framework Category:
Oversee & Govern (OV)
NICE Framework Work Role Description:

Manages the package of support functions required to field and maintain the readiness and operational capability of systems and components.

School of Cybersecurity Training
School of Cybersecurity Training
  1. Product Support Manager (OV207-RBT)
CCE<sup><small>®</sup></small> Program
CCE® Program
  1. Certified Expert Program Manager (CEPM)®
Knowledge, Skills, Abilities and Tasks
Knowledge, Skills, Abilities and Tasks
Knowledge
Knowledge
  1. K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
  2. K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  3. K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  4. K0004 – Knowledge of cybersecurity and privacy principles.
  5. K0005 – Knowledge of cyber threats and vulnerabilities.
  6. K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
  7. K0043 – Knowledge of industry-standard and organizationally accepted analysis principles and methods.
  8. K0048 – Knowledge of Risk Management Framework (RMF) requirements.
  9. K0059 – Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
  10. K0072 – Knowledge of resource management principles and techniques.
  11. K0090 – Knowledge of system life cycle management principles, including software security and usability.
  12. K0120 – Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
  13. K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  14. K0148 – Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
  15. K0150 – Knowledge of enterprise incident response program, roles, and responsibilities.
  16. K0154 – Knowledge of supply chain risk management standards, processes, and practices.
  17. K0164 – Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).
  18. K0165 – Knowledge of risk/threat assessment.
  19. K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  20. K0194 – Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.
  21. K0196 – Knowledge of Import/Export Regulations related to cryptography and other security technologies.
  22. K0198 – Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
  23. K0200 – Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  24. K0235 – Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
  25. K0249 – Knowledge of sustainment technologies, processes and strategies.
  26. K0257 – Knowledge of information technology (IT) acquisition/procurement requirements.
  27. K0270 – Knowledge of the acquisition/procurement life cycle process.
Skills
Skills
  1. S0038 – Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
  2. S0372 – Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
Abilities
Abilities
  1. A0009 – Ability to apply supply chain risk management standards.
  2. A0039 – Ability to oversee the development and update of the life cycle cost estimate.
  3. A0045 – Ability to evaluate/ensure the trustworthiness of the supplier and/or product.
  4. A0056 – Ability to ensure security practices are followed throughout the acquisition process.
Tasks
Tasks
  1. T0072 – Develop methods to monitor and measure risk, compliance, and assurance efforts.
  2. T0174 – Perform needs analysis to determine opportunities for new and improved business process solutions.
  3. T0196 – Provide advice on project costs, design concepts, or design changes.
  4. T0204 – Provide input to implementation plans and standard operating procedures.
  5. T0207 – Provide ongoing optimization and problem-solving support.
  6. T0208 – Provide recommendations for possible improvements and upgrades.
  7. T0220 – Resolve conflicts in laws, regulations, policies, standards, or procedures.
  8. T0223 – Review or conduct audits of information technology (IT) programs and projects.
  9. T0256 – Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
  10. T0273 – Develop and document supply chain risks for critical system elements, as appropriate.
  11. T0277 – Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
  12. T0302 – Develop contract language to ensure supply chain, system, network, and operational security are met.
  13. T0340 – Act as a primary stakeholder in the underlying information technology (IT) operational processes and functions that support the service, provide direction and monitor all significant activities so the service is delivered successfully.
  14. T0354 – Coordinate and manage the overall service provided to a customer end-to-end.
  15. T0370 – Ensure that appropriate Service-Level Agreements (SLAs) and underpinning contracts have been defined that clearly set out for the customer a description of the service and the measures for monitoring the service.
  16. T0377 – Gather feedback on customer satisfaction and internal service performance to foster continual improvement.
  17. T0389 – Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
  18. T0394 – Work with other service managers and product owners to balance and prioritize services to meet overall customer requirements, constraints, and objectives.
  19. T0412 – Conduct import/export reviews for acquiring systems and software.
  20. T0414 – Develop supply chain, system, network, performance, and cybersecurity requirements.
  21. T0493 – Lead and oversee budget, staffing, and contracting.
  22. T0525 – Provide enterprise cybersecurity and supply chain risk management guidance.
  23. T0551 – Draft and publish supply chain security and risk management documents.
  24. T0553 – Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities.
NICE Framework Work Role Name:
IT Investment/Portfolio Manager
NICE Framework Work Role ID:
OV-PMA-004
NICE Framework Category:
Oversee & Govern (OV)
NICE Framework Work Role Description:

Manages a portfolio of IT investments that align with the overall needs of mission and enterprise priorities.

School of Cybersecurity Training
School of Cybersecurity Training
  1. IT Investment/Portfolio Manager (OV305-RBT)
CCE<sup><small>®</sup></small> Program
CCE® Program
  1. Certified Expert Acquisition Professional (CEAP)®
Knowledge, Skills, Abilities and Tasks
Knowledge, Skills, Abilities and Tasks
Knowledge
Knowledge
  1. K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
  2. K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  3. K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  4. K0004 – Knowledge of cybersecurity and privacy principles.
  5. K0005 – Knowledge of cyber threats and vulnerabilities.
  6. K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
  7. K0048 – Knowledge of Risk Management Framework (RMF) requirements.
  8. K0072 – Knowledge of resource management principles and techniques.
  9. K0120 – Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
  10. K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  11. K0146 – Knowledge of the organization’s core business/mission processes.
  12. K0154 – Knowledge of supply chain risk management standards, processes, and practices.
  13. K0165 – Knowledge of risk/threat assessment.
  14. K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  15. K0235 – Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
  16. K0257 – Knowledge of information technology (IT) acquisition/procurement requirements.
  17. K0270 – Knowledge of the acquisition/procurement life cycle process.
Skills
Skills
  1. S0372 – Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
Abilities
Abilities
  1. A0039 – Ability to oversee the development and update of the life cycle cost estimate.
Tasks
Tasks
  1. T0220 – Resolve conflicts in laws, regulations, policies, standards, or procedures.
  2. T0223 – Review or conduct audits of information technology (IT) programs and projects.
  3. T0277 – Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.
  4. T0302 – Develop contract language to ensure supply chain, system, network, and operational security are met.
  5. T0377 – Gather feedback on customer satisfaction and internal service performance to foster continual improvement.
  6. T0415 – Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.
  7. T0493 – Lead and oversee budget, staffing, and contracting.
  8. T0551 – Draft and publish supply chain security and risk management documents.
NICE Framework Work Role Name:
IT Program Auditor
NICE Framework Work Role ID:
OV-PMA-005
NICE Framework Category:
Oversee & Govern (OV)
NICE Framework Work Role Description:

Conducts evaluations of an IT program or its individual components to determine compliance with published standards.

School of Cybersecurity Training
School of Cybersecurity Training
  1. Information Security and Information Technology Auditing (OV131)
  2. IT Program Auditor (OV208-RBT)
CCE<sup><small>®</sup></small> Program
CCE® Program
  1. Certified Expert RMF Professional (CERP)®
Knowledge, Skills, Abilities and Tasks
Knowledge, Skills, Abilities and Tasks
Knowledge
Knowledge
  1. K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
  2. K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  3. K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  4. K0004 – Knowledge of cybersecurity and privacy principles.
  5. K0005 – Knowledge of cyber threats and vulnerabilities.
  6. K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
  7. K0043 – Knowledge of industry-standard and organizationally accepted analysis principles and methods.
  8. K0047 – Knowledge of information technology (IT) architectural concepts and frameworks.
  9. K0048 – Knowledge of Risk Management Framework (RMF) requirements.
  10. K0072 – Knowledge of resource management principles and techniques.
  11. K0090 – Knowledge of system life cycle management principles, including software security and usability.
  12. K0120 – Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise.
  13. K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  14. K0148 – Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.
  15. K0154 – Knowledge of supply chain risk management standards, processes, and practices.
  16. K0165 – Knowledge of risk/threat assessment.
  17. K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  18. K0198 – Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
  19. K0200 – Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  20. K0235 – Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems.
  21. K0257 – Knowledge of information technology (IT) acquisition/procurement requirements.
  22. K0270 – Knowledge of the acquisition/procurement life cycle process.
Skills
Skills
  1. S0038 – Skill in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
  2. S0085 – Skill in conducting audits or reviews of technical systems.
  3. S0372 – Skill to translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
Abilities
Abilities
  1. A0056 – Ability to ensure security practices are followed throughout the acquisition process.
Tasks
Tasks
  1. T0072 – Develop methods to monitor and measure risk, compliance, and assurance efforts.
  2. T0207 – Provide ongoing optimization and problem-solving support.
  3. T0208 – Provide recommendations for possible improvements and upgrades.
  4. T0223 – Review or conduct audits of information technology (IT) programs and projects.
  5. T0256 – Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.
  6. T0389 – Review service performance reports identifying any significant issues and variances, initiating, where necessary, corrective actions and ensuring that all outstanding issues are followed up.
  7. T0412 – Conduct import/export reviews for acquiring systems and software.
  8. T0415 – Ensure that supply chain, system, network, performance, and cybersecurity requirements are included in contract language and delivered.
Executive Cyber Leadership (EXL)
Legal Advice and Advocacy (LGA)

Learn About Our Certifications

Menu