The US Cybersecurity and Infrastructure Security Agency (CISA) has officially released Version 2.0.0 of the NICE Workforce Framework for Cybersecurity, marking a significant update to this nationally focused resource. 

Released on March 5, 2025, this major update introduces substantial changes aimed at enhancing the framework’s utility across public, private, and academic sectors.

The NICE (National Initiative for Cybersecurity Education) Framework serves as the foundation for developing the cybersecurity workforce by establishing a standardized approach and common language for describing cybersecurity work and learner capabilities. 

It enables improved communication among stakeholders throughout the cybersecurity ecosystem regarding identification, recruitment, development, and retention of talent.

Key Changes in Version 2.0.0

The most notable change in this release is the removal of two Work Role Categories: Cyberspace Effects and Cyberspace Intelligence, along with their corresponding 12 Work Roles. 

These categories, which primarily relate to military operations (Title 10) and intelligence operations (Title 50), will continue to be maintained separately in the Department of Defense (DoD) Cyber Workforce Framework (DCWF).

Application Security is no longer just a defensive play, Time to Secure -> Free Webinar

The update also introduces one new Work Role: Operational Technology (OT) Cybersecurity Engineering (DD-WRL-009). 

This addition reflects a growing industry focus on securing industrial control systems and operational technology environments. 

According to the framework, this role is “responsible for working within the engineering department to design and create systems, processes, and procedures that maintain the safety, reliability, controllability, and security of industrial systems”.

Additionally, two existing Work Roles have been updated: Digital Evidence Analysis (IN-WRL-002) and Insider Threat Analysis (PD-WRL-005). 

Both roles now feature improved Task, Knowledge, and Skill statements with enhanced alignment between them.

The Cyber Resiliency (NF-COM-007) Competency Area has also been updated, now incorporating 56 Knowledge statements and 67 Skill statements, of which 22 are new to the NICE Framework.

Administrative Updates and Impact

The release includes numerous administrative updates, including fixed typos and spelling errors across 14 statements, grammar corrections, and the removal of duplicate statements.

Overall, 111 new statements were added while 275 were removed, bringing the total TKS statements from 2,275 in v1.0.0 to 2,111 in v2.0.0.

The National Initiative for Cybersecurity Careers and Studies (NICCS) is currently updating tools and information across their website to reflect these changes. 

However, users should note that the interactive version, Mapping Tool, Education & Training Catalog, and Career Pathways tools are still using data from version 1.0.0 while awaiting updates.

This update is considered a Major Update that “breaks backward compatibility with the previous revision of the specification in numerous significant ways”. 

Organizations and tools utilizing the NICE Framework components could be significantly impacted by the removal of the two Work Role Categories and their corresponding contents.

Training providers with cybersecurity-related courses in the NICCS Education & Training Catalog should contact [email protected] for information about remapping courses to the updated data.

The NICE Program Office encourages users to reference the most recent published version of the components, though users may choose to continue using older versions with the understanding that outdated versions may not be supported.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free

The post CISA Releases NICE Workforce Framework Version 2.0.0 Released – What’s New appeared first on Cyber Security News.

​The original article found on Cyber Security News Read More