|
K0001
|
Knowledge of computer networking concepts and protocols, and network security methodologies. |
52 |
|
K0002
|
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
52 |
|
K0003
|
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. |
52 |
|
K0004
|
Knowledge of cybersecurity and privacy principles. |
52 |
|
K0005
|
Knowledge of cyber threats and vulnerabilities. |
52 |
|
K0006
|
Knowledge of specific operational impacts of cybersecurity lapses. |
52 |
|
K0007
|
Knowledge of authentication, authorization, and access control methods. |
4 |
|
K0008
|
Knowledge of applicable business processes and operations of customer organizations. |
5 |
|
K0009
|
Knowledge of application vulnerabilities. |
6 |
|
K0010
|
Knowledge of communication methods, principles, and concepts that support the network infrastructure. |
3 |
|
K0011
|
Knowledge of capabilities and applications of network equipment including routers, switches, bridges, servers, transmission media, and related hardware. |
3 |
|
K0012
|
Knowledge of capabilities and requirements analysis. |
3 |
|
K0013
|
Knowledge of cyber defense and vulnerability assessment tools and their capabilities. |
5 |
|
K0014
|
Knowledge of complex data structures. |
2 |
|
K0015
|
Knowledge of computer algorithms. |
6 |
|
K0016
|
Knowledge of computer programming principles |
3 |
|
K0017
|
Knowledge of concepts and practices of processing digital forensic data. |
2 |
|
K0018
|
Knowledge of encryption algorithms |
11 |
|
K0019
|
Knowledge of cryptography and cryptographic key management concepts |
8 |
|
K0020
|
Knowledge of data administration and data standardization policies. |
2 |
|
K0021
|
Knowledge of data backup and recovery. |
9 |
|
K0022
|
Knowledge of data mining and data warehousing principles. |
2 |
|
K0023
|
Knowledge of database management systems, query languages, table relationships, and views. |
2 |
|
K0024
|
Knowledge of database systems. |
7 |
|
K0025
|
Knowledge of digital rights management. |
2 |
|
K0026
|
Knowledge of business continuity and disaster recovery continuity of operations plans. |
5 |
|
K0027
|
Knowledge of organization's enterprise information security architecture. |
9 |
|
K0028
|
Knowledge of organization's evaluation and validation requirements. |
8 |
|
K0029
|
Knowledge of organization's Local and Wide Area Network connections. |
2 |
|
K0030
|
Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware). |
4 |
|
K0031
|
Knowledge of enterprise messaging systems and associated software. |
2 |
|
K0032
|
Knowledge of resiliency and redundancy. |
3 |
|
K0033
|
Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). |
5 |
|
K0034
|
Knowledge of network services and protocols interactions that provide network communications. |
1 |
|
K0035
|
Knowledge of installation, integration, and optimization of system components. |
6 |
|
K0036
|
Knowledge of human-computer interaction principles. |
12 |
|
K0037
|
Knowledge of Security Assessment and Authorization process. |
5 |
|
K0038
|
Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data. |
6 |
|
K0039
|
Knowledge of cybersecurity and privacy principles and methods that apply to software development. |
2 |
|
K0040
|
Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). |
5 |
|
K0041
|
Knowledge of incident categories, incident responses, and timelines for responses. |
1 |
|
K0042
|
Knowledge of incident response and handling methodologies. |
7 |
|
K0043
|
Knowledge of industry-standard and organizationally accepted analysis principles and methods. |
7 |
|
K0044
|
Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |
14 |
|
K0045
|
Knowledge of information security systems engineering principles (NIST SP 800-160). |
3 |
|
K0046
|
Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions. |
4 |
|
K0047
|
Knowledge of information technology (IT) architectural concepts and frameworks. |
4 |
|
K0048
|
Knowledge of Risk Management Framework (RMF) requirements. |
8 |
|
K0049
|
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). |
8 |
|
K0050
|
Knowledge of local area and wide area networking principles and concepts including bandwidth management. |
6 |
|
K0051
|
Knowledge of low-level computer languages (e.g., assembly languages). |
4 |
|
K0052
|
Knowledge of mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis). |
6 |
|
K0053
|
Knowledge of measures or indicators of system performance and availability. |
4 |
|
K0054
|
Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities. |
3 |
|
K0055
|
Knowledge of microprocessors. |
4 |
|
K0056
|
Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). |
11 |
|
K0057
|
Knowledge of network hardware devices and functions. |
2 |
|
K0058
|
Knowledge of network traffic analysis methods. |
10 |
|
K0059
|
Knowledge of new and emerging information technology (IT) and cybersecurity technologies. |
12 |
|
K0060
|
Knowledge of operating systems. |
13 |
|
K0061
|
Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). |
11 |
|
K0062
|
Knowledge of packet-level analysis. |
2 |
|
K0063
|
Knowledge of parallel and distributed computing concepts. |
6 |
|
K0064
|
Knowledge of performance tuning tools and techniques. |
1 |
|
K0065
|
Knowledge of policy-based and risk adaptive access controls. |
5 |
|
K0066
|
Knowledge of Privacy Impact Assessments. |
6 |
|
K0067
|
Knowledge of process engineering concepts. |
3 |
|
K0068
|
Knowledge of programming language structures and logic. |
4 |
|
K0069
|
Knowledge of query languages such as SQL (structured query language). |
2 |
|
K0070
|
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
13 |
|
K0071
|
Knowledge of remote access technology concepts. |
2 |
|
K0072
|
Knowledge of resource management principles and techniques. |
7 |
|
K0073
|
Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org). |
5 |
|
K0074
|
Knowledge of key concepts in security management (e.g., Release Management, Patch Management). |
4 |
|
K0075
|
Knowledge of security system design tools, methods, and techniques. |
3 |
|
K0076
|
Knowledge of server administration and systems engineering theories, concepts, and methods. |
2 |
|
K0077
|
Knowledge of server and client operating systems. |
4 |
|
K0078
|
Knowledge of server diagnostic tools and fault identification techniques. |
2 |
|
K0079
|
Knowledge of software debugging principles. |
2 |
|
K0080
|
Knowledge of software design tools, methods, and techniques. |
2 |
|
K0081
|
Knowledge of software development models (e.g., Waterfall Model, Spiral Model). |
4 |
|
K0082
|
Knowledge of software engineering. |
7 |
|
K0083
|
Knowledge of sources, characteristics, and uses of the organization’s data assets. |
2 |
|
K0084
|
Knowledge of structured analysis principles and methods. |
6 |
|
K0085
|
WITHDRAWN: Knowledge of system and application security threats and vulnerabilities. (See K0070) |
0 |
|
K0086
|
Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools. |
5 |
|
K0087
|
Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design. |
4 |
|
K0088
|
Knowledge of systems administration concepts. |
3 |
|
K0089
|
Knowledge of systems diagnostic tools and fault identification techniques. |
3 |
|
K0090
|
Knowledge of system life cycle management principles, including software security and usability. |
10 |
|
K0091
|
Knowledge of systems testing and evaluation methods. |
6 |
|
K0092
|
Knowledge of technology integration processes. |
2 |
|
K0093
|
Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing). |
8 |
|
K0094
|
Knowledge of the capabilities and functionality associated with content creation technologies (e.g., wikis, social networking, content management systems, blogs). |
1 |
|
K0095
|
Knowledge of the capabilities and functionality associated with various technologies for organizing and managing information (e.g., databases, bookmarking engines). |
2 |
|
K0096
|
Knowledge of the capabilities and functionality of various collaborative technologies (e.g., groupware, SharePoint). |
1 |
|
K0097
|
Knowledge of the characteristics of physical and virtual data storage media. |
1 |
|
K0098
|
Knowledge of the cyber defense Service Provider reporting structure and processes within one’s own organization. |
2 |
|
K0099
|
WITHDRAWN: Knowledge of the common networking protocols (e.g., TCP/IP), services (e.g., web, mail, Domain Name Server), and how they interact to provide network communications. |
0 |
|
K0100
|
Knowledge of the enterprise information technology (IT) architecture. |
2 |
|
K0101
|
Knowledge of the organization’s enterprise information technology (IT) goals and objectives. |
8 |
|
K0102
|
Knowledge of the systems engineering process. |
7 |
|
K0103
|
Knowledge of the type and frequency of routine hardware maintenance. |
1 |
|
K0104
|
Knowledge of Virtual Private Network (VPN) security. |
4 |
|
K0105
|
Knowledge of web services (e.g., service-oriented architecture, Simple Object Access Protocol, and web service description language). |
2 |
|
K0106
|
Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities. |
6 |
|
K0107
|
Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations. |
4 |
|
K0108
|
Knowledge of concepts, terminology, and operations of a wide range of communications media (computer and telephone networks, satellite, fiber, wireless). |
11 |
|
K0163
|
Knowledge of critical information technology (IT) procurement requirements. |
3 |
|
K0109
|
Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). |
15 |
|
K0110
|
Knowledge of adversarial tactics, techniques, and procedures. |
2 |
|
K0111
|
Knowledge of network tools (e.g., ping, traceroute, nslookup) |
2 |
|
K0112
|
Knowledge of defense-in-depth principles and network security architecture. |
1 |
|
K0113
|
Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN). |
2 |
|
K0114
|
Knowledge of electronic devices (e.g., computer systems/components, access control devices, digital cameras, digital scanners, electronic organizers, hard drives, memory cards, modems, network components, networked appliances, networked home control devices, printers, removable storage devices, telephones, copiers, facsimile machines, etc.). |
2 |
|
K0115
|
Knowledge that technology that can be exploited. |
1 |
|
K0116
|
Knowledge of file extensions (e.g., .dll, .bat, .zip, .pcap, .gzip). |
2 |
|
K0117
|
Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]). |
3 |
|
K0118
|
Knowledge of processes for seizing and preserving digital evidence. |
3 |
|
K0119
|
Knowledge of hacking methodologies. |
2 |
|
K0120
|
Knowledge of how information needs and collection requirements are translated, tracked, and prioritized across the extended enterprise. |
6 |
|
K0121
|
Knowledge of information security program management and project management principles and techniques. |
2 |
|
K0122
|
Knowledge of investigative implications of hardware, Operating Systems, and network technologies. |
2 |
|
K0123
|
Knowledge of legal governance related to admissibility (e.g. Rules of Evidence). |
3 |
|
K0124
|
Knowledge of multiple cognitive domains and tools and methods applicable for learning in each domain. |
2 |
|
K0125
|
Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody. |
3 |
|
K0126
|
Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161) |
14 |
|
K0127
|
Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure). |
2 |
|
K0128
|
Knowledge of types and collection of persistent data. |
3 |
|
K0129
|
Knowledge of command-line tools (e.g., mkdir, mv, ls, passwd, grep). |
1 |
|
K0130
|
Knowledge of virtualization technologies and virtual machine development and maintenance. |
2 |
|
K0131
|
Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies. |
3 |
|
K0132
|
Knowledge of which system files (e.g., log files, registry files, configuration files) contain relevant information and where to find those system files. |
2 |
|
K0133
|
Knowledge of types of digital forensics data and how to recognize them. |
2 |
|
K0134
|
Knowledge of deployable forensics. |
2 |
|
K0135
|
Knowledge of web filtering technologies. |
2 |
|
K0136
|
Knowledge of the capabilities of different electronic communication systems and methods (e.g., e-mail, VOIP, IM, web forums, Direct Video Broadcasts). |
1 |
|
K0137
|
Knowledge of the range of existing networks (e.g., PBX, LANs, WANs, WIFI, SCADA). |
1 |
|
K0138
|
Knowledge of Wi-Fi. |
1 |
|
K0139
|
Knowledge of interpreted and compiled computer languages. |
8 |
|
K0140
|
Knowledge of secure coding techniques. |
3 |
|
K0141
|
WITHDRAWN: Integrated into K0420 |
0 |
|
K0142
|
Knowledge of collection management processes, capabilities, and limitations. |
4 |
|
K0143
|
Knowledge of front-end collection systems, including traffic collection, filtering, and selection. |
3 |
|
K0144
|
Knowledge of social dynamics of computer attackers in a global context. |
1 |
|
K0145
|
Knowledge of security event correlation tools. |
2 |
|
K0146
|
Knowledge of the organization's core business/mission processes. |
10 |
|
K0147
|
Knowledge of emerging security issues, risks, and vulnerabilities. |
4 |
|
K0148
|
Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk. |
4 |
|
K0149
|
Knowledge of organization's risk tolerance and/or risk management approach. |
1 |
|
K0150
|
Knowledge of enterprise incident response program, roles, and responsibilities. |
2 |
|
K0151
|
Knowledge of current and emerging threats/threat vectors. |
1 |
|
K0152
|
Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization). |
2 |
|
K0153
|
Knowledge of software quality assurance process. |
2 |
|
K0154
|
Knowledge of supply chain risk management standards, processes, and practices. |
7 |
|
K0155
|
Knowledge of electronic evidence law. |
3 |
|
K0156
|
Knowledge of legal rules of evidence and court procedure. |
3 |
|
K0157
|
Knowledge of cyber defense and information security policies, procedures, and regulations. |
4 |
|
K0158
|
Knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control). |
1 |
|
K0159
|
Knowledge of Voice over IP (VoIP). |
1 |
|
K0160
|
Knowledge of the common attack vectors on the network layer. |
2 |
|
K0161
|
Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). |
3 |
|
K0162
|
Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). |
3 |
|
K0164
|
Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes). |
4 |
|
K0165
|
Knowledge of risk/threat assessment. |
5 |
|
K0166
|
WITHDRAWN: Knowledge of the nature and function of the relevant information structure. (See K0127) |
0 |
|
K0167
|
Knowledge of system administration, network, and operating system hardening techniques. |
7 |
|
K0168
|
Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures. |
11 |
|
K0169
|
Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures. |
14 |
|
K0170
|
Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations. |
12 |
|
K0171
|
Knowledge of hardware reverse engineering techniques. |
1 |
|
K0172
|
Knowledge of middleware (e.g., enterprise service bus and message queuing). |
1 |
|
K0173
|
WITHDRAWN: Integrated into K0499 (prior to draft SP 800-181) |
0 |
|
K0174
|
Knowledge of networking protocols. |
1 |
|
K0175
|
Knowledge of software reverse engineering techniques. |
1 |
|
K0176
|
Knowledge of Extensible Markup Language (XML) schemas. |
1 |
|
K0177
|
Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). |
12 |
|
K0178
|
Knowledge of secure software deployment methodologies, tools, and practices. |
1 |
|
K0179
|
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
19 |
|
K0180
|
Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. |
9 |
|
K0181
|
WITHDRAWN: Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification [RFID], Infrared Networking [IR], Wireless Fidelity [Wi-Fi]. paging, cellular, satellite dishes), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly. (See K0274) |
0 |
|
K0182
|
Knowledge of data carving tools and techniques (e.g., Foremost). |
2 |
|
K0183
|
Knowledge of reverse engineering concepts. |
2 |
|
K0184
|
Knowledge of anti-forensics tactics, techniques, and procedures. |
2 |
|
K0185
|
Knowledge of forensics lab design configuration and support applications (e.g., VMWare, Wireshark). |
2 |
|
K0186
|
Knowledge of debugging procedures and tools. |
2 |
|
K0187
|
Knowledge of file type abuse by adversaries for anomalous behavior. |
2 |
|
K0188
|
Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro). |
2 |
|
K0189
|
Knowledge of malware with virtual machine detection (e.g. virtual aware malware, debugger aware malware, and unpacked malware that looks for VM-related strings in your computer’s display device). |
2 |
|
K0190
|
Knowledge of encryption methodologies. |
1 |
|
K0191
|
Knowledge of signature implementation impact for viruses, malware, and attacks. |
1 |
|
K0192
|
Knowledge of Windows/Unix ports and services. |
1 |
|
K0193
|
Knowledge of advanced data remediation security features in databases. |
1 |
|
K0194
|
Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration. |
5 |
|
K0195
|
Knowledge of data classification standards and methodologies based on sensitivity and other risk factors. |
1 |
|
K0196
|
Knowledge of Import/Export Regulations related to cryptography and other security technologies. |
3 |
|
K0197
|
Knowledge of database access application programming interfaces (e.g., Java Database Connectivity [JDBC]). |
2 |
|
K0198
|
Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions). |
6 |
|
K0199
|
Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]). |
6 |
|
K0200
|
Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). |
11 |
|
K0201
|
Knowledge of symmetric key rotation techniques and concepts. |
1 |
|
K0202
|
Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing). |
4 |
|
K0203
|
Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). |
10 |
|
K0204
|
Knowledge of learning assessment techniques (rubrics, evaluation plans, tests, quizzes). |
3 |
|
K0205
|
Knowledge of basic system, network, and OS hardening techniques. |
1 |
|
K0206
|
Knowledge of ethical hacking principles and techniques. |
1 |
|
K0207
|
Knowledge of circuit analysis. |
2 |
|
K0208
|
Knowledge of computer based training and e-learning services. |
2 |
|
K0209
|
Knowledge of covert communication techniques. |
2 |
|
K0210
|
Knowledge of data backup and restoration concepts. |
1 |
|
K0211
|
Knowledge of confidentiality, integrity, and availability requirements. |
2 |
|
K0212
|
Knowledge of cybersecurity-enabled software products. |
4 |
|
K0269
|
Knowledge of mobile communications architecture. |
1 |
|
K0213
|
Knowledge of instructional design and evaluation models (e.g., ADDIE, Smith/Ragan model, Gagne’s Events of Instruction, Kirkpatrick’s model of evaluation). |
2 |
|
K0214
|
Knowledge of the Risk Management Framework Assessment Methodology. |
2 |
|
K0215
|
Knowledge of organizational training policies. |
2 |
|
K0216
|
Knowledge of learning levels (i.e., Bloom’s Taxonomy of learning). |
2 |
|
K0217
|
Knowledge of Learning Management Systems and their use in managing learning. |
2 |
|
K0218
|
Knowledge of learning styles (e.g., assimilator, auditory, kinesthetic). |
1 |
|
K0219
|
WITHDRAWN: Knowledge of local area network (LAN) and wide area network (WAN) principles. (See K0050) |
0 |
|
K0220
|
Knowledge of modes of learning (e.g., rote learning, observation). |
2 |
|
K0221
|
Knowledge of OSI model and underlying network protocols (e.g., TCP/IP). |
3 |
|
K0222
|
Knowledge of relevant laws, legal authorities, restrictions, and regulations pertaining to cyber defense activities. |
1 |
|
K0223
|
WITHDRAWN: Integrated into K0073 |
0 |
|
K0224
|
Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. |
5 |
|
K0225
|
WITHDRAWN: Knowledge of the common networking protocol and services deployed at CC/S/A. (See K0565) |
0 |
|
K0226
|
Knowledge of organizational training systems. |
1 |
|
K0227
|
Knowledge of various types of computer architectures. |
4 |
|
K0228
|
Knowledge of taxonomy and semantic ontology theory. |
1 |
|
K0229
|
Knowledge of applications that can log errors, exceptions, and application faults and logging. |
1 |
|
K0230
|
Knowledge of cloud service models and how those models can limit incident response. |
1 |
|
K0231
|
Knowledge of crisis management protocols, processes, and techniques. |
1 |
|
K0232
|
WITHDRAWN: Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE). |
0 |
|
K0233
|
Knowledge of the National Cybersecurity Workforce Framework, work roles, and associated tasks, knowledge, skills, and abilities. |
1 |
|
K0234
|
Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation). |
2 |
|
K0235
|
Knowledge of how to leverage research and development centers, think tanks, academic research, and industry systems. |
5 |
|
K0236
|
Knowledge of how to utilize Hadoop, Java, Python, SQL, Hive, and Pig to explore data. |
1 |
|
K0237
|
Knowledge of industry best practices for service desk. |
1 |
|
K0238
|
Knowledge of machine learning theory and principles. |
1 |
|
K0239
|
Knowledge of media production, communication, and dissemination techniques and methods, including alternative ways to inform via written, oral, and visual media. |
2 |
|
K0240
|
Knowledge of multi-level security systems and cross domain solutions. |
2 |
|
K0241
|
Knowledge of organizational human resource policies, processes, and procedures. |
1 |
|
K0242
|
Knowledge of organizational security policies. |
1 |
|
K0243
|
Knowledge of organizational training and education policies, processes, and procedures. |
2 |
|
K0244
|
Knowledge of physical and physiological behaviors that may indicate suspicious or abnormal activity. |
1 |
|
K0245
|
Knowledge of principles and processes for conducting training and education needs assessment. |
2 |
|
K0246
|
Knowledge of relevant concepts, procedures, software, equipment, and technology applications. |
2 |
|
K0247
|
Knowledge of remote access processes, tools, and capabilities related to customer support. |
1 |
|
K0248
|
Knowledge of strategic theory and practice. |
1 |
|
K0249
|
Knowledge of sustainment technologies, processes and strategies. |
1 |
|
K0250
|
Knowledge of Test & Evaluation processes for learners. |
3 |
|
K0251
|
Knowledge of the judicial process, including the presentation of facts and evidence. |
1 |
|
K0252
|
Knowledge of training and education principles and methods for curriculum design, teaching and instruction for individuals and groups, and the measurement of training and education effects. |
2 |
|
K0253
|
WITHDRAWN: Integrated into K0227 |
0 |
|
K0254
|
Knowledge of binary analysis. |
1 |
|
K0255
|
Knowledge of network architecture concepts including topology, protocols, and components. |
1 |
|
K0256
|
WITHDRAWN: Integrated into K0224 |
0 |
|
K0257
|
Knowledge of information technology (IT) acquisition/procurement requirements. |
5 |
|
K0258
|
Knowledge of test procedures, principles, and methodologies (e.g., Capabilities and Maturity Model Integration (CMMI)). |
1 |
|
K0259
|
Knowledge of malware analysis concepts and methodologies. |
1 |
|
K0260
|
Knowledge of Personally Identifiable Information (PII) data security standards. |
16 |
|
K0261
|
Knowledge of Payment Card Industry (PCI) data security standards. |
17 |
|
K0262
|
Knowledge of Personal Health Information (PHI) data security standards. |
17 |
|
K0263
|
Knowledge of information technology (IT) risk management policies, requirements, and procedures. |
3 |
|
K0264
|
Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements). |
2 |
|
K0265
|
Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability. |
1 |
|
K0266
|
Knowledge of how to evaluate the trustworthiness of the supplier and/or product. |
1 |
|
K0267
|
Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures. |
8 |
|
K0268
|
Knowledge of forensic footprint identification. |
1 |
|
K0270
|
Knowledge of the acquisition/procurement life cycle process. |
5 |
|
K0271
|
Knowledge of operating system structures and internals (e.g., process management, directory structure, installed applications). |
1 |
|
K0272
|
Knowledge of network analysis tools used to identify software communications vulnerabilities. |
1 |
|
K0273
|
WITHDRAWN: Knowledge of general kill chain (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). |
0 |
|
K0274
|
Knowledge of transmission records (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)), and jamming techniques that enable transmission of undesirable information, or prevent installed systems from operating correctly. |
3 |
|
K0275
|
Knowledge of configuration management techniques. |
3 |
|
K0276
|
Knowledge of security management. |
3 |
|
K0277
|
Knowledge of current and emerging data encryption (e.g., Column and Tablespace Encryption, file and disk encryption) security features in databases (e.g. built-in cryptographic key management features). |
2 |
|
K0278
|
Knowledge of current and emerging data remediation security features in databases. |
1 |
|
K0279
|
WITHDRAWN: Knowledge of database access application programming interfaces (APIs) (e.g., Java Database Connectivity [JDBC]). |
0 |
|
K0280
|
Knowledge of systems engineering theories, concepts, and methods. |
1 |
|
K0281
|
Knowledge of information technology (IT) service catalogues. |
1 |
|
K0282
|
WITHDRAWN: Integrated into K0200 |
0 |
|
K0283
|
Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud). |
1 |
|
K0284
|
Knowledge of developing and applying user credential management system. |
1 |
|
K0285
|
Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption. |
2 |
|
K0286
|
Knowledge of N-tiered typologies (e.g. including server and client operating systems). |
2 |
|
K0287
|
Knowledge of an organization's information classification program and procedures for information compromise. |
18 |
|
K0288
|
Knowledge of industry standard security models. |
1 |
|
K0289
|
Knowledge of system/server diagnostic tools and fault identification techniques. |
1 |
|
K0290
|
Knowledge of systems security testing and evaluation methods. |
2 |
|
K0291
|
Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.) |
2 |
|
K0292
|
Knowledge of the operations and processes for incident, problem, and event management. |
1 |
|
K0293
|
Knowledge of integrating the organization’s goals and objectives into the architecture. |
2 |
|
K0294
|
Knowledge of IT system operation, maintenance, and security needed to keep equipment functioning properly. |
1 |
|
K0295
|
Knowledge of confidentiality, integrity, and availability principles. |
1 |
|
K0296
|
Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware. |
2 |
|
K0297
|
Knowledge of countermeasure design for identified security risks. |
4 |
|
K0298
|
Knowledge of countermeasures for identified security risks. |
0 |
|
K0299
|
Knowledge in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. |
1 |
|
K0300
|
Knowledge of network mapping and recreating network topologies. |
1 |
|
K0301
|
Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). |
3 |
|
K0302
|
Knowledge of the basic operation of computers. |
1 |
|
K0303
|
Knowledge of the use of sub-netting tools. |
1 |
|
K0304
|
Knowledge of concepts and practices of processing digital forensic data. |
1 |
|
K0305
|
Knowledge of data concealment (e.g. encryption algorithms and steganography). |
1 |
|
K0306
|
WITHDRAWN: Knowledge of basic physical computer components and architectures |
0 |
|
K0307
|
WITHDRAWN: Knowledge of common network tools (e.g., ping, traceroute, nslookup). (See K0111) |
0 |
|
K0308
|
Knowledge of cryptology. |
3 |
|
K0309
|
Knowledge of emerging technologies that have potential for exploitation. |
2 |
|
K0310
|
Knowledge of hacking methodologies. |
1 |
|
K0311
|
Knowledge of industry indicators useful for identifying technology trends. |
2 |
|
K0312
|
Knowledge of intelligence gathering principles, policies, and procedures including legal authorities and restrictions. |
1 |
|
K0313
|
Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development). |
3 |
|
K0314
|
Knowledge of industry technologies’ potential cybersecurity vulnerabilities. |
2 |
|
K0315
|
Knowledge of the principal methods, procedures, and techniques of gathering information and producing, reporting, and sharing information. |
1 |
|
K0316
|
Knowledge of business or military operation plans, concept operation plans, orders, policies, and standing rules of engagement. |
1 |
|
K0317
|
Knowledge of procedures used for documenting and querying reported incidents, problems, and events. |
1 |
|
K0318
|
Knowledge of operating system command-line tools. |
2 |
|
K0319
|
Knowledge of technical delivery capabilities and their limitations. |
1 |
|
K0320
|
Knowledge of organization's evaluation and validation criteria. |
1 |
|
K0430
|
Knowledge of evasion strategies and techniques. |
2 |
|
K0321
|
Knowledge of engineering concepts as applied to computer architecture and associated computer hardware/software. |
1 |
|
K0322
|
Knowledge of embedded systems. |
10 |
|
K0323
|
Knowledge of system fault tolerance methodologies. |
2 |
|
K0324
|
Knowledge of Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) tools and applications. |
2 |
|
K0325
|
Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression). |
6 |
|
K0326
|
Knowledge of demilitarized zones. |
2 |
|
K0327
|
WITHDRAWN: Knowledge of local area network (LAN), wide area network (WAN) and enterprise principles and concepts, including bandwidth management. (See K0050) |
0 |
|
K0328
|
WITHDRAWN: Knowledge of mathematics, including logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis. |
0 |
|
K0329
|
WITHDRAWN: Knowledge of statistics. |
0 |
|
K0330
|
Knowledge of successful capabilities to identify the solutions to less common and more complex system problems. |
1 |
|
K0331
|
WITHDRAWN: Knowledge of network protocols (e.g., Transmission Control Protocol (TCP), Internet Protocol (IP), Dynamic Host Configuration Protocol (DHCP)), and directory services (e.g., Domain Name System (DNS)). (See K0332) |
0 |
|
K0332
|
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
14 |
|
K0333
|
Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs. |
6 |
|
K0334
|
Knowledge of network traffic analysis (tools, methodologies, processes). |
1 |
|
K0335
|
Knowledge of current and emerging cyber technologies. |
2 |
|
K0336
|
Knowledge of access authentication methods. |
3 |
|
K0337
|
WITHDRAWN: Integrated into K0007 |
0 |
|
K0338
|
Knowledge of data mining techniques. |
1 |
|
K0339
|
Knowledge of how to use network analysis tools to identify vulnerabilities. |
2 |
|
K0340
|
WITHDRAWN: Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol (TCP), Internet Protocol (IP), Open System Interconnection Model (OSI)). |
0 |
|
K0341
|
Knowledge of foreign disclosure policies and import/export control regulations as related to cybersecurity. |
1 |
|
K0342
|
Knowledge of penetration testing principles, tools, and techniques. |
8 |
|
K0343
|
Knowledge of root cause analysis techniques. |
2 |
|
K0344
|
Knowledge of an organization’s threat environment. |
1 |
|
K0345
|
WITHDRAWN: Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). |
0 |
|
K0346
|
Knowledge of principles and methods for integrating system components. |
1 |
|
K0347
|
Knowledge and understanding of operational design. |
3 |
|
K0348
|
WITHDRAWN: Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless). |
0 |
|
K0349
|
Knowledge of website types, administration, functions, and content management system (CMS). |
8 |
|
K0350
|
Knowledge of accepted organization planning systems. |
3 |
|
K0351
|
Knowledge of applicable statutes, laws, regulations and policies governing cyber targeting and exploitation. |
3 |
|
K0352
|
Knowledge of forms of intelligence support needs, topics, and focus areas. |
2 |
|
K0353
|
Knowledge of possible circumstances that would result in changing collection management authorities. |
2 |
|
K0354
|
Knowledge of relevant reporting and dissemination procedures. |
1 |
|
K0355
|
Knowledge of all-source reporting and dissemination procedures. |
1 |
|
K0356
|
Knowledge of analytic tools and techniques for language, voice and/or graphic material. |
1 |
|
K0357
|
WITHDRAWN: Knowledge of analytical constructs and their use in assessing the operational environment. (See K0224) |
2 |
|
K0358
|
Knowledge of analytical standards and the purpose of intelligence confidence levels. |
1 |
|
K0359
|
Knowledge of approved intelligence dissemination processes. |
1 |
|
K0360
|
WITHDRAWN: Knowledge of assembly code. |
0 |
|
K0361
|
Knowledge of asset availability, capabilities and limitations. |
2 |
|
K0362
|
Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.). |
9 |
|
K0363
|
Knowledge of auditing and logging procedures (including server-based logging). |
1 |
|
K0364
|
Knowledge of available databases and tools necessary to assess appropriate collection tasking. |
2 |
|
K0365
|
WITHDRAWN: Knowledge of basic back-up and recovery procedures including different types of backups (e.g., full, incremental). |
0 |
|
K0366
|
WITHDRAWN: Knowledge of basic computer components and architectures, including the functions of various peripherals. |
0 |
|
K0367
|
Knowledge of penetration testing. |
0 |
|
K0368
|
Knowledge of implants that enable cyber collection and/or preparation activities. |
1 |
|
K0369
|
WITHDRAWN: Knowledge of basic malicious activity concepts (e.g., footprinting, scanning and enumeration). |
0 |
|
K0370
|
WITHDRAWN: Knowledge of basic physical computer components and architecture, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). (See K0109) |
0 |
|
K0371
|
Knowledge of principles of the collection development processes (e.g., Dialed Number Recognition, Social Network Analysis). |
1 |
|
K0372
|
Knowledge of programming concepts (e.g., levels, structures, compiled vs. interpreted languages). |
1 |
|
K0431
|
Knowledge of evolving/emerging communications technologies. |
11 |
|
K0373
|
Knowledge of basic software applications (e.g., data storage and backup, database applications) and the types of vulnerabilities that have been found in those applications. |
1 |
|
K0374
|
WITHDRAWN: Knowledge of basic structure, architecture, and design of modern digital and telephony networks. (See K0599) |
1 |
|
K0375
|
Knowledge of wireless applications vulnerabilities. |
1 |
|
K0376
|
Knowledge of internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc. |
1 |
|
K0377
|
Knowledge of classification and control markings standards, policies and procedures. |
7 |
|
K0378
|
WITHDRAWN: Knowledge of classification and control markings standards. (See K0377) |
0 |
|
K0379
|
Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc. |
7 |
|
K0380
|
Knowledge of collaborative tools and environments. |
2 |
|
K0381
|
Knowledge of collateral damage and estimating impact(s). |
1 |
|
K0382
|
Knowledge of collection capabilities and limitations. |
2 |
|
K0383
|
Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan. |
2 |
|
K0384
|
Knowledge of collection management functionality (e.g., positions, functions, responsibilities, products, reporting requirements). |
1 |
|
K0385
|
WITHDRAWN: Integrated into K0142 |
0 |
|
K0386
|
Knowledge of collection management tools. |
2 |
|
K0387
|
Knowledge of collection planning process and collection plan. |
2 |
|
K0388
|
Knowledge of collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies. |
1 |
|
K0389
|
Knowledge of collection sources including conventional and non-conventional sources. |
1 |
|
K0390
|
Knowledge of collection strategies. |
2 |
|
K0391
|
Knowledge of collection systems, capabilities, and processes. |
1 |
|
K0392
|
Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). |
9 |
|
K0393
|
Knowledge of common networking devices and their configurations. |
1 |
|
K0394
|
Knowledge of common reporting databases and tools. |
1 |
|
K0395
|
Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). |
10 |
|
K0396
|
Knowledge of computer programming concepts, including computer languages, programming, testing, debugging, and file types. |
1 |
|
K0397
|
Knowledge of security concepts in operating systems (e.g., Linux, Unix.) |
1 |
|
K0398
|
Knowledge of concepts related to websites (e.g., web servers/pages, hosting, DNS, registration, web languages such as HTML). |
1 |
|
K0399
|
Knowledge of crisis action planning and time sensitive planning procedures. |
2 |
|
K0400
|
Knowledge of crisis action planning for cyber operations. |
3 |
|
K0401
|
Knowledge of criteria for evaluating collection products. |
2 |
|
K0402
|
Knowledge of criticality and vulnerability factors (e.g., value, recuperation, cushion, countermeasures) for target selection and applicability to the cyber domain. |
1 |
|
K0403
|
Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations. |
5 |
|
K0404
|
Knowledge of current collection requirements. |
2 |
|
K0405
|
Knowledge of current computer-based intrusion sets. |
5 |
|
K0406
|
Knowledge of current software and methodologies for active defense and system hardening. |
1 |
|
K0407
|
Knowledge of customer information needs. |
1 |
|
K0408
|
Knowledge of cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber-attack) principles, capabilities, limitations, and effects. |
3 |
|
K0409
|
Knowledge of cyber intelligence/information collection capabilities and repositories. |
4 |
|
K0410
|
Knowledge of cyber laws and their effect on Cyber planning. |
2 |
|
K0411
|
Knowledge of cyber laws and legal considerations and their effect on cyber planning. |
3 |
|
K0412
|
Knowledge of cyber lexicon/terminology |
2 |
|
K0413
|
Knowledge of cyber operation objectives, policies, and legalities. |
3 |
|
K0414
|
Knowledge of cyber operations support or enabling processes. |
4 |
|
K0415
|
Knowledge of cyber operations terminology/lexicon. |
1 |
|
K0416
|
Knowledge of cyber operations. |
1 |
|
K0417
|
Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). |
10 |
|
K0418
|
Knowledge of data flow process for terminal or environment collection. |
1 |
|
K0419
|
Knowledge of database administration and maintenance. |
2 |
|
K0420
|
Knowledge of database theory. |
4 |
|
K0421
|
Knowledge of databases, portals and associated dissemination vehicles. |
1 |
|
K0422
|
Knowledge of deconfliction processes and procedures. |
3 |
|
K0423
|
Knowledge of deconfliction reporting to include external organization interaction. |
1 |
|
K0424
|
Knowledge of denial and deception techniques. |
1 |
|
K0425
|
Knowledge of different organization objectives at all levels, including subordinate, lateral and higher. |
2 |
|
K0426
|
Knowledge of dynamic and deliberate targeting. |
1 |
|
K0427
|
Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP). |
8 |
|
K0428
|
Knowledge of encryption algorithms and tools for wireless local area networks (WLANs). |
1 |
|
K0429
|
Knowledge of enterprise-wide information management. |
1 |
|
K0432
|
Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization. |
3 |
|
K0433
|
Knowledge of forensic implications of operating system structure and operations. |
1 |
|
K0434
|
WITHDRAWN: Knowledge of front-end collection systems, including traffic collection, filtering, and selection. |
0 |
|
K0435
|
Knowledge of fundamental cyber concepts, principles, limitations, and effects. |
5 |
|
K0436
|
Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber-attack, cyber defense), principles, capabilities, limitations, and effects. |
8 |
|
K0437
|
Knowledge of general Supervisory control and data acquisition (SCADA) system components. |
4 |
|
K0438
|
Knowledge of mobile cellular communications architecture (e.g., LTE, CDMA, GSM/EDGE and UMTS/HSPA). |
1 |
|
K0439
|
Knowledge of governing authorities for targeting. |
2 |
|
K0440
|
Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability. |
8 |
|
K0441
|
WITHDRAWN: Knowledge of how collection requirements and information needs are translated, tracked, and prioritized across the extended enterprise. |
0 |
|
K0442
|
Knowledge of how converged technologies impact cyber operations (e.g., digital, telephony, wireless). |
1 |
|
K0443
|
WITHDRAWN: Knowledge of how hubs, switches, routers work together in the design of a network. (See K0143) |
1 |
|
K0444
|
Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP). |
11 |
|
K0445
|
Knowledge of how modern digital and telephony networks impact cyber operations. |
9 |
|
K0446
|
Knowledge of how modern wireless communications systems impact cyber operations. |
8 |
|
K0447
|
Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http). |
1 |
|
K0448
|
Knowledge of how to establish priorities for resources. |
2 |
|
K0449
|
Knowledge of how to extract, analyze, and use metadata. |
7 |
|
K0450
|
WITHDRAWN: Integrated into K0036 |
0 |
|
K0451
|
Knowledge of identification and reporting processes. |
1 |
|
K0452
|
Knowledge of implementing Unix and Windows systems that provide radius authentication and logging, DNS, mail, web service, FTP server, DHCP, firewall, and SNMP. |
1 |
|
K0453
|
Knowledge of indications and warning. |
2 |
|
K0454
|
Knowledge of information needs. |
2 |
|
K0455
|
Knowledge of information security concepts, facilitating technologies and methods. |
3 |
|
K0456
|
Knowledge of intelligence capabilities and limitations. |
1 |
|
K0457
|
Knowledge of intelligence confidence levels. |
3 |
|
K0458
|
Knowledge of intelligence disciplines. |
3 |
|
K0459
|
Knowledge of intelligence employment requirements (i.e., logistical, communications support, maneuverability, legal restrictions, etc.). |
1 |
|
K0460
|
Knowledge of intelligence preparation of the environment and similar processes. |
5 |
|
K0461
|
Knowledge of intelligence production processes. |
1 |
|
K0462
|
Knowledge of intelligence reporting principles, policies, procedures, and vehicles, including report formats, reportability criteria (requirements and priorities), dissemination practices, and legal authorities and restrictions. |
2 |
|
K0463
|
Knowledge of intelligence requirements tasking systems. |
1 |
|
K0464
|
Knowledge of intelligence support to planning, execution, and assessment. |
6 |
|
K0465
|
Knowledge of internal and external partner cyber operations capabilities and tools. |
6 |
|
K0466
|
Knowledge of internal and external partner intelligence processes and the development of information requirements and essential information. |
1 |
|
K0467
|
Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities). |
2 |
|
K0468
|
Knowledge of internal and external partner reporting. |
1 |
|
K0469
|
Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions. |
3 |
|
K0470
|
Knowledge of Internet and routing protocols. |
1 |
|
K0471
|
Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). |
9 |
|
K0472
|
Knowledge of intrusion detection systems and signature development. |
1 |
|
K0473
|
Knowledge of intrusion sets. |
3 |
|
K0474
|
Knowledge of key cyber threat actors and their equities. |
2 |
|
K0475
|
Knowledge of key factors of the operational environment and threat. |
2 |
|
K0476
|
Knowledge of language processing tools and techniques. |
1 |
|
K0477
|
Knowledge of leadership's Intent and objectives. |
2 |
|
K0478
|
Knowledge of legal considerations in targeting. |
1 |
|
K0479
|
Knowledge of malware analysis and characteristics. |
2 |
|
K0480
|
Knowledge of malware. |
8 |
|
K0481
|
Knowledge of methods and techniques used to detect various exploitation activities. |
1 |
|
K0482
|
Knowledge of methods for ascertaining collection asset posture and availability. |
2 |
|
K0483
|
Knowledge of methods to integrate and summarize information from any potential sources. |
1 |
|
K0484
|
Knowledge of midpoint collection (process, objectives, organization, targets, etc.). |
1 |
|
K0485
|
Knowledge of network administration. |
1 |
|
K0486
|
Knowledge of network construction and topology. |
1 |
|
K0487
|
Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
4 |
|
K0488
|
Knowledge of network security implementations (e.g., host-based IDS, IPS, access control lists), including their function and placement in a network. |
1 |
|
K0489
|
Knowledge of network topology. |
1 |
|
K0490
|
WITHDRAWN: Integrated into K0058 |
0 |
|
K0491
|
Knowledge of networking and Internet communications fundamentals (i.e. devices, device configuration, hardware, software, applications, ports/protocols, addressing, network architecture and infrastructure, routing, operating systems, etc.). |
1 |
|
K0492
|
Knowledge of non-traditional collection methodologies. |
2 |
|
K0493
|
Knowledge of obfuscation techniques (e.g., TOR/Onion/anonymizers, VPN/VPS, encryption). |
1 |
|
K0494
|
Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning. |
2 |
|
K0495
|
Knowledge of ongoing and future operations. |
2 |
|
K0496
|
Knowledge of operational asset constraints. |
2 |
|
K0497
|
Knowledge of operational effectiveness assessment. |
2 |
|
K0498
|
Knowledge of operational planning processes. |
2 |
|
K0499
|
Knowledge of operations security. |
8 |
|
K0500
|
Knowledge of organization and/or partner collection systems, capabilities, and processes (e.g., collection and protocol processors). |
1 |
|
K0501
|
Knowledge of organization cyber operations programs, strategies, and resources. |
3 |
|
K0502
|
Knowledge of organization decision support tools and/or methods. |
2 |
|
K0503
|
Knowledge of organization formats of resource and asset readiness reporting, its operational relevance and intelligence collection impact. |
1 |
|
K0504
|
Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations. |
3 |
|
K0505
|
Knowledge of organization objectives and associated demand on collection management. |
2 |
|
K0506
|
Knowledge of organization objectives, leadership priorities, and decision-making risks. |
3 |
|
K0507
|
Knowledge of organization or partner exploitation of digital networks. |
6 |
|
K0508
|
Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations. |
3 |
|
K0509
|
Knowledge of organizational and partner authorities, responsibilities, and contributions to achieving objectives. |
1 |
|
K0510
|
Knowledge of organizational and partner policies, tools, capabilities, and procedures. |
1 |
|
K0511
|
Knowledge of organizational hierarchy and cyber decision-making processes. |
6 |
|
K0512
|
Knowledge of organizational planning concepts. |
3 |
|
K0513
|
Knowledge of organizational priorities, legal authorities and requirements submission processes. |
2 |
|
K0514
|
Knowledge of organizational structures and associated intelligence capabilities. |
3 |
|
K0515
|
WITHDRAWN: Knowledge of OSI model and underlying networking protocols (e.g., TCP/IP). |
0 |
|
K0516
|
Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. |
10 |
|
K0517
|
Knowledge of post implementation review (PIR) approval process. |
1 |
|
K0518
|
Knowledge of planning activity initiation. |
2 |
|
K0519
|
Knowledge of planning timelines adaptive, crisis action, and time-sensitive planning. |
2 |
|
K0520
|
Knowledge of principles and practices related to target development such as target knowledge, associations, communication systems, and infrastructure. |
2 |
|
K0521
|
Knowledge of priority information, how it is derived, where it is published, how to access, etc. |
2 |
|
K0522
|
Knowledge of production exploitation and dissemination needs and architectures. |
1 |
|
K0523
|
Knowledge of products and nomenclature of major vendors (e.g., security suites - Trend Micro, Symantec, McAfee, Outpost, and Panda) and how those products affect exploitation and reduce vulnerabilities. |
1 |
|
K0524
|
Knowledge of relevant laws, regulations, and policies. |
1 |
|
K0525
|
Knowledge of required intelligence planning products associated with cyber operational planning. |
2 |
|
K0526
|
Knowledge of research strategies and knowledge management. |
2 |
|
K0527
|
Knowledge of risk management and mitigation strategies. |
2 |
|
K0528
|
Knowledge of satellite-based communication systems. |
1 |
|
K0529
|
Knowledge of scripting |
1 |
|
K0530
|
Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation. |
1 |
|
K0531
|
Knowledge of security implications of software configurations. |
1 |
|
K0532
|
Knowledge of specialized target language (e.g., acronyms, jargon, technical terminology, code words). |
1 |
|
K0533
|
Knowledge of specific target identifiers, and their usage. |
2 |
|
K0534
|
Knowledge of staff management, assignment, and allocation processes. |
1 |
|
K0535
|
Knowledge of strategies and tools for target research. |
1 |
|
K0536
|
Knowledge of structure, approach, and strategy of exploitation tools (e.g., sniffers, keyloggers) and techniques (e.g., gaining backdoor access, collecting/exfiltrating data, conducting vulnerability analysis of other systems in the network). |
1 |
|
K0537
|
Knowledge of system administration concepts for the Unix/Linux and Windows operating systems (e.g., process management, directory structure, installed applications, Access Controls). |
0 |
|
K0538
|
Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities |
3 |
|
K0539
|
Knowledge of target communication profiles and their key elements (e.g., target associations, activities, communication infrastructure). |
1 |
|
K0540
|
Knowledge of target communication tools and techniques. |
1 |
|
K0541
|
Knowledge of target cultural references, dialects, expressions, idioms, and abbreviations. |
1 |
|
K0542
|
Knowledge of target development (i.e., concepts, roles, responsibilities, products, etc.). |
2 |
|
K0543
|
Knowledge of target estimated repair and recuperation times. |
1 |
|
K0544
|
Knowledge of target intelligence gathering and operational preparation techniques and life cycles. |
2 |
|
K0545
|
Knowledge of target language(s). |
1 |
|
K0546
|
Knowledge of target list development (i.e. Restricted, Joint, Candidate, etc.). |
1 |
|
K0547
|
Knowledge of target methods and procedures. |
2 |
|
K0548
|
Knowledge of target or threat cyber actors and procedures. |
1 |
|
K0549
|
Knowledge of target vetting and validation procedures. |
3 |
|
K0550
|
Knowledge of target, including related current events, communication profile, actors, and history (language, culture) and/or frame of reference. |
2 |
|
K0551
|
Knowledge of targeting cycles. |
3 |
|
K0552
|
Knowledge of tasking mechanisms. |
2 |
|
K0553
|
Knowledge of tasking processes for organic and subordinate collection assets. |
1 |
|
K0554
|
Knowledge of tasking, collection, processing, exploitation and dissemination. |
2 |
|
K0555
|
Knowledge of TCP/IP networking protocols. |
1 |
|
K0556
|
Knowledge of telecommunications fundamentals. |
6 |
|
K0557
|
Knowledge of terminal or environmental collection (process, objectives, organization, targets, etc.). |
1 |
|
K0558
|
Knowledge of the available tools and applications associated with collection requirements and collection management. |
2 |
|
K0559
|
Knowledge of the basic structure, architecture, and design of converged applications. |
2 |
|
K0560
|
Knowledge of the basic structure, architecture, and design of modern communication networks. |
10 |
|
K0561
|
Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). |
8 |
|
K0562
|
Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes. |
2 |
|
K0563
|
Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities. |
2 |
|
K0564
|
Knowledge of the characteristics of targeted communication networks (e.g., capacity, functionality, paths, critical nodes). |
1 |
|
K0565
|
Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. |
11 |
|
K0566
|
Knowledge of the critical information requirements and how they're used in planning. |
2 |
|
K0567
|
Knowledge of the data flow from collection origin to repositories and tools. |
2 |
|
K0568
|
Knowledge of the definition of collection management and collection management authority. |
1 |
|
K0569
|
Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture. |
2 |
|
K0570
|
Knowledge of the factors of threat that could impact collection operations. |
2 |
|
K0571
|
Knowledge of the feedback cycle in collection processes. |
1 |
|
K0572
|
Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization. |
2 |
|
K0573
|
Knowledge of the fundamentals of digital forensics to extract actionable intelligence. |
1 |
|
K0574
|
Knowledge of the impact of language analysis on on-net operator functions. |
1 |
|
K0575
|
Knowledge of the impacts of internal and external partner staffing estimates. |
1 |
|
K0576
|
Knowledge of the information environment. |
1 |
|
K0577
|
Knowledge of the intelligence frameworks, processes, and related systems. |
2 |
|
K0578
|
Knowledge of the intelligence requirements development and request for information processes. |
1 |
|
K0579
|
Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements. |
3 |
|
K0580
|
Knowledge of the organization’s established format for collection plan. |
2 |
|
K0581
|
Knowledge of the organization’s planning, operations and targeting cycles. |
2 |
|
K0582
|
Knowledge of the organizational planning and staffing process. |
2 |
|
K0583
|
Knowledge of the organizational plans/directives/guidance that describe objectives. |
1 |
|
K0584
|
Knowledge of the organizational policies/procedures for temporary transfer of collection authority. |
2 |
|
K0585
|
Knowledge of the organizational structure as it pertains to full spectrum cyber operations, including the functions, responsibilities, and interrelationships among distinct internal elements. |
3 |
|
K0586
|
Knowledge of the outputs of course of action and exercise analysis. |
2 |
|
K0587
|
Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products. |
2 |
|
K0588
|
Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization. |
2 |
|
K0589
|
Knowledge of the process used to assess the performance and impact of operations. |
2 |
|
K0590
|
Knowledge of the processes to synchronize operational assessment procedures with the critical information requirement process. |
2 |
|
K0591
|
Knowledge of the production responsibilities and organic analysis and production capabilities. |
1 |
|
K0592
|
Knowledge of the purpose and contribution of target templates. |
1 |
|
K0593
|
Knowledge of the range of cyber operations and their underlying intelligence support needs, topics, and focus areas. |
2 |
|
K0594
|
Knowledge of the relationships between end states, objectives, effects, lines of operation, etc. |
2 |
|
K0595
|
Knowledge of the relationships of operational objectives, intelligence requirements, and intelligence production tasks. |
1 |
|
K0596
|
Knowledge of the request for information process. |
3 |
|
K0597
|
Knowledge of the role of network operations in supporting and facilitating other organization operations. |
1 |
|
K0598
|
Knowledge of the structure and intent of organization specific plans, guidance and authorizations. |
6 |
|
K0599
|
Knowledge of the structure, architecture, and design of modern digital and telephony networks. |
5 |
|
K0600
|
Knowledge of the structure, architecture, and design of modern wireless communications systems. |
2 |
|
K0601
|
Knowledge of the systems/architecture/communications used for coordination. |
1 |
|
K0602
|
Knowledge of collection disciplines and capabilities. |
1 |
|
K0603
|
Knowledge of the ways in which targets or threats use the Internet. |
6 |
|
K0604
|
Knowledge of threat and/or target systems. |
4 |
|
K0605
|
Knowledge of tipping, cueing, mixing, and redundancy. |
2 |
|
K0606
|
Knowledge of transcript development processes and techniques (e.g., verbatim, gist, summaries). |
1 |
|
K0607
|
Knowledge of translation processes and techniques. |
1 |
|
K0608
|
Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications). |
2 |
|
K0609
|
Knowledge of virtual machine technologies. |
1 |
|
K0610
|
Knowledge of virtualization products (VMware, Virtual PC). |
7 |
|
K0611
|
WITHDRAWN: Integrated into K0131 |
0 |
|
K0612
|
Knowledge of what constitutes a “threat” to a network. |
8 |
|
K0613
|
Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations. |
2 |
|
K0614
|
Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems. |
7 |
|
K0615
|
Knowledge of privacy disclosure statements based on current laws. |
2 |
|
K0616
|
Knowledge of continuous monitoring, its processes, and Continuous Diagnostics and Mitigation (CDM) program activities. |
0 |
|
K0617
|
Knowledge of Automated security control assessments |
0 |
|
K0618
|
Knowledge of hardware asset management and the value of tracking the location and configuration of networked devices and software across departments, locations, facilities and, potentially, supporting business functions. |
0 |
|
K0619
|
Knowledge of software asset management and the value of tracking the location and configuration of networked devices and software across departments, locations, facilities and, potentially, supporting business functions. |
0 |
|
K0620
|
Knowledge of continuous monitoring technologies and tools. |
0 |
|
K0621
|
Knowledge of risk scoring. |
0 |
|
K0622
|
Knowledge of controls related to the use, processing, storage, and transmission of data. |
6 |
|
K0623
|
Knowledge of risk assessment methodologies. |
0 |
|
K0624
|
Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) |
13 |
|
K0625
|
Knowledge that patching and software updates are impractical for some networked devices. |
0 |
|
K0626
|
Knowledge of secure update mechanisms. |
0 |
|
K0627
|
Knowledge of the importance of ingress filtering to protect against automated threats that rely on spoofed network addresses. |
0 |
|
K0628
|
Knowledge of cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations. |
3 |
|
K0629
|
Knowledge of white/black listing |
0 |
|
K0630
|
Knowledge of the latest intrusion techniques, methods and documented intrusions external to the organization. |
0 |