CO-CLO-001 All Source-Collection Manager
Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
Executes collection using appropriate strategies and within the priorities established through the collection management process.
Identifies collection authorities and environment; incorporates priority information requirements into collection management; develops concepts to meet leadership's intent. Determines capabilities of available collection assets, identifies new collection capabilities; and constructs and disseminates collection plans. Monitors execution of tasked collection to ensure effective execution of the collection plan.
Knowledges 82
| Code | Description | Work Roles |
|---|---|---|
| K0001 | Knowledge of computer networking concepts and protocols, and network security methodologies. | 52 |
| K0002 | Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). | 52 |
| K0003 | Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. | 52 |
| K0004 | Knowledge of cybersecurity and privacy principles. | 52 |
| K0005 | Knowledge of cyber threats and vulnerabilities. | 52 |
| K0006 | Knowledge of specific operational impacts of cybersecurity lapses. | 52 |
| K0036 | Knowledge of human-computer interaction principles. | 12 |
| K0058 | Knowledge of network traffic analysis methods. | 10 |
| K0109 | Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage). | 15 |
| K0177 | Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). | 12 |
| K0353 | Knowledge of possible circumstances that would result in changing collection management authorities. | 2 |
| K0361 | Knowledge of asset availability, capabilities and limitations. | 2 |
| K0364 | Knowledge of available databases and tools necessary to assess appropriate collection tasking. | 2 |
| K0380 | Knowledge of collaborative tools and environments. | 2 |
| K0382 | Knowledge of collection capabilities and limitations. | 2 |
| K0383 | Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan. | 2 |
| K0386 | Knowledge of collection management tools. | 2 |
| K0387 | Knowledge of collection planning process and collection plan. | 2 |
| K0390 | Knowledge of collection strategies. | 2 |
| K0392 | Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.). | 9 |
| K0395 | Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.). | 10 |
| K0401 | Knowledge of criteria for evaluating collection products. | 2 |
| K0404 | Knowledge of current collection requirements. | 2 |
| K0405 | Knowledge of current computer-based intrusion sets. | 5 |
| K0412 | Knowledge of cyber lexicon/terminology | 2 |
| K0417 | Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media). | 10 |
| K0419 | Knowledge of database administration and maintenance. | 2 |
| K0425 | Knowledge of different organization objectives at all levels, including subordinate, lateral and higher. | 2 |
| K0427 | Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP). | 8 |
| K0431 | Knowledge of evolving/emerging communications technologies. | 11 |
| K0435 | Knowledge of fundamental cyber concepts, principles, limitations, and effects. | 5 |
| K0440 | Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability. | 8 |
| K0444 | Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP). | 11 |
| K0445 | Knowledge of how modern digital and telephony networks impact cyber operations. | 9 |
| K0446 | Knowledge of how modern wireless communications systems impact cyber operations. | 8 |
| K0448 | Knowledge of how to establish priorities for resources. | 2 |
| K0449 | Knowledge of how to extract, analyze, and use metadata. | 7 |
| K0453 | Knowledge of indications and warning. | 2 |
| K0454 | Knowledge of information needs. | 2 |
| K0467 | Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities). | 2 |
| K0471 | Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering). | 9 |
| K0474 | Knowledge of key cyber threat actors and their equities. | 2 |
| K0475 | Knowledge of key factors of the operational environment and threat. | 2 |
| K0477 | Knowledge of leadership's Intent and objectives. | 2 |
| K0480 | Knowledge of malware. | 8 |
| K0482 | Knowledge of methods for ascertaining collection asset posture and availability. | 2 |
| K0492 | Knowledge of non-traditional collection methodologies. | 2 |
| K0495 | Knowledge of ongoing and future operations. | 2 |
| K0496 | Knowledge of operational asset constraints. | 2 |
| K0498 | Knowledge of operational planning processes. | 2 |
| K0503 | Knowledge of organization formats of resource and asset readiness reporting, its operational relevance and intelligence collection impact. | 1 |
| K0505 | Knowledge of organization objectives and associated demand on collection management. | 2 |
| K0513 | Knowledge of organizational priorities, legal authorities and requirements submission processes. | 2 |
| K0516 | Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc. | 10 |
| K0521 | Knowledge of priority information, how it is derived, where it is published, how to access, etc. | 2 |
| K0522 | Knowledge of production exploitation and dissemination needs and architectures. | 1 |
| K0526 | Knowledge of research strategies and knowledge management. | 2 |
| K0527 | Knowledge of risk management and mitigation strategies. | 2 |
| K0552 | Knowledge of tasking mechanisms. | 2 |
| K0553 | Knowledge of tasking processes for organic and subordinate collection assets. | 1 |
| K0554 | Knowledge of tasking, collection, processing, exploitation and dissemination. | 2 |
| K0558 | Knowledge of the available tools and applications associated with collection requirements and collection management. | 2 |
| K0560 | Knowledge of the basic structure, architecture, and design of modern communication networks. | 10 |
| K0561 | Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection). | 8 |
| K0562 | Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes. | 2 |
| K0563 | Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities. | 2 |
| K0565 | Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. | 11 |
| K0569 | Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture. | 2 |
| K0570 | Knowledge of the factors of threat that could impact collection operations. | 2 |
| K0579 | Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements. | 3 |
| K0580 | Knowledge of the organization’s established format for collection plan. | 2 |
| K0581 | Knowledge of the organization’s planning, operations and targeting cycles. | 2 |
| K0583 | Knowledge of the organizational plans/directives/guidance that describe objectives. | 1 |
| K0584 | Knowledge of the organizational policies/procedures for temporary transfer of collection authority. | 2 |
| K0587 | Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products. | 2 |
| K0588 | Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization. | 2 |
| K0596 | Knowledge of the request for information process. | 3 |
| K0601 | Knowledge of the systems/architecture/communications used for coordination. | 1 |
| K0605 | Knowledge of tipping, cueing, mixing, and redundancy. | 2 |
| K0610 | Knowledge of virtualization products (VMware, Virtual PC). | 7 |
| K0612 | Knowledge of what constitutes a “threat” to a network. | 8 |
| K0613 | Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations. | 2 |
Skills 23
| Code | Description | Work Roles |
|---|---|---|
| S0238 | Skill in information prioritization as it relates to operations. | 2 |
| S0304 | Skill to access information on current assets available, usage. | 3 |
| S0305 | Skill to access the databases where plans/directives/guidance are maintained. | 3 |
| S0311 | Skill to apply the capabilities, limitations and tasking methodologies of available platforms, sensors, architectures and apparatus as they apply to organization objectives. | 1 |
| S0313 | Skill to articulate a needs statement/requirement and integrate new and emerging collection capabilities, accesses and/or processes into collection operations. | 1 |
| S0316 | Skill to associate Intelligence gaps to priority information requirements and observables. | 2 |
| S0317 | Skill to compare indicators/observables with requirements. | 2 |
| S0324 | Skill to determine feasibility of collection. | 1 |
| S0325 | Skill to develop a collection plan that clearly shows the discipline that can be used to collect the information needed. | 2 |
| S0327 | Skill to ensure that the collection strategy leverages all available resources. | 2 |
| S0328 | Skill to evaluate factors of the operational environment to objectives, and information requirements. | 1 |
| S0330 | Skill to evaluate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities. | 2 |
| S0332 | Skill to extract information from available tools and applications associated with collection requirements and collection operations management. | 2 |
| S0334 | Skill to identify and apply tasking, collection, processing, exploitation and dissemination to associated collection disciplines. | 2 |
| S0335 | Skill to identify Intelligence gaps. | 2 |
| S0336 | Skill to identify when priority information requirements are satisfied. | 2 |
| S0339 | Skill to interpret readiness reporting, its operational relevance and intelligence collection impact. | 2 |
| S0342 | Skill to optimize collection system performance through repeated adjustment, testing, and re-adjustment. | 1 |
| S0344 | Skill to prepare and deliver reports, presentations and briefings, to include using visual aids or presentation technology. | 2 |
| S0347 | Skill to review performance specifications and historical information about collection assets. | 2 |
| S0351 | Skill to translate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities. | 1 |
| S0352 | Skill to use collaborative tools and environments for collection operations. | 2 |
| S0362 | Skill to analyze and assess internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities). | 2 |
Abilities 5
| Code | Description | Work Roles |
|---|---|---|
| A0069 | Ability to apply collaborative skills and strategies. | 3 |
| A0070 | Ability to apply critical reading/thinking skills. | 9 |
| A0076 | Ability to coordinate and collaborate with analysts regarding surveillance requirements and essential information development. | 1 |
| A0078 | Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations. | 2 |
| A0079 | Ability to correctly employ each organization or element into the collection plan and matrix. | 1 |
Tasks 46
| Code | Description | Work Roles |
|---|---|---|
| T0562 | Adjust collection operations or collection plan to address identified issues/challenges and to synchronize collections with overall operational requirements. | 1 |
| T0564 | Analyze feedback to determine extent to which collection products and services are meeting requirements. | 2 |
| T0568 | Analyze plans, directives, guidance and policy for factors that would influence collection management's operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements). | 2 |
| T0573 | Assess and apply operational environment factors and risks to collection management process. | 1 |
| T0578 | Assess performance of collection assets against prescribed specifications. | 2 |
| T0604 | Compare allocated and available assets to collection demand as expressed through requirements. | 1 |
| T0605 | Compile lessons learned from collection management activity's execution of organization collection objectives. | 2 |
| T0662 | Allocate collection assets based on leadership's guidance, priorities, and/or operational emphasis. | 1 |
| T0625 | Consider efficiency and effectiveness of collection assets and resources if/when applied against priority information requirements. | 1 |
| T0626 | Construct collection plans and matrixes using established guidance and procedures. | 1 |
| T0631 | Coordinate resource allocation of collection assets against prioritized collection requirements with collection discipline leads. | 1 |
| T0632 | Coordinate inclusion of collection plan in appropriate documentation. | 1 |
| T0634 | Re-task or re-direct collection assets and resources. | 1 |
| T0645 | Determine course of action for addressing changes to objectives, guidance, and operational environment. | 1 |
| T0646 | Determine existing collection management webpage databases, libraries and storehouses. | 1 |
| T0647 | Determine how identified factors affect the tasking, collection, processing, exploitation and dissemination architecture's form and function. | 1 |
| T0649 | Determine organizations and/or echelons with collection authority over all accessible collection assets. | 1 |
| T0651 | Develop a method for comparing collection reports to outstanding requirements to identify information gaps. | 2 |
| T0657 | Develop coordinating instructions by collection discipline for each phase of an operation. | 1 |
| T0674 | Disseminate tasking messages and collection plans. | 1 |
| T0681 | Establish alternative processing, exploitation and dissemination pathways to address identified issues or problems. | 1 |
| T0683 | Establish processing, exploitation and dissemination management activity using approved guidance and/or procedures. | 1 |
| T0698 | Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers. | 1 |
| T0702 | Formulate collection strategies based on knowledge of available intelligence discipline capabilities and gathering methods that align multi-discipline collection capabilities and accesses with targets and their observables. | 1 |
| T0714 | Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups. | 2 |
| T0716 | Identify coordination requirements and procedures with designated collection authorities. | 1 |
| T0721 | Identify issues or problems that can disrupt and/or degrade processing, exploitation and dissemination architecture effectiveness. | 1 |
| T0723 | Identify potential collection disciplines for application against priority information requirements. | 1 |
| T0725 | Identify and mitigate risks to collection management ability to support the plan, operations and target cycle. | 2 |
| T0734 | Issue requests for information. | 4 |
| T0737 | Link priority collection requirements to optimal assets and resources. | 1 |
| T0750 | Monitor completion of reallocated collection efforts. | 1 |
| T0753 | Monitor operational status and effectiveness of the processing, exploitation and dissemination architecture. | 1 |
| T0755 | Monitor the operational environment for potential factors and risks to the collection operation management process. | 1 |
| T0757 | Optimize mix of collection assets and resources to increase effectiveness and efficiency against essential information associated with priority intelligence requirements. | 1 |
| T0773 | Prioritize collection requirements for collection platforms based on platform capabilities. | 1 |
| T0779 | Provide advice/assistance to operations and intelligence decision makers with reassignment of collection assets and resources in response to dynamic operational situations. | 1 |
| T0806 | Request discipline-specific processing, exploitation, and disseminate information collected using discipline's collection assets and resources in accordance with approved guidance and/or procedures. | 1 |
| T0809 | Review capabilities of allocated collection assets. | 2 |
| T0810 | Review intelligence collection guidance for accuracy/applicability. | 2 |
| T0811 | Review list of prioritized collection requirements and essential information. | 2 |
| T0812 | Review and update overarching collection plan, as required. | 1 |
| T0814 | Revise collection matrix based on availability of optimal assets and resources. | 1 |
| T0820 | Specify changes to collection plan and/or operational environment that necessitate re-tasking or re-directing of collection assets and resources. | 1 |
| T0821 | Specify discipline-specific collections and/or taskings that must be executed in the near term. | 1 |
| T0827 | Synchronize the integrated employment of all available organic and partner intelligence collection assets using available collaboration capabilities and techniques. | 1 |