CO-CLO-001 All Source-Collection Manager

Provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.

Executes collection using appropriate strategies and within the priorities established through the collection management process.

Identifies collection authorities and environment; incorporates priority information requirements into collection management; develops concepts to meet leadership's intent. Determines capabilities of available collection assets, identifies new collection capabilities; and constructs and disseminates collection plans. Monitors execution of tasked collection to ensure effective execution of the collection plan.

Knowledges 82

Code	Description	Work Roles
K0001	Knowledge of computer networking concepts and protocols, and network security methodologies.	52
K0002	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	52
K0003	Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.	52
K0004	Knowledge of cybersecurity and privacy principles.	52
K0005	Knowledge of cyber threats and vulnerabilities.	52
K0006	Knowledge of specific operational impacts of cybersecurity lapses.	52
K0036	Knowledge of human-computer interaction principles.	12
K0058	Knowledge of network traffic analysis methods.	10
K0109	Knowledge of physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).	15
K0177	Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).	12
K0353	Knowledge of possible circumstances that would result in changing collection management authorities.	2
K0361	Knowledge of asset availability, capabilities and limitations.	2
K0364	Knowledge of available databases and tools necessary to assess appropriate collection tasking.	2
K0380	Knowledge of collaborative tools and environments.	2
K0382	Knowledge of collection capabilities and limitations.	2
K0383	Knowledge of collection capabilities, accesses, performance specifications, and constraints utilized to satisfy collection plan.	2
K0386	Knowledge of collection management tools.	2
K0387	Knowledge of collection planning process and collection plan.	2
K0390	Knowledge of collection strategies.	2
K0392	Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).	9
K0395	Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).	10
K0401	Knowledge of criteria for evaluating collection products.	2
K0404	Knowledge of current collection requirements.	2
K0405	Knowledge of current computer-based intrusion sets.	5
K0412	Knowledge of cyber lexicon/terminology	2
K0417	Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).	10
K0419	Knowledge of database administration and maintenance.	2
K0425	Knowledge of different organization objectives at all levels, including subordinate, lateral and higher.	2
K0427	Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).	8
K0431	Knowledge of evolving/emerging communications technologies.	11
K0435	Knowledge of fundamental cyber concepts, principles, limitations, and effects.	5
K0440	Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability.	8
K0444	Knowledge of how Internet applications work (SMTP email, web-based email, chat clients, VOIP).	11
K0445	Knowledge of how modern digital and telephony networks impact cyber operations.	9
K0446	Knowledge of how modern wireless communications systems impact cyber operations.	8
K0448	Knowledge of how to establish priorities for resources.	2
K0449	Knowledge of how to extract, analyze, and use metadata.	7
K0453	Knowledge of indications and warning.	2
K0454	Knowledge of information needs.	2
K0467	Knowledge of internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).	2
K0471	Knowledge of Internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).	9
K0474	Knowledge of key cyber threat actors and their equities.	2
K0475	Knowledge of key factors of the operational environment and threat.	2
K0477	Knowledge of leadership's Intent and objectives.	2
K0480	Knowledge of malware.	8
K0482	Knowledge of methods for ascertaining collection asset posture and availability.	2
K0492	Knowledge of non-traditional collection methodologies.	2
K0495	Knowledge of ongoing and future operations.	2
K0496	Knowledge of operational asset constraints.	2
K0498	Knowledge of operational planning processes.	2
K0503	Knowledge of organization formats of resource and asset readiness reporting, its operational relevance and intelligence collection impact.	1
K0505	Knowledge of organization objectives and associated demand on collection management.	2
K0513	Knowledge of organizational priorities, legal authorities and requirements submission processes.	2
K0516	Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.	10
K0521	Knowledge of priority information, how it is derived, where it is published, how to access, etc.	2
K0522	Knowledge of production exploitation and dissemination needs and architectures.	1
K0526	Knowledge of research strategies and knowledge management.	2
K0527	Knowledge of risk management and mitigation strategies.	2
K0552	Knowledge of tasking mechanisms.	2
K0553	Knowledge of tasking processes for organic and subordinate collection assets.	1
K0554	Knowledge of tasking, collection, processing, exploitation and dissemination.	2
K0558	Knowledge of the available tools and applications associated with collection requirements and collection management.	2
K0560	Knowledge of the basic structure, architecture, and design of modern communication networks.	10
K0561	Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).	8
K0562	Knowledge of the capabilities and limitations of new and emerging collection capabilities, accesses and/or processes.	2
K0563	Knowledge of the capabilities, limitations and tasking methodologies of internal and external collections as they apply to planned cyber activities.	2
K0565	Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.	11
K0569	Knowledge of the existent tasking, collection, processing, exploitation and dissemination architecture.	2
K0570	Knowledge of the factors of threat that could impact collection operations.	2
K0579	Knowledge of the organization, roles and responsibilities of higher, lower and adjacent sub-elements.	3
K0580	Knowledge of the organization’s established format for collection plan.	2
K0581	Knowledge of the organization’s planning, operations and targeting cycles.	2
K0583	Knowledge of the organizational plans/directives/guidance that describe objectives.	1
K0584	Knowledge of the organizational policies/procedures for temporary transfer of collection authority.	2
K0587	Knowledge of the POC’s, databases, tools and applications necessary to establish environment preparation and surveillance products.	2
K0588	Knowledge of the priority information requirements from subordinate, lateral and higher levels of the organization.	2
K0596	Knowledge of the request for information process.	3
K0601	Knowledge of the systems/architecture/communications used for coordination.	1
K0605	Knowledge of tipping, cueing, mixing, and redundancy.	2
K0610	Knowledge of virtualization products (VMware, Virtual PC).	7
K0612	Knowledge of what constitutes a “threat” to a network.	8
K0613	Knowledge of who the organization’s operational planners are, how and where they can be contacted, and what are their expectations.	2

Skills 23

Code	Description	Work Roles
S0238	Skill in information prioritization as it relates to operations.	2
S0304	Skill to access information on current assets available, usage.	3
S0305	Skill to access the databases where plans/directives/guidance are maintained.	3
S0311	Skill to apply the capabilities, limitations and tasking methodologies of available platforms, sensors, architectures and apparatus as they apply to organization objectives.	1
S0313	Skill to articulate a needs statement/requirement and integrate new and emerging collection capabilities, accesses and/or processes into collection operations.	1
S0316	Skill to associate Intelligence gaps to priority information requirements and observables.	2
S0317	Skill to compare indicators/observables with requirements.	2
S0324	Skill to determine feasibility of collection.	1
S0325	Skill to develop a collection plan that clearly shows the discipline that can be used to collect the information needed.	2
S0327	Skill to ensure that the collection strategy leverages all available resources.	2
S0328	Skill to evaluate factors of the operational environment to objectives, and information requirements.	1
S0330	Skill to evaluate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities.	2
S0332	Skill to extract information from available tools and applications associated with collection requirements and collection operations management.	2
S0334	Skill to identify and apply tasking, collection, processing, exploitation and dissemination to associated collection disciplines.	2
S0335	Skill to identify Intelligence gaps.	2
S0336	Skill to identify when priority information requirements are satisfied.	2
S0339	Skill to interpret readiness reporting, its operational relevance and intelligence collection impact.	2
S0342	Skill to optimize collection system performance through repeated adjustment, testing, and re-adjustment.	1
S0344	Skill to prepare and deliver reports, presentations and briefings, to include using visual aids or presentation technology.	2
S0347	Skill to review performance specifications and historical information about collection assets.	2
S0351	Skill to translate the capabilities, limitations and tasking methodologies of organic, theater, national, coalition and other collection capabilities.	1
S0352	Skill to use collaborative tools and environments for collection operations.	2
S0362	Skill to analyze and assess internal and external partner organization capabilities and limitations (those with tasking, collection, processing, exploitation and dissemination responsibilities).	2

Abilities 5

Code	Description	Work Roles
A0069	Ability to apply collaborative skills and strategies.	3
A0070	Ability to apply critical reading/thinking skills.	9
A0076	Ability to coordinate and collaborate with analysts regarding surveillance requirements and essential information development.	1
A0078	Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations.	2
A0079	Ability to correctly employ each organization or element into the collection plan and matrix.	1

Tasks 46

Code	Description	Work Roles
T0562	Adjust collection operations or collection plan to address identified issues/challenges and to synchronize collections with overall operational requirements.	1
T0564	Analyze feedback to determine extent to which collection products and services are meeting requirements.	2
T0568	Analyze plans, directives, guidance and policy for factors that would influence collection management's operational structure and requirement s (e.g., duration, scope, communication requirements, interagency/international agreements).	2
T0573	Assess and apply operational environment factors and risks to collection management process.	1
T0578	Assess performance of collection assets against prescribed specifications.	2
T0604	Compare allocated and available assets to collection demand as expressed through requirements.	1
T0605	Compile lessons learned from collection management activity's execution of organization collection objectives.	2
T0662	Allocate collection assets based on leadership's guidance, priorities, and/or operational emphasis.	1
T0625	Consider efficiency and effectiveness of collection assets and resources if/when applied against priority information requirements.	1
T0626	Construct collection plans and matrixes using established guidance and procedures.	1
T0631	Coordinate resource allocation of collection assets against prioritized collection requirements with collection discipline leads.	1
T0632	Coordinate inclusion of collection plan in appropriate documentation.	1
T0634	Re-task or re-direct collection assets and resources.	1
T0645	Determine course of action for addressing changes to objectives, guidance, and operational environment.	1
T0646	Determine existing collection management webpage databases, libraries and storehouses.	1
T0647	Determine how identified factors affect the tasking, collection, processing, exploitation and dissemination architecture's form and function.	1
T0649	Determine organizations and/or echelons with collection authority over all accessible collection assets.	1
T0651	Develop a method for comparing collection reports to outstanding requirements to identify information gaps.	2
T0657	Develop coordinating instructions by collection discipline for each phase of an operation.	1
T0674	Disseminate tasking messages and collection plans.	1
T0681	Establish alternative processing, exploitation and dissemination pathways to address identified issues or problems.	1
T0683	Establish processing, exploitation and dissemination management activity using approved guidance and/or procedures.	1
T0698	Facilitate continuously updated intelligence, surveillance, and visualization input to common operational picture managers.	1
T0702	Formulate collection strategies based on knowledge of available intelligence discipline capabilities and gathering methods that align multi-discipline collection capabilities and accesses with targets and their observables.	1
T0714	Identify collaboration forums that can serve as mechanisms for coordinating processes, functions, and outputs with specified organizations and functional groups.	2
T0716	Identify coordination requirements and procedures with designated collection authorities.	1
T0721	Identify issues or problems that can disrupt and/or degrade processing, exploitation and dissemination architecture effectiveness.	1
T0723	Identify potential collection disciplines for application against priority information requirements.	1
T0725	Identify and mitigate risks to collection management ability to support the plan, operations and target cycle.	2
T0734	Issue requests for information.	4
T0737	Link priority collection requirements to optimal assets and resources.	1
T0750	Monitor completion of reallocated collection efforts.	1
T0753	Monitor operational status and effectiveness of the processing, exploitation and dissemination architecture.	1
T0755	Monitor the operational environment for potential factors and risks to the collection operation management process.	1
T0757	Optimize mix of collection assets and resources to increase effectiveness and efficiency against essential information associated with priority intelligence requirements.	1
T0773	Prioritize collection requirements for collection platforms based on platform capabilities.	1
T0779	Provide advice/assistance to operations and intelligence decision makers with reassignment of collection assets and resources in response to dynamic operational situations.	1
T0806	Request discipline-specific processing, exploitation, and disseminate information collected using discipline's collection assets and resources in accordance with approved guidance and/or procedures.	1
T0809	Review capabilities of allocated collection assets.	2
T0810	Review intelligence collection guidance for accuracy/applicability.	2
T0811	Review list of prioritized collection requirements and essential information.	2
T0812	Review and update overarching collection plan, as required.	1
T0814	Revise collection matrix based on availability of optimal assets and resources.	1
T0820	Specify changes to collection plan and/or operational environment that necessitate re-tasking or re-directing of collection assets and resources.	1
T0821	Specify discipline-specific collections and/or taskings that must be executed in the near term.	1
T0827	Synchronize the integrated employment of all available organic and partner intelligence collection assets using available collaboration capabilities and techniques.	1