OG-WRL-012
Security Control Assessment OPM Code: 612

Provides leadership, management, direction, and advocacy so the organization may effectively manage cybersecurity-related risks to the enterprise and conduct cybersecurity work.

Responsible for conducting independent comprehensive assessments of management, operational, and technical security controls and control enhancements employed within or inherited by a system to determine their overall effectiveness. 

Code Description Work Roles
T0309 Assess the effectiveness of security controls 2
T0495 Manage Accreditation Packages (e.g., ISO/IEC 15026-2) 2
T1012 Expand network access 1
T1013 Conduct technical exploitation of a target 1
T1019 Determine special needs of cyber-physical systems 10
T1020 Determine the operational and safety impacts of cybersecurity lapses 37
T1021 Review cyber defense service provider reporting structure 2
T1022 Review enterprise information technology (IT) goals and objectives 9
T1023 Identify critical technology procurement requirements 11
T1026 Determine procurement requirements 9
T1030 Estimate the impact of collateral damage 2
T1036 Integrate leadership priorities 6
T1038 Integrate organization objectives in intelligence collection 6
T1041 Determine impact of software configurations 4
T1046 Assess operation performance 2
T1047 Assess operation impact 2
T1054 Scope analysis reports to various audiences that accounts for data sharing classification restrictions 6
T1055 Determine if priority information requirements are satisfied 3
T1079 Develop cybersecurity risk profiles 4
T1084 Identify anomalous network activity 9
T1118 Identify vulnerabilities 7
T1119 Recommend vulnerability remediation strategies 8
T1232 Approve accreditation packages 2
T1263 Perform security reviews 3
T1264 Identify gaps in security architecture 3
T1265 Develop a cybersecurity risk management plan 3
T1266 Recommend risk mitigation strategies 3
T1269 Conduct risk analysis of applications and systems undergoing major changes 4
T1270 Plan security authorization reviews for system and network installations 1
T1271 Conduct security authorization reviews for system and network installations 1
T1272 Develop security assurance cases for system and network installations 1
T1294 Advise on Risk Management Framework process activities and documentation 5
T1305 Determine if authorization and assurance documents identify an acceptable level of risk for software applications, systems, and networks 2
T1327 Update security documentation to reflect current application and system security design features 2
T1328 Verify implementation of software, network, and system cybersecurity postures 1
T1329 Document software, network, and system deviations from implemented security postures 1
T1330 Recommend required actions to correct software, network, and system deviations from implemented security postures 1
T1339 Develop cybersecurity compliance processes for external services 1
T1340 Develop cybersecurity audit processes for external services 1
T1343 Provide cybersecurity guidance to organizational risk governance processes 2
T1355 Determine if vulnerability remediation plans are in place 3
T1356 Develop vulnerability remediation plans 3
T1357 Determine if cybersecurity requirements have been successfully implemented 4
T1358 Determine the effectiveness of organizational cybersecurity policies and procedures 4
T1361 Determine the impact of new system and interface implementations on organization's cybersecurity posture 2
T1362 Document impact of new system and interface implementations on organization's cybersecurity posture 2
T1365 Document cybersecurity design and development activities 2
T1368 Support cybersecurity compliance activities 2
T1369 Determine if acquisitions, procurement, and outsourcing efforts address cybersecurity requirements 6
T1437 Determine effectiveness of configuration management processes 2
T1489 Correlate incident data 7
T1829 Evaluate locally developed tools 2
Code Description Work Roles
K0018 Knowledge of encryption algorithms 10
K0476 Knowledge of language processing tools and techniques 1
K0653 Knowledge of cybersecurity practices in the acquisition process 6
K0655 Knowledge of intelligence fusion 2
K0658 Knowledge of cognitive biases 2
K0659 Knowledge of information privacy technologies 4
K0674 Knowledge of computer networking protocols 40
K0675 Knowledge of risk management processes 41
K0676 Knowledge of cybersecurity laws and regulations 41
K0677 Knowledge of cybersecurity policies and procedures 41
K0678 Knowledge of privacy laws and regulations 41
K0679 Knowledge of privacy policies and procedures 41
K0680 Knowledge of cybersecurity principles and practices 40
K0681 Knowledge of privacy principles and practices 40
K0682 Knowledge of cybersecurity threats 40
K0683 Knowledge of cybersecurity vulnerabilities 40
K0684 Knowledge of cybersecurity threat characteristics 40
K0685 Knowledge of access control principles and practices 21
K0686 Knowledge of authentication and authorization tools and techniques 21
K0687 Knowledge of business operations standards and best practices 5
K0688 Knowledge of common application vulnerabilities 5
K0689 Knowledge of network infrastructure principles and practices 9
K0691 Knowledge of cyber defense tools and techniques 7
K0692 Knowledge of vulnerability assessment tools and techniques 7
K0698 Knowledge of cryptographic key management principles and practices 10
K0701 Knowledge of data backup and recovery policies and procedures 8
K0702 Knowledge of data warehousing principles and practices 3
K0703 Knowledge of data mining principles and practices 4
K0707 Knowledge of database systems and software 9
K0709 Knowledge of business continuity and disaster recovery (BCDR) policies and procedures 5
K0710 Knowledge of enterprise cybersecurity architecture principles and practices 20
K0711 Knowledge of evaluation and validation principles and practices 7
K0712 Knowledge of Local Area Networks (LAN) 6
K0713 Knowledge of Wide Area Networks (WAN) 6
K0718 Knowledge of network communications principles and practices 10
K0720 Knowledge of Assessment and Authorization (A&A) processes 5
K0721 Knowledge of risk management principles and practices 19
K0723 Knowledge of vulnerability data sources 5
K0728 Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices 20
K0729 Knowledge of non-repudiation principles and practices 20
K0730 Knowledge of cyber safety principles and practices 20
K0731 Knowledge of systems security engineering (SSE) principles and practices 13
K0734 Knowledge of Risk Management Framework (RMF) requirements 14
K0735 Knowledge of risk management models and frameworks 13
K0736 Knowledge of information technology (IT) security principles and practices 18
K0742 Knowledge of identity and access management (IAM) principles and practices 10
K0743 Knowledge of new and emerging technologies 15
K0746 Knowledge of policy-based access controls 15
K0747 Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC) 15
K0749 Knowledge of process engineering principles and practices 13
K0751 Knowledge of system threats 40
K0752 Knowledge of system vulnerabilities 40
K0758 Knowledge of server administration principles and practices 13
K0760 Knowledge of server diagnostic tools and techniques 6
K0761 Knowledge of Fault Detection and Diagnostics (FDD) tools and techniques 5
K0765 Knowledge of software engineering principles and practices 15
K0767 Knowledge of structured analysis principles and practices 5
K0776 Knowledge of collaboration tools and techniques 2
K0778 Knowledge of enterprise information technology (IT) architecture principles and practices 20
K0779 Knowledge of systems engineering processes 14
K0784 Knowledge of insider threat laws and regulations 7
K0785 Knowledge of insider threat tools and techniques 7
K0791 Knowledge of defense-in-depth principles and practices 19
K0800 Knowledge of evidence admissibility laws and regulations 7
K0803 Knowledge of supply chain risk management principles and practices 17
K0806 Knowledge of machine virtualization tools and techniques 6
K0814 Knowledge of secure coding tools and techniques 6
K0819 Knowledge of import and export control laws and regulations 8
K0820 Knowledge of supply chain risks 18
K0821 Knowledge of federal agency roles and responsibilities 9
K0828 Knowledge of supply chain risk management standards and best practices 16
K0834 Knowledge of technology procurement principles and practices 11
K0838 Knowledge of supply chain risk management policies and procedures 13
K0839 Knowledge of critical infrastructure systems and software 13
K0840 Knowledge of hardware reverse engineering tools and techniques 15
K0842 Knowledge of software reverse engineering tools and techniques 15
K0851 Knowledge of reverse engineering principles and practices 15
K0858 Knowledge of virtual machine detection tools and techniques 6
K0859 Knowledge of encryption tools and techniques 13
K0865 Knowledge of data classification standards and best practices 18
K0866 Knowledge of data classification tools and techniques 18
K0870 Knowledge of enterprise architecture (EA) reference models and frameworks 20
K0871 Knowledge of enterprise architecture (EA) principles and practices 20
K0877 Knowledge of application firewall principles and practices 12
K0878 Knowledge of network firewall principles and practices 12
K0879 Knowledge of industry cybersecurity models and frameworks 9
K0880 Knowledge of access control models and frameworks 9
K0881 Knowledge of learning assessment tools and techniques 7
K0885 Knowledge of instructional design principles and practices 4
K0886 Knowledge of instructional design models and frameworks 4
K0892 Knowledge of cyber defense laws and regulations 13
K0915 Knowledge of network architecture principles and practices 21
K0917 Knowledge of Personally Identifiable Information (PII) data security standards and best practices 15
K0918 Knowledge of Payment Card Industry (PCI) data security standards and best practices 16
K0919 Knowledge of Personal Health Information (PHI) data security standards and best practices 16
K0922 Knowledge of the acquisition life cycle models and frameworks 7
K0924 Knowledge of network analysis tools and techniques 7
K0928 Knowledge of systems engineering principles and practices 13
K0934 Knowledge of data classification policies and procedures 18
K0942 Knowledge of cryptology principles and practices 10
K0947 Knowledge of computer engineering principles and practices 14
K0948 Knowledge of embedded systems and software 9
K0953 Knowledge of data mining tools and techniques 3
K0955 Knowledge of penetration testing principles and practices 8
K0956 Knowledge of penetration testing tools and techniques 8
K0962 Knowledge of targeting laws and regulations 11
K0963 Knowledge of exploitation laws and regulations 11
K0965 Knowledge of language analysis tools and techniques 1
K0966 Knowledge of voice analysis tools and techniques 1
K0967 Knowledge of graphic materials analysis tools and techniques 1
K0983 Knowledge of computer networking principles and practices 39
K0986 Knowledge of target selection criticality factors 1
K0987 Knowledge of target selection vulnerability factors 1
K0990 Knowledge of cyber operations principles and practices 8
K1014 Knowledge of network security principles and practices 40
K1034 Knowledge of target language 1
K1050 Knowledge of critical information requirements 8
K1063 Knowledge of operation assessment processes 2
K1069 Knowledge of virtual machine tools and technologies 6
K1076 Knowledge of risk scoring principles and practices 3
K1077 Knowledge of data security controls 6
K1079 Knowledge of web application security risks 13
K1084 Knowledge of data privacy controls 6
K1088 Knowledge of knowledge management tools and techniques 6
K1096 Knowledge of data analysis tools and techniques 3
K1098 Knowledge of personnel systems and software 2
K1099 Knowledge of code analysis tools and techniques 4
K1100 Knowledge of analytical tools and techniques 4
K1101 Knowledge of analytics 3
K1108 Knowledge of traceroute tools and techniques 3
K1109 Knowledge of virtual collaborative workspace tools and techniques 2
K1180 Knowledge of organizational cybersecurity goals and objectives 11
Code Description Work Roles
S0015 Skill in conducting test events 2
S0097 Skill in applying security controls 2
S0111 Skill in interfacing with customers 4
S0136 Skill in network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools 1
S0141 Skill in assessing security systems designs 5
S0172 Skill in applying secure coding techniques 6
S0175 Skill in performing root cause analysis 3
S0177 Skill in performing network analysis on targets 1
S0248 Skill in performing target system analysis 1
S0252 Skill in processing collected data for follow-on analysis 1
S0385 Skill in communicating complex concepts 9
S0386 Skill in communicating verbally 4
S0387 Skill in communicating in writing 4
S0388 Skill in facilitating small group discussions 2
S0389 Skill in facilitating group discussions 2
S0391 Skill in creating technical documentation 7
S0393 Skill in developing assessments 3
S0394 Skill in developing security assessments 3
S0401 Skill in collecting data 2
S0402 Skill in verifying data 2
S0403 Skill in validating data 2
S0409 Skill in deriving evaluative conclusions from data 3
S0414 Skill in evaluating laws 4
S0415 Skill in evaluating regulations 4
S0416 Skill in evaluating policies 4
S0423 Skill in analyzing processes to ensure conformance with procedural requirements 6
S0430 Skill in collaborating with others 9
S0431 Skill in applying critical thinking 5
S0435 Skill in analyzing large data sets 2
S0436 Skill in creating target intelligence products 2
S0437 Skill in identifying targets of interest 1
S0438 Skill in functioning effectively in a dynamic, fast-paced environment 3
S0439 Skill in identifying external partners 2
S0440 Skill in identifying target vulnerabilities 1
S0441 Skill in describing target vulnerabilities 1
S0443 Skill in mitigating cognitive biases 2
S0447 Skill in aligning privacy and cybersecurity objectives 3
S0462 Skill in integrating information security requirements in the acquisitions process 7
S0463 Skill in implementing software quality control processes 7
S0465 Skill in identifying critical infrastructure systems 10
S0466 Skill in identifying systems designed without security considerations 10
S0472 Skill in developing virtual machines 6
S0473 Skill in maintaining virtual machines 5
S0483 Skill in identifying software communications vulnerabilities 7
S0503 Skill in selecting targets 1
S0504 Skill in identifying vulnerabilities 1
S0506 Skill in identifying customer information needs 3
S0511 Skill in establishing priorities 3
S0515 Skill in identifying partner capabilities 5
S0532 Skill in analyzing software configurations 4
S0543 Skill in scanning for vulnerabilities 12
S0544 Skill in recognizing vulnerabilities 13
S0558 Skill in developing algorithms 5
S0559 Skill in performing data structure analysis 5
S0574 Skill in developing security system controls 11
S0578 Skill in evaluating security designs 9
S0579 Skill in preparing reports 11
S0580 Skill in monitoring system performance 5
S0581 Skill in configuring systems for performance enhancement 5
S0601 Skill in developing curricula 4
S0602 Skill in teaching training programs 4
S0614 Skill in categorizing types of vulnerabilities 3
S0628 Skill in developing learning activities 3
S0632 Skill in designing Test and Evaluation Strategies (TES) 3
S0634 Skill in identifying Test and Evaluation Strategies (TES) infrastructure requirements 2
S0635 Skill in managing test assets 2
S0641 Skill in reviewing logs 2
S0642 Skill in identifying evidence of past intrusions 2
S0645 Skill in troubleshooting cyber defense infrastructure anomalies 2
S0647 Skill in managing a workforce 2
S0654 Skill in conducting system reviews 2
S0655 Skill in designing secure test plans 5
S0656 Skill in assessing application vulnerabilities 2
S0657 Skill in implementing Public Key Infrastructure (PKI) encryption 5
S0658 Skill in implementing digital signatures 5
S0664 Skill in applying policies that meet system security objectives 2
S0667 Skill in assessing security controls 3
S0673 Skill in translating operational requirements into security controls 8
S0675 Skill in optimizing system performance 10
S0686 Skill in performing risk assessments 12
S0687 Skill in performing administrative planning activities 9
S0688 Skill in performing network data analysis 7
S0700 Skill in mining data 2
S0701 Skill in performing data mining analysis 2
S0704 Skill in performing target analysis 2
S0709 Skill in developing analytics 3
S0710 Skill in evaluating metadata 2
S0711 Skill in interpreting metadata 2
S0712 Skill in evaluating data source quality 7
S0713 Skill in evaluating information quality 5
S0715 Skill in generating operation plans 1
S0719 Skill in identifying intelligence gaps 2
S0720 Skill in identifying regional languages and dialects 1
S0721 Skill in prioritizing information 1
S0722 Skill in interpreting traceroute results 3
S0723 Skill in interpreting vulnerability scanner results 1
S0724 Skill in managing client relationships 3
S0728 Skill in preparing briefings 6
S0729 Skill in preparing plans 3
S0731 Skill in producing after-action reports 1
S0739 Skill in analyzing intelligence products 2
S0743 Skill in identifying network anomalies 1
S0744 Skill in performing technical writing 6
S0755 Skill in reconstructing a network 3
S0756 Skill in incorporating feedback 4
S0758 Skill in performing wireless network analysis 1
S0760 Skill in navigating databases 1
S0761 Skill in performing strategic guidance analysis 1
S0775 Skill in developing intelligence collection plans 1
S0777 Skill in developing collection strategies 2
S0780 Skill in fulfilling information requests 1
S0788 Skill in orchestrating planning teams 2
S0789 Skill in coordinating collection support 2
S0790 Skill in monitoring status 2
S0791 Skill in presenting to an audience 9
S0800 Skill in analyzing organizational patterns and relationships 4
S0801 Skill in assessing partner operations capabilities 3
S0807 Skill in solving problems 9
S0809 Skill in utilizing cyber defense service provider information 2
S0813 Skill in identifying cybersecurity issues in external connections 3
S0814 Skill in identifying privacy issues in partner interconnections 3
S0874 Skill in performing network traffic analysis 4
S0878 Skill in performing risk analysis 9