OV-SPP-002 Cyber Policy and Strategy Planner

Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work.

Develops policies and plans and/or advocates for changes in policy that support organizational cyberspace initiatives or required changes/enhancements.

Develops and maintains cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.

Knowledges 17

Code	Description	Work Roles
K0001	Knowledge of computer networking concepts and protocols, and network security methodologies.	52
K0002	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	52
K0003	Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.	52
K0004	Knowledge of cybersecurity and privacy principles.	52
K0005	Knowledge of cyber threats and vulnerabilities.	52
K0006	Knowledge of specific operational impacts of cybersecurity lapses.	52
K0070	Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).	13
K0127	Knowledge of the nature and function of the relevant information structure (e.g., National Information Infrastructure).	2
K0146	Knowledge of the organization's core business/mission processes.	10
K0168	Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.	11
K0234	Knowledge of full spectrum cyber capabilities (e.g., defense, attack, exploitation).	2
K0248	Knowledge of strategic theory and practice.	1
K0309	Knowledge of emerging technologies that have potential for exploitation.	2
K0311	Knowledge of industry indicators useful for identifying technology trends.	2
K0313	Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).	3
K0335	Knowledge of current and emerging cyber technologies.	2
K0624	Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)	13

Skills 2

Code	Description	Work Roles
S0176	Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.	4
S0250	Skill in preparing plans and related correspondence.	5

Abilities 3

Code	Description	Work Roles
A0003	Ability to determine the validity of technology trend data.	1
A0033	Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.	5
A0037	Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.	2

Tasks 19

Code	Description	Work Roles
T0341	Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.	2
T0369	Ensure that cyber workforce management policies and processes comply with legal and organizational requirements regarding equal opportunity, diversity, and fair hiring/employment practices.	2
T0384	Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.	3
T0390	Review/Assess cyber workforce effectiveness to adjust skill and/or qualification standards.	2
T0408	Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy.	2
T0425	Analyze organizational cyber policy.	3
T0429	Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.	3
T0441	Define and integrate current and future mission environments.	2
T0445	Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.	3
T0472	Draft, staff, and publish cyber policy.	2
T0505	Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.	2
T0506	Seek consensus on proposed policy changes from stakeholders.	2
T0529	Provide policy guidance to cyber management, staff, and users.	2
T0533	Review, conduct, or participate in audits of cyber programs and projects.	2
T0537	Support the CIO in the formulation of cyber-related policies.	2
T0074	Develop policy, programs, and guidelines for implementation.	2
T0094	Establish and maintain communication channels with stakeholders.	2
T0222	Review existing and proposed policies with stakeholders.	2
T0226	Serve on agency and interagency policy boards.	2