SP-SRP-001 Systems Requirements Planner

Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of system and/or network development.

Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions. Provides guidance to customers about applicability of information systems to meet business needs.

Consults with customers to evaluate functional requirements and translate functional requirements into technical solutions.

Knowledges 48

Code	Description	Work Roles
K0001	Knowledge of computer networking concepts and protocols, and network security methodologies.	52
K0002	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	52
K0003	Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.	52
K0004	Knowledge of cybersecurity and privacy principles.	52
K0005	Knowledge of cyber threats and vulnerabilities.	52
K0006	Knowledge of specific operational impacts of cybersecurity lapses.	52
K0008	Knowledge of applicable business processes and operations of customer organizations.	5
K0012	Knowledge of capabilities and requirements analysis.	3
K0018	Knowledge of encryption algorithms	11
K0019	Knowledge of cryptography and cryptographic key management concepts	8
K0032	Knowledge of resiliency and redundancy.	3
K0035	Knowledge of installation, integration, and optimization of system components.	6
K0038	Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.	6
K0043	Knowledge of industry-standard and organizationally accepted analysis principles and methods.	7
K0044	Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).	14
K0045	Knowledge of information security systems engineering principles (NIST SP 800-160).	3
K0047	Knowledge of information technology (IT) architectural concepts and frameworks.	4
K0055	Knowledge of microprocessors.	4
K0056	Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).	11
K0059	Knowledge of new and emerging information technology (IT) and cybersecurity technologies.	12
K0060	Knowledge of operating systems.	13
K0061	Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).	11
K0063	Knowledge of parallel and distributed computing concepts.	6
K0066	Knowledge of Privacy Impact Assessments.	6
K0067	Knowledge of process engineering concepts.	3
K0073	Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org).	5
K0074	Knowledge of key concepts in security management (e.g., Release Management, Patch Management).	4
K0086	Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.	5
K0087	Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.	4
K0090	Knowledge of system life cycle management principles, including software security and usability.	10
K0091	Knowledge of systems testing and evaluation methods.	6
K0093	Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).	8
K0101	Knowledge of the organization’s enterprise information technology (IT) goals and objectives.	8
K0102	Knowledge of the systems engineering process.	7
K0126	Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)	14
K0163	Knowledge of critical information technology (IT) procurement requirements.	3
K0164	Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).	4
K0168	Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.	11
K0169	Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.	14
K0170	Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.	12
K0180	Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.	9
K0200	Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).	11
K0267	Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.	8
K0287	Knowledge of an organization's information classification program and procedures for information compromise.	18
K0325	Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).	6
K0332	Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.	14
K0333	Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.	6
K0622	Knowledge of controls related to the use, processing, storage, and transmission of data.	6

Skills 7

Code	Description	Work Roles
S0005	Skill in applying and incorporating information technologies into proposed solutions.	4
S0006	Skill in applying confidentiality, integrity, and availability principles.	3
S0008	Skill in applying organization-specific systems analysis principles and techniques.	1
S0010	Skill in conducting capabilities and requirements analysis.	1
S0050	Skill in design modeling and building use cases (e.g., unified modeling language).	3
S0134	Skill in conducting reviews of systems.	2
S0367	Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).	14

Abilities 3

Code	Description	Work Roles
A0064	Ability to interpret and translate customer requirements into operational capabilities.	1
A0123	Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).	15
A0170	Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.	11

Tasks 18

Code	Description	Work Roles
T0273	Develop and document supply chain risks for critical system elements, as appropriate.	4
T0300	Develop and document User Experience (UX) requirements including information architecture and user interface requirements.	1
T0313	Design and document quality standards.	1
T0325	Document a system's purpose and preliminary system security concept of operations.	1
T0334	Ensure that all systems components can be integrated and aligned (e.g., procedures, databases, policies, software, and hardware).	1
T0454	Define baseline security requirements in accordance with applicable guidelines.	1
T0463	Develop cost estimates for new or modified system(s).	1
T0497	Manage the information technology (IT) planning process to ensure that developed solutions meet customer requirements.	1
T0033	Conduct risk analysis, feasibility study, and/or trade-off analysis to develop, document, and refine functional requirements and specifications.	1
T0039	Consult with customers to evaluate functional requirements.	1
T0045	Coordinate with systems architects and developers, as needed, to provide oversight in the development of design solutions.	1
T0052	Define project scope and objectives based on customer requirements.	1
T0062	Develop and document requirements, capabilities, and constraints for design procedures and processes.	1
T0127	Integrate and align information security and/or cybersecurity policies to ensure that system analysis meets security requirements.	1
T0156	Oversee and make recommendations regarding configuration management.	1
T0174	Perform needs analysis to determine opportunities for new and improved business process solutions.	4
T0191	Prepare use cases to justify the need for specific information technology (IT) solutions.	1
T0235	Translate functional requirements into technical solutions.	1