NICE Framework

What is the difference between the NICE framework and DoDD 8140/8570?

For those looking into government work, or for those just plain interested in the different cybersecurity frameworks out there, have probably encountered two framework names almost daily — NICE Framework and DoDD 8140/8570. These frameworks are important, trusted cybersecurity frameworks that touch different parts of government work, but to only know this is barely even the tip of the iceberg.

This article will detail the NICE Framework and DoDD 8140/8570. We will explore what they are, their origins, the intended users or stakeholders and how these two frameworks differ. This article is intended to provide a high-level overview of both frameworks with emphasis on how these NIST cybersecurity frameworks differ.

What is the NICE Framework?

This framework isn’t mean (pardon the pun) but it is named NICE for the National Initiative for Cybersecurity Education Cybersecurity Workforce Framework. Published by the National Institute of Standards and Technology (NIST) and found in NIST Special Publication 800-181, the NICE Framework provides a baseline for federal cybersecurity roles, efforts and processes as well as a consistent, systematic organization for all cybersecurity efforts for the federal government.

The NICE Framework is nationally-focused and establishes a common lexicon and taxonomy for the description of cybersecurity work, roles and workers no matter where or for whom the work is performed. This Framework is a living, changing thing, which is best demonstrated by revisions — the first of which was released on November 16, 2020.

NICE framework components

This framework consists of the following components:

7 Categories of high-level common cybersecurity functions groupings
33 Specialty Areas of cybersecurity work
52 Work Roles: This is the most detailed of these groupings and lists the specific skills, knowledge and abilities that are necessary to perform the Work Role’s tasks

Below is the list of the seven categories of cybersecurity functions:

Analyze: Highly specialize evaluation and review of incoming cybersecurity data to determine if it is useful for intelligence
Collect and Operate: Offers specialized deception and denial operations, as well as collection of cybersecurity information for intelligence development
Investigate: Examines cybersecurity crimes or events related to IT networks, systems and digital evidence
Operate and Maintain: Provides administration, support and maintenance required to ensure efficient and effective of IT systems in terms of performance and security
Oversee and Govern: Gives leadership, direction, management or development and advocacy for effectively conducting cybersecurity work
Protect and Defend: Identification, analysis and mitigation of internal threats to both IT systems and networks
Securely Provision: Procures, conceptualizes, builds or designs secure IT systems and is responsible for the development of aspects of systems and networks.

What is DoDD 8140/8570?

Department of Defense Directive 8570, or DoDD 8570, was a former Department of Defense Directive that has been rolled into a larger initiative, DoDD 8140. This directive gives guidance and procedures for the certification, training and management of all federal government employees responsible for conducting information assurance functions in their job duties. These government employees are required to hold a certification (approved by DoD) to work their specific job, which is listed in the DoD Approved 8140 Baseline Certifications here.

DoDD 8140 categorizes the baseline certifications as being either IAT (Information Assurance Technical), IAM (Information Assurance Management), IASAE (IA System Architecture and Engineering) or CSSP (Cyber Security Service Provider). Below are the certifications that fall within each category.

IA technical

IAT level I

A+
CND
Network+

IAT level II

IAT level III

CASP+
CCNP Security
CISA
CISSP

IA management

IAM level I

CAP
CND
Cloud+
Security+

IAM level II

CAP
CASP+
CISM
CISSP
CCISO

IAM level III

CISM
CISSP
CCISO

IA system architecture and engineering

IASAE level I

CASP+
CISSP
CSSLP

IASAE level II

CASP+
CISSP
CSSLP

IASAE level III

CISSP-ISSAP
CISSP-ISSEP

Cyber security service provider

CSSP analyst

CEH
CFR
CySA+

CSSP infrastructure support

CEH
CFR
CySA+
CND
CHFI
Cloud+

CSSP incident responder

CEH
CFR
CHFI
CySA+

CSSP auditor

CEH
CySA+
CISA
Cloud+
CFR

CSSP manager

CISM
CCISO

Origins

Part of the confusion some have between these two frameworks is the entangled origins the two have. Firstly, the NICE Framework provides a baseline for federal cybersecurity but it is a non-binding baseline. In practice, the NICE Framework is used as a starting point for federal agencies. Next, what makes this confusing is the fact that the DoD Cyber Workforce Framework (DCWF) was defined in both DoDD 8140 and the NICE Framework. To top off the confusion level, some jobs bleed into other jobs, which can ultimately cause security vulnerabilities.

NICE framework and DoDD 8140 users and stakeholders

The biggest difference between the NICE Framework and DoDD 8140 is their intended audience, or users and stakeholders. The NICE Framework is intended for a broad range of federal government employees, from the GSA to the FBI. DoDD 8140 is intended for United States military users and stakeholders. This may seem like a slight difference, but it has a huge impact on how these frameworks operate.

The NICE Framework and DoDD 8140’s differences are best viewed through the lens of the seven categories of the NICE Framework because of the different intended audiences. Let’s take a look at how these framework’s seven categories differ.

Analysis: NICE focuses on the acts of cybercriminals and 8140 focuses more on foreign intelligence agencies and foreign actors.
Collect & Operate: 8140 focuses on counterintelligence and NICE has a counter-criminal focus.
Investigate: NICE focuses on locking cybercriminals up and 8140 focuses on building developed and detailed target packages for future use.
Oversee & Govern: 8140 places more emphasis on certification because it is more “baked in” for other federal agencies.
Securely Provision: The biggest difference here is that 8140 has built out the Secret Internet Protocol Router Network, otherwise known as SIPRNet. While other federal agencies have secure networks, the heightened need for a secure network on the battlefield has given this category more emphasis for DoDD 8140.

Conclusion

Both the NICE Framework and DoDD 8140 have similar origins, but these frameworks have different focuses because their audiences are so different. DoDD 8140’s intended audience is the United States military/DoD, which has a focus on counterintelligence and foreign actors as the enemies. For the NICE Framework, the intended audience is all other federal agencies, which have cybercriminals as their adversary.

Sources

NICE Cybersecurity Framework vs 8140: What’s the Difference?, CBTNuggets
NICE Cybersecurity Workforce Framework, NICCS
DoD Directive 8140: IT Training & Certification Requirements, MilitaryBenefits.info

Posted: December 30, 2020

Greg Belding

View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.