Virginia Becomes First State to Adopt NIST Cybersecurity (NICE) Framework

Attempts to fill 36,000 cybersecurity position shortfall.

Virginia just became the first state to adopt the NIST National Initiative for Cyber Security Education (NICE) Framework and is the first state to officially endorse the guideline. This action follows recent action by New York, which as of August 28, 2017 requires covered entities to be in compliance with the first phase of their cyber regulations.

Virginia is leveraging NICE to create a common lexicon for cybersecurity as it attempts to meet their unfilled 36,000 cybersecurity jobs. Virginia State falls in the same category as many other organizations unable to staff up to meet their cybersecurity program demands. A recent Rsam poll discovered that only 12% of information security pros surveyed said they strongly agreed they were sufficiently staffed to manage their cybersecurity program. While staffing for cybersecurity continues to be an issue, the Rsam poll also discovered that more than half of respondents said less than 20% of their cybersecurity program was automated.

NIST Special Publication 800-181 — serves as a fundamental reference resource for describing and sharing information about cybersecurity work and the knowledge, skills, and abilities (KSAs) needed to complete tasks that can strengthen the cybersecurity posture of an organization. As a common, consistent lexicon that categorizes and describes cybersecurity work, the NICE Framework improves communication about how to identify, recruit, develop, and retain cybersecurity talent.

The NICE Framework serves several key audiences within the cybersecurity community including:

  • Employers, to help assess their cybersecurity workforce, identify critical gaps in cybersecurity staffing, and improve position descriptions;
  • Current and future cybersecurity workers, to help explore Tasks and Work Roles and assist with understanding the KSAs that are being valued by employers for in-demand cybersecurity jobs and positions. The NICE Framework also enables staffing specialists and guidance counselors to use the NICE Framework as a resource to support these employees or job seekers;
  • Training and certification providers seeking to help current and future members of the cybersecurity workforce gain and demonstrate the KSAs;
  • Education providers who use the NICE Framework as a reference to develop curriculum, courses, seminars, and research that cover the KSAs and Tasks described; and
  • Technology providers who can identify cybersecurity Work Roles and specific Tasks and KSAs associated with the services and hardware/software products they supply.