Click here to skip navigation

Data, Analysis & Documentation

CYBERSECURITY CATEGORY/SPECIALITY AREA

« Back to Data Standards
Definition: A position’s or incumbent’s substantial work role involving information technology, cybersecurity, or cyber-related work.
Data Format: Number_V
Data Length: 9
Applicability: Enterprise Human Resources Integration, Dynamics Feed
Enterprise Human Resources Integration, Status Feed
Notes: The Cybersecurity Work Role code is used to identify incumbents or positions that have information technology (IT), cybersecurity, or cyber-related work roles. Cybersecurity is an evolving area and positions may be classified in a number of different occupational series based on the nature of the work. Use of this code enables OPM and Federal agencies to identify the cybersecurity workforce, determine baseline capabilities, examine hiring trends, identify skill gaps, and more effectively recruit, hire, train, develop, and retain an effective cybersecurity workforce.

The Cybersecurity Work Role codes and definitions align to the November 2, 2016, version of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (http://csrc.nist.gov/publications/drafts/800-181/sp800_181_draft.pdf). The Framework consists of Categories (high-level groupings of common cybersecurity functions), Specialty Areas (distinct areas of cybersecurity work), and Work Roles (the most detailed groupings of IT, cybersecurity, or cyber-related work). Each Category contains Specialty Areas, each of which contains one or more Work Roles.

Assignment of a Cybersecurity Work Role code should be based upon the duties and requirements of the position. Agencies will assign the Cybersecurity Work Role code within the range of 100-999 to positions with substantial IT, cybersecurity, or cyber-related work roles. Agencies may code up to three substantial work roles per position, placing the Cybersecurity Work Role codes in the order in which the most critical work role is listed first, the next critical work role is listed next, and so on. Agencies will assign Cybersecurity Work Role code 000 to positions that do not perform IT, cybersecurity, or cyber-related work roles.

Cybersecurity Work Role codes that share the first two digits belong to the same Specialty Area. For example, Database Administrator (code 421) and Data Analyst (code 422) fall under the same Specialty Area, Data Administration. Cybersecurity Work Role codes that share the first digit belong to the same Category. For example, Database Administrator (code 421), Data Analyst (code 422), Knowledge Manager (code 431), Technical Support Specialist (code 411), Network Operations Specialist (code 441), System Administrator (code 451), and Systems Security Analyst (code 461), fall under the same Category, Operate and Maintain.

A visual reference showing the hierarchy of Categories, Specialty Areas, and Work Roles/Cybersecurity Work Role codes, can be found in Table 1 of the Federal Cybersecurity Coding Structure (http://csrc.nist.gov/nice/framework/opm_codes/OPM.pdf).
Valid Values: Current Values
Past Values