The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially rolled out the NICE Workforce Framework Version 2.0.0, introducing transformative updates to how cybersecurity work roles, skills, and competencies are defined and mapped across industries. Released on March 5, 2025, this major update reflects the evolving nature of the cybersecurity landscape and the growing demand for a flexible, responsive workforce.
The NICE (National Initiative for Cybersecurity Education) Framework serves as the gold standard for describing cybersecurity work, enabling organizations in government, private sector, and academia to communicate effectively about roles, capabilities, and talent development.
Key Updates in NICE Workforce Framework Version 2.0.0
1. Removal of Two Work Role Categories
The biggest shift in Version 2.0.0 is the removal of the Cyberspace Effects and Cyberspace Intelligence categories—along with their 12 associated work roles. These categories, often tied to military and intelligence domains, will now be solely maintained by the Department of Defense (DoD) Cyber Workforce Framework (DCWF), separating them from the civilian-focused NICE Framework.
2. Introduction of New Work Role: OT Cybersecurity Engineering
In response to the increasing cybersecurity challenges in industrial control systems, a new role—Operational Technology (OT) Cybersecurity Engineering (DD-WRL-009)—has been added. This role focuses on designing secure systems within industrial environments, ensuring safety, reliability, and resilience against cyber threats.
3. Updates to Existing Work Roles
Two significant updates include:
- Digital Evidence Analysis (IN-WRL-002)
- Insider Threat Analysis (PD-WRL-005)
These roles now feature enhanced task, knowledge, and skill (TKS) statements to better align with current industry requirements and improve clarity.
4. Expansion of Cyber Resiliency Competency
The Cyber Resiliency (NF-COM-007) competency area now contains 56 knowledge and 67 skill statements—22 of which are entirely new, strengthening the framework’s emphasis on resilience in cyber operations.
Administrative Refinements and Total Framework Adjustments
In addition to functional updates, Version 2.0.0 includes numerous editorial changes, such as:
- Corrected spelling and grammar issues across 14 statements
- Elimination of duplicate entries
- Overall streamlining of the framework for usability
These changes resulted in:
- 111 new TKS statements added
- 275 outdated or redundant statements removed
- A net adjustment from 2,275 to 2,111 total TKS statements
Transition Period and Platform Updates
While Version 2.0.0 is now officially published, the interactive tools on the NICCS website—including the Mapping Tool, Education & Training Catalog, and Career Pathways—are still based on Version 1.0.0 as updates are underway. Training providers are encouraged to contact NICCS@mail.cisa.dhs.gov to remap course content based on the new framework.
It’s important to note that this update is considered “major” and breaks backward compatibility with the previous version, potentially impacting systems, HR tools, and training curricula using earlier versions.
Implications for the Cybersecurity Ecosystem
The NICE Workforce Framework Version 2.0.0 marks a strategic evolution toward building a future-ready cybersecurity workforce. Organizations can now:
- Align hiring and talent development to updated, standardized roles
- Improve clarity in job descriptions and career progression
- Support skills-based hiring practices with clearer definitions of capabilities
By adapting to these changes, public and private sector employers can enhance recruitment, training, and workforce planning efforts in line with national cybersecurity goals.
A Stronger Framework for a Resilient Cyber Future
The release of NICE Workforce Framework Version 2.0.0 reflects CISA’s commitment to advancing cybersecurity education and workforce alignment. With modernized roles, refined competencies, and an emphasis on operational technology and resiliency, the framework empowers organizations to respond to emerging threats with a skilled, agile workforce.
As cybersecurity continues to evolve, tools like NICE will remain crucial in shaping how we prepare professionals to protect digital infrastructure in every sector.
