The OCIO has developed a DOE-specific Essential Body of Knowledge (EBK) using DOE cybersecurity policy, industry best practices and lessons learned, and comprehensive internal needs assessments to identify fundamental cybersecurity functional roles and associated responsibilities. Core competencies have been identified and documented in the EBK that represent the ‘core’ skill set needed by cybersecurity professionals to adequately fulfill their functional roles. Further, the OCIO has determined the following roles to be key functional cyber roles within the Department: Chief Information Officer (CIO), Information Owner/Steward, Chief Information Security Officer (CISO), Authorizing Official (AO), AO Designated Representative (AODR), Common Control Provider, Information System Owner, Cyber Security Program Manager (CSPM), Information System Security Officer (ISSO), Information Security Architect, Information System Security Engineer, and the Security Control Assessor.
The EBK accomplishes two important Departmental training goals:
- defining the baseline knowledge, skills, and abilities required for key cybersecurity functional roles, and
- providing the foundational objectives for the development, selection, and presentation of training.
The competencies outlined in the EBK become the basis for training “modules” that can be fit into the specific course curriculum for each key role and can be presented independently to other staff with significant impact on the security of information systems.