Standards in this Framework
| Standard | Description |
|---|---|
| 127.792.d.1.e | demonstrate an understanding of ethical and legal responsibilities and ramifications in relation to the field of cybersecurity |
| 127.792.d.3.a | demonstrate and advocate for ethical and legal behaviors both online and offline among peers, family, community, and employers |
| 127.792.d.3.b | investigate and analyze local, state, national, and international cybersecurity laws such as the USA PATRIOT Act of 2001, General Data Protection Regulation, Digital Millennium Copyright Act, Computer Fraud and Abuse Act, and Health Insurance Portability and Accountability Act of 1996 (HIPAA) |
| 127.792.d.3.d | communicate an understanding of ethical and legal behavior when presented with various scenarios related to cybersecurity activities |
| 127.792.d.3.e | define and identify tactics used in an incident such as social engineering, malware, denial of service, spoofing, and data vandalism |
| 127.792.d.4.a | identify motivations and perspectives for hacking |
| 127.792.d.4.b | distinguish between types of threat actors such as hacktivists, criminals, state-sponsored actors, and foreign governments |
| 127.792.d.4.c | identify and describe the impact of cyberattacks on the global community, society, and individuals |
| 127.792.d.4.d | differentiate between industry terminology for types of hackers such as black hats, white hats, and gray hats |
| 127.792.d.4.e | determine and describe possible outcomes and legal ramifications of ethical versus malicious hacking practices |
| 127.792.d.5.a | define cyberterrorism, state-sponsored cyberterrorism, and hacktivism |
| 127.792.d.5.d | explain the role of cyber defense in protecting national interests and corporations |
| 127.792.d.5.e | explain the role of cyber defense in society and the global economy |
| 127.792.d.6.a | identify and understand the nature and value of privacy |
| 127.792.d.6.b | analyze the positive and negative implications of a digital footprint and the maintenance and monitoring of an online presence |
| 127.792.d.6.c | discuss the role and impact of technology on privacy |
| 127.792.d.6.d | identify the signs, emotional effects, and legal consequences of cyberbullying and cyberstalking |
| 127.792.d.6.e | identify and discuss effective ways to deter and report cyberbullying |
| 127.792.d.7.a | define personally identifiable information (PII) |
| 127.792.d.7.b | evaluate the risks and benefits of sharing PII |
| 127.792.d.7.c | describe the impact of granting applications unnecessary permissions such as mobile devices accessing camera and contacts |
| 127.792.d.7.d | describe the risks of granting third parties access to personal and proprietary data on social media and systems |
| 127.792.d.7.e | describe the risks involved with accepting Terms of Service (ToS) or End User License Agreements (EULA) without a basic understanding of the terms or agreements |
| 127.792.d.8.a | define cybersecurity and information security |
| 127.792.d.8.c | explain the fundamental concepts of confidentiality, integrity, and availability (CIA triad) |
| 127.792.d.8.d | describe the trade-offs between convenience and security |
| 127.792.d.8.f | identify and analyze security challenges in domains such as physical, network, cloud, and web |
| 127.792.d.8.g | define and discuss challenges faced by cybersecurity professionals such as internal and external threats |
| 127.792.d.8.h | identify indicators of compromise such as common risks, warning signs, and alerts of compromised systems |
| 127.792.d.8.i | explore and discuss the vulnerabilities of network-connected devices such as Internet of Things (IoT) |
| 127.792.d.8.j | use appropriate cybersecurity terminology |
| 127.792.d.9.a | define malware, including spyware, ransomware, viruses, and rootkits |
| 127.792.d.9.b | identify the transmission and function of malware such as trojan horses, worms, and viruses |
| 127.792.d.9.e | describe free and commercial antivirus and anti-malware software also known as Endpoint Detection and Response software |
| 127.792.d.10.a | define system hardening |
| 127.792.d.10.b | use basic system administration privileges |
| 127.792.d.10.c | explain the importance of patching operating systems |
| 127.792.d.10.d | explain the importance of software updates |
| 127.792.d.10.e | describe standard practices to configure system services |
| 127.792.d.10.f | explain the importance of backup files |
| 127.792.d.10.g | research and explain standard practices for securing computers, networks, and operating systems, including the concept of least privilege |
| 127.792.d.11.a | identify basic network devices, including routers and switches |
| 127.792.d.11.b | define network addressing |
| 127.792.d.11.c | analyze incoming and outgoing rules for traffic passing through a firewall |
| 127.792.d.11.d | identify well known ports by number and service provided, including port 22 (Secure Shell Protocol/ssh), port 80 (Hypertext Transfer Protocol/http), and port 443 (Hypertext Transfer Protocol Secure/https) |
| 127.792.d.11.e | identify commonly exploited ports and services, including ports 20 and 21 (File Transfer Protocol/ftp), port 23 (telnet protocol), and port 3389 (Remote Desktop Protocol/rdp) |
| 127.792.d.11.f | identify common tools for monitoring ports and network traffic |
| 127.792.d.12.a | define what constitutes a secure password |
| 127.792.d.12.b | create a secure password policy, including length, complexity, account lockout, and rotation |
| 127.792.d.12.c | identify methods of password cracking such as brute force and dictionary attacks |
| 127.792.d.12.d | examine and configure security options to allow and restrict access based on user roles |
| 127.792.d.13.b | explain the fundamental concepts and standard practices related to access control, including authentication, authorization, and auditing |
| 127.792.d.13.c | compare methods for single- and multi-factor authentication such as passwords, biometrics, personal identification numbers (PINs), secure tokens, and other passwordless authentication methods |
| 127.792.d.14.f | analyze the purpose of event logs and identify suspicious activity |
| 127.792.d.15.c | review and explain simple cryptography methods such as shift cipher and substitution cipher |
| 127.792.d.16.a | explain how computer vulnerabilities leave systems open to cyberattacks |
| 127.792.d.17.c | compare and contrast protocols such as HTTP versus HTTPS |
| 127.792.d.17.d | debate the broadcasting or hiding of a wireless service set identifier (SSID) |
| 127.792.d.18.a | define application security |
