The OCIO has developed a DOE-specific Essential Body of Knowledge (EBK) using DOE cybersecurity policy, industry best practices and lessons learned, and comprehensive internal needs assessments to identify fundamental cybersecurity roles and associated responsibilities. Core competencies, as identified and documented in the EBK, represent the ‘core’ skill set required of cybersecurity professionals to competently fill their roles. The OCIO has determined the following to be key cyber roles within the Department:  

  • Chief Information Officer (CIO)
  • Information Owner/Steward
  • Chief Information Security Officer (CISO)
  • Authorizing Official (AO)
  • AO Designated Representative (AODR)
  • Common Control Provider
  • Information System Owner
  • Cyber Security Program Manager (CSPM)
  • Information System Security Officer (ISSO)
  • Information Security Architect
  • Information System Security Engineer
  • Security Control Assessor  

The EBK accomplishes two important Departmental training goals:

  • defining the baseline knowledge, skills, and abilities required for key cybersecurity functional roles
  • providing foundational objectives for the development, selection, and presentation of training 

The competencies outlined in the EBK are the basis for training “modules,” that can either be integrated into course curriculum for a specific role, or used independently.