NSA/DHS National Centers of Academic Excellence in Cyber Defense (CD) Knowledge Units.(22)
Students pursuing degrees in these programs must also accumulate knowledge units. The framework of Knowledge Units (KUs) and Focus Areas (FAs) was chosen to make the requirements easier to update in the future and to allow differentiation amongst the schools by recognizing the specific areas in which they focus their research and/or educational offerings (e.g., Digital Forensics, Systems Security Engineering, Secure Software Development). New academic requirements are based on knowledge units composed of:
2 year programs (with technical or applied emphasis)
4 year + programs (with technical or applied emphasis)
CORE Knowledge Units (2 year programs)
Basic Data Analysis
Basic Scripting or Introductory Programming (4 yr core)
Cyber Defense
Cyber Threats
Fundamental Security Design Principles
IA Fundamentals
Intro to Cryptography
IT Systems Components
Networking Concepts
Policy, Legal, Ethics, and Compliance
System Administration
CORE Knowledge Units (4+year programs + 2 year core)
Databases
Network Defense
Networking Technology and Protocols
Operating Systems Concepts
Probability and Statistics
Programming
Optional Knowledge Units
Advanced Cryptography
Advanced Network Technology and Protocols
Algorithms
Analog Telecommunications
Cloud Computing
Cybersecurity Planning and Management
Data Administration
Data Structures
Database Management Systems
Digital Communications
Digital Forensics
Device Forensics
Host Forensics
Media Forensics
Network Forensics
Embedded Systems
Forensic Accounting
Formal Methods
Fraud Prevention and Management
Hardware Reverse Engineering
Hardware/Firmware Security
IA Architectures
IA Compliance
IA Standards
Independent/Directed Study/Research
Industrial Control Systems
Intro to Theory of Computation
Intrusion Detection
Life-Cycle Security
Low Level Programming
Mobile Technologies
Network Security Administration
Operating Systems Hardening
Operating Systems Theory
Overview of Cyber Operations
Penetration Testing
QA / Functional Testing
RF Principles
Secure Programming Practices
Security Program Management
Security Risk Analysis
Software Assurance
Software Reverse Engineering
Software Security Analysis
Supply Chain Security
Systems Programming
Systems Certification and Accreditation
Systems Security Engineering
Virtualization Technologies
Vulnerability Analysis
Wireless Sensor Networks
Basic Data Analysis The intent of this Knowledge Unit is to provide students with basic abilities to manipulate data into meaningful information. Topics:
Summary Statistics
Graphing / Charts
Spreadsheet Functions
Problem solving
Basic Scripting The intent of this Knowledge Unit is to provide students with the ability to create simple scripts/programs to automate and perform simple operations. This knowledge should include basic security practices in developing scripts/programs (e.g., bounds checking, input validation). Topics:
Basic Security, Bounds checking, input validation
Program Commands
Program Control Structures
Variable Declaration
Debugging
Scripting Language (e.g. PERL, Python, BASH, VB Scripting, Powershell)
Basic Boolean logic/operations. AND / OR / XOR / NOT
Cyber Defense The intent of this Knowledge Unit is to provide students with a basic awareness of the options available to mitigate threats within a system. Topics:
Network mapping (enumeration and identification of network components)
Network security techniques and components, Access controls, flow control, cryptography, firewalls, intrusion detection systems, etc.
Applications of Cryptography
Malicious activity detection/forms of attack
Appropriate Countermeasures
Trust relationships
Defense in Depth, Layering of security mechanisms to achieve desired security
Patching, OS and Application Updates
Vulnerability Scanning
Vulnerability Windows (0-day to patch availability)
Cyber Threats The intent of this Knowledge Unit is to provide students with basic information about the threats that may be present in the cyber realm. Topics:
Adversaries and targets
Motivations and Techniques
The Adversary Model (resources, capabilities, intent, motivation, risk aversion, access)
Types of Attacks, Password guessing/cracking, Backdoors/Trojans/viruses/wireless attacks, Sniffing/spoofing/session hijacking, Denial of service/distributed DOS/BOTs, MAC spoofing/web app attacks/0-day exploits and the vulnerabilities that enable them
Attack Timing (within x minutes of being attached to the net)
Social Engineering
Events that indicate an attack is/has happened
Legal Issues
Attack surfaces/vectors
Attack trees
Insider problem
Covert Channels
Threat Information Sources (e.g., CERT)
Fundamental Security Design Principles The intent of this Knowledge Unit is to provide students with basic security design fundamentals that help create systems that are worthy of being trusted. Topics:
Separation (of domains)
Isolation
Encapsulation
Least Privilege
Simplicity (of design)
Minimization (of implementation)
Fail Safe Defaults / Fail Secure
Modularity
Layering
Least Astonishment
Open Design
Usability
IA Fundamentals The intent of this Knowledge Unit is to provide students with basic concepts of information assurance fundamentals. Topics:
Threats and Adversaries
Vulnerabilities and Risks
Basic Risk Assessment
Security Life-Cycle
Intrusion Detection and Prevention Systems
Cryptography
Data Security (in transmission, at rest, in processing)
Security Models
Access Control Models (MAC, DAC, RBAC)
Confidentiality, Integrity, Availability, Access, Authentication, Authorization, Non-Repudiation, Privacy
Security Mechanisms (e.g., Identification/Authentication, Audit)
Intro to Cryptography The intent of this Knowledge Unit is to provide students with a basic ability to understand where and how cryptography is used. Topics:
Symmetric Cryptography (DES, Twofish)
Public Key Cryptography, Public Key Infrastructure, Certificates
Hash Functions (MD4, MD5, SHA-1, SHA-2, SHA-3), For integrity, For protecting authentication data, Collision resistance
Digital Signatures (Authentication)
Key Management (creation, exchange/distribution)
Cryptographic Modes (and their strengths and weaknesses)
Types of Attacks (brute force, chosen plaintext, known plaintext, differential and linear cryptanalysis, etc.)
Common Cryptographic Protocols
DES -> AES(evolution from DES to AES)
Security Functions (data protection, data integrity, authentication)
IT System Components The intent of this Knowledge Unit is to provide students with an understanding of the basic components in an information technology system and their roles in system operation. Topics:
Workstations
Servers
Network Storage Devices
Routers / Switches / Gateways
Guards / CDSes / VPNs / Firewalls
IDSes, IPSes
Mobile Devices
Peripheral Devices / Security Peripherals
Networking Concepts The intent of this Knowledge Unit is to provide students with basic understanding of network components and how they interact. Topics:
Overview of Networking (OSI Model)
Network Media
Network architectures (LANs, WANs)
Network Devices (Routers, Switches, VPNs, Firewalls)
Network Services
Network Protocols (TCP/IP, HTTP, DNS, SMTP, UDP)
Network Topologies
Overview of Network Security Issues
Policy, Legal, Ethics and Compliance The intent of this Knowledge Unit is to provide students with and understanding of information assurance in context and the rules and guidelines that control them. Topics:
HIPAA / FERPA
Computer Security Act
Sarbanes –Oxley
Gramm –Leach –Bliley
Privacy (COPPA)
Payment Card Industry Data Security Standard (PCI DSS)
State, US and international standards / jurisdictions
Laws and Authorities
US Patriot Act
BYOD issues
Americans with Disabilities Act, Section 508
Systems Administration The intent of this Knowledge Unit is to provide students with skill to perform basic operations involved in system administration. Topics:
OS Installation
User accounts management
Password policies
Authentications Methods
Command Line Interfaces
Configuration Management
Updates and patches
Access Controls
Logging and Auditing (for performance and security)
Managing System Services
Virtualization
Backup and Restoring Data
File System Security
Network Configuration (port security)
Host (Workstation/Server) Intrusion Detection
Security Policy Development
Databases The intent of this Knowledge Unit is to teach students how database systems are used, managed, and issues associated with protecting the associated data assets. Topics:
Relational Databases
No SQL Databases
Object Based vs. Object Oriented
Overview of Database Vulnerabilities
Overview of Database topics/issues (indexing, inference, aggregation, polyinstantiation)
Hashing and Encryption
Database access controls (DAC, MAC, RBAC, Clark-Wilson)
Information flow between databases/servers and applications
Database security models
Security issues of inference and aggregation
Common DBMS vulnerabilities
Network Defense The intent of this Knowledge Unit is to teach students the techniques that can be taken to protect a network and communication assets from cyber threats. Topics:
Implementing IDS/IPS
Implementing Firewalls and VPNs
Defense in Depth
Honeypots and Honeynets
Network Monitoring
Network Traffic Analysis
Minimizing Exposure (Attack Surface and Vectors)
Network Access Control (internal and external)
DMZs / Proxy Servers
Network Hardening
Mission Assurance
Network Policy Development and Enforcement
Network Operational Procedures
Network Attacks (e.g., session hijacking, Man-in-the-Middle)
Network Technology and Protocols The intent of this Knowledge Unit is to provide students with an understanding of the components in a network environment, their roles, and communication methods. Topics:
Network Architectures
Networks Infrastructure
Network Services
Network Protocols (TCP/IP –v4 and v6, DNS, HTTP, SSL, TLS)
Network Address Translation and Sub-netting
Network Analysis/Troubleshooting
Network Evolution (Change Management, BYOD)
Remote and Distributed Management
Operating Systems Concepts The intent of this Knowledge Unit is to provide students with an understanding of the roles of an operating system, its basic functions, and the services provided by the operating system. Topics:
Privileged and non-privileged states
Processes and Threads (and their management)
Memory (real, virtual, and management)
Files Systems
Access Controls (Models and Mechanisms), Access control lists
Virtualization / Hypervisors
Fundamental Security Design Principles as applied to an OS, Domain separation, process isolation, resource encapsulation, least privilege
Probability and Statistics The intent of this Knowledge Unit is to provide students with the ability to use basic statistics to analyze and attach meaning to datasets. Topics:
Probability as a concept
Random variables/events
Odds of an event happening
Data Interpretation
Statistical Problem Solving
Probability Distributions
Programming The intent of this Knowledge Unit is to provide students with the skills necessary to implement algorithms using programming languages to solve problems. Topics:
Programming Language, such as: C
Programming constructs and concepts variables, strings, assignments, sequential execution, loops, functions.
Security issues, such as type checking and parameter validation.
Basic Boolean logic/operations. AND/OR/XOR/NOT
Optional Knowledge Units
Advanced Cryptography The intent of this Knowledge Unit is to provide students with knowledge of cryptographic algorithms, protocols, and their uses in the protection of information in various states. Topics:
Number Theory
Probability and Statistics
Understanding of the major algorithms (AES, RSA, EC)
Suite B Algorithms
Understanding of the families of attacks (differential, man-in-the-middle, linear, etc.)
Hashing and Signatures
Key Management
Modes and appropriate uses
Classical Cryptanalysis (a la Konheim)
Identity-based Cryptography
Digital Signatures
Virtual Private Networks
Quantum Key Cryptography
Advanced Network Technology & Protocols The intent of this Knowledge Unit is to provide students with an understanding of the latest network technologies and more complex security issues involved in network communications. Examples include (but not limited to) software defined networking, converged voice/data networking. Topics:
Routing algorithms and protocols
Software Defined Networking, Principles, protocols, implications
IPv6 Networking Suite
BGP
Quality of Service
Network Services
Social Networks
Network Topologies
Voice over IP (VoIP)
Multicasting
Advanced Network Security Topics, Secure DNS, Network Address Translation, Deep Packet Inspection, Transport Layer Security
Algorithms The intent of this Knowledge Unit is to provide students with the ability to select and apply algorithms to solve specific problems and to analyze the effectiveness of algorithms in context. Topics:
Algorithm Analysis
Computational Complexity
Best/Worst/Average Case Behavior
Optimization
Searching/Sorting
Analog Telecommunications Systems The intent of this Knowledge Unit is to provide students with a basic knowledge of the architectures and issues associated with analog communications systems. Topics:
Signaling Methods
Architecture
Trunks, Switching
Grade of Service
Blocking
Call Arrival Models
Interference Issues
Cloud Computing The intent of this Knowledge Unit is to provide students with a basic understanding of the technologies and services that enable cloud computing, different types of cloud computing models and the security and legal issues associated with cloud computing. Topics:
Virtualization platforms
Cloud Services, SaaS, PaaS, DaaS, IaaS
Service Oriented Architectures
Deployment Models private, public, community, hybrid
Security
Storage
Legal/Privacy Issues
Cybersecurity Planning and Management The intent of this Knowledge Unit is to provide students with the ability to develop plans and processes for a holistic approach to cybersecurity for an organization. Topics:
CBK
Operational, Tactical, Strategic Plan and Management
Business Continuity / Disaster Recovery
C-Level Functions
Making Cybersecurity a strategy (part of core organizational strategy)
Change control
Data Administration The intent of this Knowledge Unit is to provide students with methods to protect the confidentiality, integrity, and availability of data throughout the data life cycle. Topics:
Big Data
Hadoop/Mongo DB/HBASE
Data Policies
Data Quality
Data Ownership
Data Warehousing
Long Term Archival
Data Validation
Data Security (access control, encryption)
Data Structures The intent of this Knowledge Unit is to provide students with an understanding of the basic abstract data types, associated operations and applying them to solve problems. Topics:
Strings, Lists, Vectors, Arrays
Heaps, Queues, Stacks, Buffers
Searching and Sorting
Trees
Data Formats
Database Management Systems The intent of this Knowledge Unit is to provide students with the skills to utilize database management system to solve specific problems. Topics:
Overview of database types (e.g., flat, relational, network, object-oriented)
SQL (for queries)
Advanced SQL (for DBMS administration –e.g., user creation/deletion, permissions and access controls)
Indexing, Inference, Aggregation, Polyinstantiation
How to protect data (confidentiality, integrity and availability in a DBMS context)
Vulnerabilities (e.g., SQL injection)
Digital Communications The intent of this Knowledge Unit is to provide students with knowledge of the protocols and methodologies used in modern digital communications systems. Topics:
Components of a digital communications system
Digital Signaling
Spread Spectrum Signals
Multi-User Communication Access Techniques, CDMA, TDMA, FDMA, SDMA, PDMA
Digital Forensics The intent of this Knowledge Unit is to provide students with the skills to apply forensics techniques throughout an investigation life cycle with a focus on complying with legal requirements. Topics:
Legal Compliance, Applicable Laws, Affidavits, How to Testify, Case Law, Chain of custody
Digital Investigations, E-Discovery, Authentication of Evidence, Chain of Custody Procedures, Metadata, Root Cause Analysis, Using Virtual Machines for Analysis
Host Forensics The intent of this Knowledge Unit is to provide students with the ability to apply forensics techniques to investigate and analyze a host in a network. Topics:
File Systems and File System Forensics
Hypervisor Analysis
Registry Analysis
Cryptanalysis
Rainbow Tables
Steganography
Networking Concepts, Services, Protocols
Operating Systems Concepts
Live System Investigations
(Must include hands-on activities)
Device Forensics The intent of this Knowledge Unit is to provide students with the ability to apply forensics techniques to investigate and analyze a device. Topics:
Mobile Device Analysis
Tablets
SmartPhones
GPS
(Must include hands-on activities)
Media Forensics The intent of this Knowledge Unit is to provide students with the ability to apply forensics techniques to investigate and analyze a particular media in context. Topics:
Drive Acquisition
Authentication of Evidence, Verification and Validation, Hashes
Metadata
Live vs. Static Acquisition
Sparse vs. Full Imaging
Slack Space
Hidden Files/clusters/partitions
(Must include hands-on activities)
Network Forensics The intent of this Knowledge Unit is to provide students with the ability apply forensics techniques to investigate and analyze network traffic. Topics:
Packet Capture and Analysis
Intrusion Detection and Prevention
Interlacing of device and network forensics
Log-file Analysis
Forensic Imaging and Analysis
(Must include hands-on activities)
Embedded Systems The intent of this Knowledge Unit is to provide students with the ability to develop applications that run on embedded devices while complying with device constraints. Topics:
Real-time Operating Systems
Microcontroller architectures
Interrupt handling and timing issues
Resource management in real time systems
C Programming
Java, JavaScript or some other runtime programming environment
Forensic Accounting The intent of this Knowledge Unit is to provide students with the ability to apply forensics techniques to respond to and investigate financial incidents. Topics:
Investigative Accounting
Fraudulent Financial Reporting
Misappropriation of Assets
Indirect Methods of Reconstructing Income
Money Laundering
Transnational financial flows
Litigation services
Evidence Management
Economic Damages and Business Valuations
Formal Methods The intent of this Knowledge Unit is to provide students with a basic understanding of how mathematical logic can be applied to the design of secure systems. Topics:
Concept of Formal Methods
Mathematical Logic
Applications, Role in system design, Role in software engineering
Limitations
Bell-LaPadula (as an example formal model)
Automated Reasoning Tools
System Modeling and Specification
Proofs and Verification
Fraud Prevention and Management The intent of this Knowledge Unit is to provide students with the necessary knowledge to develop plans and processes for a holistic approach to preventing and mitigating fraud throughout the system lifecycle. Topics:
Symptom Recognition
Data Driven Detection
Investigation ofTheft
Concealment
Conversion Methods
Inquiry and Reporting
Financial, Revenue and Inventory
Liability and inadequate disclosure
Consumer fraud
Hardware Reverse Engineering The intent of this Knowledge Unit is to provide students with an introduction to the basic procedures necessary to perform reverse engineering of hardware components to determine their functionality, inputs, outputs, and stored data. Topics:
Principles of Reverse Engineering, Stimulus, Data Collection, Data Analysis, Specification development, Capability Enhancement/Modification Techniques, Detecting Modification
Stimulation Methods/Instrumentation (probing and measurement)
JTAG IEEE 1149.1
Defining and Enumerating Interfaces
Functional Decomposition
Hardware/Firmware Security The intent of this Knowledge Unit is to provide students with an understanding of the diverse components in hardware/firmware, their roles, and the associated security concerns. Topics:
Microcode
Firmware
Hardware Abstraction Layers
Virtualization Layers
IA Architectures The intent of this Knowledge Unit is to provide students with an understanding of common security architectures for the protection of information systems and data. Topics:
Defense in Depth
DMZs
Proxy Servers
Composition and Security
Cascading
Emergent Properties
Dependencies
TCB Subsets
Enterprise Architectures / Security Architectures
Secure network design
IA Compliance The intent of this Knowledge Unit is to provide students with an understanding of the rules, regulations and issues related to compliance with applicable laws and regulations. Topics:
HIPAA
Sarbanes Oxley
FERPA
Data Breach Disclosure Laws
FISMA
Gramm Leach Bliley
PCI DSS
IA Standards The intent of this Knowledge Unit is to provide students with an understanding of the common standards related to information assurance. Topics:
HIPAA
FERPA
Sarbanes-Oxley
Understanding appropriate commercial standards
Knowing which standards apply to specific situations
Rainbow Series
Independent Study Directed Study Special Topics Advanced Topics The intent of this Knowledge Unit is to provide credit for courses that address emerging issues related to information assurance and cyber defense. Courses focused on emerging technologies and their security relevant issues or new Tools, Techniques and Methods related to IA/Cyber Defense (this “wild-card” Knowledge Unit allows any school to submit an IA/Cyber Defense course for credit towards satisfying the academic requirements to be designated as a CAE. It will be up to the on-site review process to validate if the course is worthy of credit.)
Industrial Control Systems The intent of this Knowledge Unit is to provide students with an understanding of the basics of industrial control systems, where they are likely to be found, and vulnerabilities they are likely to have. Topics:
SCADA Firewalls
Hardware Components
Programmable Logic Controllers (PLCs)
Protocols (MODBUS, PROFINET, DNP3, OPC, ICCP, SERIAL)
Networking (RS232/485, ZIGBEE, 900MHz, BlueTooth, X.25)
Types of ICSs (e.g., power distribution systems, manufacturing)
Models of ICS systems (time driven vs. event driven)
Common Vulnerabilities in Critical Infrastructure