Back

Cybersecurity Assessment Rubric

All competencies and learning outcomes are listed here, but note that only Essential learning outcomes have rubrics. Competencies do not have rubrics, and supplemental learning outcomes do not have rubrics.

CC-01 [Essential] Outline via appropriate methods, and using industry-standard terminology, cybersecurity-related issues within an organization as they pertain to Confidentiality, Integrity, and Availability. [Analyzing]


CC-02 [Essential] Assess and respond appropriately to various risks which can affect the expected operation of information systems. [Evaluating]


CC-03 [Essential] Investigate current and emerging cyberthreats and incorporate best practices to mitigate them. [Applying]


CC-04 [Essential] Apply appropriate countermeasures to help protect organizational resources based on an understanding of how bad actors think and operate. [Applying]


CC-05 [Essential] Discuss how changes in one part of a system may impact other parts of a cybersecurity ecosystem. [Understanding]


DAT-E01 [Essential] Implement data security by selecting appropriate cryptographic procedures, algorithms, and tools based on security policy and level of risk in an organization. [Applying]


DAT-E02 [Essential] Discuss forensically sound collection and acquisition of digital evidence. [Understanding]


DAT-E03 [Essential] Apply principles, processes, tools and techniques used in mitigating security threats and responding to security incidents. [Applying]


DAT-E04 [Essential] Use appropriate levels of authentication, authorization, and access control to ensure data integrity and security for information systems and networks. [Applying]


DAT-E05 [Essential] Infer gaps in data security considering current and emerging technologies and the current state and prevailing trends in cybercrime. [Understanding]


DAT-S01 [Supplemental] Perform a forensic analysis on a local network, on stored data within a system as well as mobile devices for an enterprise environment. [Applying]


DAT-S02 [Supplemental] Outline complex technical concepts to technical and non-technical audiences as they relate to data security. [Analyzing]


DAT-LO-E01 [Essential] Analyze which cryptographic protocols, tools, and techniques are appropriate for providing confidentiality, data protection, data integrity, authentication, non-repudiation, and obfuscation. [Analyzing]

Emerging Standard
Summarize cryptographic protocols, tools, and techniques. [Understanding]
Developed Standard
Analyze which cryptographic protocols, tools, and techniques are appropriate for providing confidentiality, data protection, data integrity, authentication, non-repudiation, and obfuscation. [Analyzing]
Highly Developed Standard
Justify which cryptographic protocols, tools, and techniques are appropriate for providing confidentiality, data protection, data integrity, authentication, non-repudiation, and obfuscation for a given scenario. [Evaluating]

DAT-LO-E02 [Essential] Apply symmetric and asymmetric algorithms as appropriate for a given scenario. [Applying]

Emerging Standard
Explain symmetric and asymmetric algorithms. [Understanding]
Developed Standard
Apply symmetric and asymmetric algorithms as appropriate for a given scenario. [Applying]
Highly Developed Standard
Compare the tradeoffs of symmetric and asymmetric algorithms for a given scenario. [Analyzing]

DAT-LO-E03 [Essential] Investigate hash functions for checking integrity and protecting authentication data. [Applying]

Emerging Standard
Explain hash functions for checking integrity and protecting authentication data. [Understanding]
Developed Standard
Investigate hash functions for checking integrity and protecting authentication data. [Applying]
Highly Developed Standard
Examine hash functions for checking integrity and protecting authentication data. [Analyzing]

DAT-LO-E04 [Essential] Use historical ciphers, such as shift cipher, affine cipher, substitution cipher, Vigenere cipher, ROT-13, Hill cipher, and Enigma machine simulator, to encrypt and decrypt data. [Applying]

Emerging Standard
Describe some historical ciphers. [Understanding]
Developed Standard
Use historical ciphers, such as shift cipher, affine cipher, substitution cipher, Vigenere cipher, ROT-13, Hill cipher, and Enigma machine simulator, to encrypt and decrypt data. [Applying]
Highly Developed Standard
Contrast historical ciphers, such as shift cipher, affine cipher, substitution cipher, Vigenere cipher, ROT-13, Hill cipher, and Enigma machine, for encrypting and decrypting data. [Analyzing]

DAT-LO-S01 [Supplemental] Compare the benefits and drawbacks of applying cryptography in hardware vs software. [Analyzing]


DAT-LO-S02 [Supplemental] Demonstrate the importance of mathematical theory in the application of cryptography. [Understanding]


DAT-LO-S03 [Supplemental] Deduce minimum key strength for symmetric algorithms to be effective. [Analyzing]


DAT-LO-S04 [Supplemental] Contrast trust models in PKI, such as hierarchical, distributed, bridge,and web of trust. [Analyzing]


DAT-LO-S05 [Supplemental] Explain how symmetric and asymmetric encryption are used in tandem to secure electronic communications and transactions, such as cryptocurrencies and other crypto assets. [Understanding]


DAT-LO-S06 [Supplemental] Apply symmetric and asymmetric cryptography, such as DES, Twofish, AES, RSA, ECC, and DSA for a given scenario. [Applying]


DAT-LO-E05 [Essential] Discuss the concept, need, and value of digital forensics. [Understanding]

Emerging Standard
Define the concept of digital forensics. [Remembering]
Developed Standard
Discuss the concept, need, and value of digital forensics. [Understanding]
Highly Developed Standard
Illustrate the concept, need, and value of digital forensics. [Applying]

DAT-LO-E06 [Essential] Describe components of a digital investigation, sources of digital evidence, limitations of forensics, and ethical considerations. [Understanding]

Emerging Standard
Recognize components of a digital investigation, sources of digital evidence, and limitations of forensics. [Remembering]
Developed Standard
Describe components of a digital investigation, sources of digital evidence, limitations of forensics, and ethical considerations. [Understanding]
Highly Developed Standard
Debate sources of digital evidence, limitations of forensics, and ethical considerations. [Evaluating]

DAT-LO-E07 [Essential] Discuss key rules, laws, policies, and procedures that impact digital forensics. [Understanding]

Emerging Standard
List key rules, laws, policies, and procedures that impact digital forensics. [Remembering]
Developed Standard
Discuss key rules, laws, policies, and procedures that impact digital forensics. [Understanding]
Highly Developed Standard
Debate key rules, laws, policies, and procedures that impact digital forensics. [Evaluating]

DAT-LO-E08 [Essential] Explain how to preserve the chain of custody for digital evidence. [Understanding]

Emerging Standard
State the purpose of the chain of custody for digital evidence. [Remembering]
Developed Standard
Explain how to preserve the chain of custody for digital evidence. [Understanding]
Highly Developed Standard
Carry out the steps necessary to preserve the chain of custody for digital evidence. [Applying]

DAT-LO-E09 [Essential] Perform fundamental incident response functions including detecting, responding, and recovering from security incidents. [Applying]

Emerging Standard
Describe fundamental incident response functions including detecting, responding, and recovering from security incidents. [Understanding]
Developed Standard
Perform fundamental incident response functions including detecting, responding, and recovering from security incidents. [Applying]
Highly Developed Standard
Integrate fundamental incident response functions including detecting, responding, and recovering from security incidents. [Analyzing]

DAT-LO-S07 [Supplemental] Demonstrate the benefits of digital forensic readiness and planning. [Understanding]


DAT-LO-S08 [Supplemental] Examine legal issues, authorities, and processes related to digital evidence. [Analyzing]


DAT-LO-S09 [Supplemental] Describe the role and ethical responsibilities of a forensic examiner. [Understanding]


DAT-LO-S10 [Supplemental] Outline a variety of digital forensic tools (open source vs. closed source) and their limits. [Analyzing]


DAT-LO-S11 [Supplemental] Describe digital forensics investigative procedures, such as identification of evidence, collection and preservation of evidence, timelines, reporting, chain of custody, and authentication of evidence. [Understanding]


DAT-LO-S12 [Supplemental] Carry out forensically sound acquiring and handling of digital evidence following chain of custody best practices. [Applying]


DAT-LO-S13 [Supplemental] Analyze digital evidence from non-PC devices, such as smartphones, tablets, GPS, game consoles, Smart TVs, and IoT devices. [Analyzing]


DAT-LO-S14 [Supplemental] Apply documentation techniques and reporting of findings using industry standard and technically accurate terminology and format. [Applying]


DAT-LO-S15 [Supplemental] Outline complex technical concepts and processes so that they are easily understood by non-technical audiences. [Analyzing]


DAT-LO-S16 [Supplemental] Carry out verification and validation of evidence during forensic acquisition, preservation, and analysis, including the use of hashes. [Applying]


DAT-LO-S17 [Supplemental] Summarize the best practices in collecting and isolating mobile devices when part of digital evidence. [Understanding]


DAT-LO-E10 [Essential] Contrast the concepts and techniques to achieve data integrity, authentication, authorization, and access control. [Analyzing]

Emerging Standard
Describe the concepts and techniques to achieve authentication, authorization, access control, and data integrity. [Understanding]
Developed Standard
Contrast the concepts and techniques to achieve data integrity, authentication, authorization, and access control. [Analyzing]
Highly Developed Standard
Justify the concepts and techniques to achieve authentication, authorization, access control, and data integrity. [Evaluating]

DAT-LO-E11 [Essential] Summarize the benefits and challenges of multifactor authentication. [Understanding]

Emerging Standard
Recognize the benefits and challenges of multifactor authentication. [Remembering]
Developed Standard
Summarize the benefits and challenges of multifactor authentication. [Understanding]
Highly Developed Standard
Illustrate the benefits and challenges of multifactor authentication. [Applying]

DAT-LO-E12 [Essential] Execute one or more password attack techniques, such as dictionary attacks, brute force attacks, rainbow table attacks, phishing and social engineering, malware-based attacks, spidering, off-line analysis, and password cracking tools. [Applying]

Emerging Standard
Explain one or more password attack techniques, such as dictionary attacks, brute force attacks, rainbow table attacks, phishing and social engineering, malware-based attacks, spidering, off-line analysis, and password cracking tools. [Remembering]
Developed Standard
Execute one or more password attack techniques, such as dictionary attacks, brute force attacks, rainbow table attacks, phishing and social engineering, malware-based attacks, spidering, off-line analysis, and password cracking tools. [Applying]
Highly Developed Standard
Examine one or more password attack techniques, such as dictionary attacks, brute force attacks, rainbow table attacks, phishing and social engineering, malware-based attacks, spidering, off-line analysis, and password cracking tools. [Analyzing]

DAT-LO-E13 [Essential] Apply basic functions associated with storing sensitive data, such as cryptographic hash functions, salting, iteration count, password-based key derivation, and password managers. [Applying]

Emerging Standard
Summarize basic functions associated with storing sensitive data, such as cryptographic hash functions, salting, iteration count, password-based key derivation, and password managers. [Understanding]
Developed Standard
Apply basic functions associated with storing sensitive data, such as cryptographic hash functions, salting, iteration count, password-based key derivation, and password managers. [Applying]
Highly Developed Standard
Analyze basic functions associated with storing sensitive data, such as cryptographic hash functions, salting, iteration count, password-based key derivation, and password managers. [Analyzing]

DAT-LO-S18 [Supplemental] Implement multifactor authentication using tools and techniques, such as cryptographic tokens, cryptographic devices, biometric authentication, one-time passwords, and knowledge-based authentication. [Applying]


DAT-LO-S19 [Supplemental] Illustrate the use of cryptography to provide data integrity, such as message authentication codes, digital signatures, authenticated encryption, and hash trees. [Applying]


DAT-LO-E14 [Essential] Describe access control best practices, such as separation of duties, job rotation, and clean desk policy. [Understanding]

Emerging Standard
Recognize access control best practices, such as separation of duties, job rotation, and clean desk policy. [Remembering]
Developed Standard
Describe access control best practices, such as separation of duties, job rotation, and clean desk policy. [Understanding]
Highly Developed Standard
Illustrate access control best practices, such as separation of duties, job rotation, and clean desk policy. [Applying]

DAT-LO-E15 [Essential] Discuss physical security controls, such as keyed access, man traps, key cards and video surveillance, rack-level security, and data destruction. [Understanding]

Emerging Standard
Define physical security controls, such as keyed access, man traps, key cards and video surveillance, rack-level security, and data destruction. [Remembering]
Developed Standard
Discuss physical security controls, such as keyed access, man traps, key cards and video surveillance, rack-level security, and data destruction. [Understanding]
Highly Developed Standard
Outline physical security controls, such as keyed access, man traps, key cards and video surveillance, rack-level security, and data destruction. [Analyzing]

DAT-LO-E16 [Essential] Implement data access control to manage identities, credentials, privileges, and related access. [Applying]

Emerging Standard
Describe data access control to manage identities, credentials, privileges, and related access. [Understanding]
Developed Standard
Implement data access control to manage identities, credentials, privileges, and related access. [Applying]
Highly Developed Standard
Choose data access control to manage identities, credentials, privileges, and related access. [Evaluating]

DAT-LO-E17 [Essential] Differentiate among the different types of identities, such as federated identities. [Understanding]

Emerging Standard
List different types of identities. [Understanding]
Developed Standard
Differentiate among the different types of identities, such as federated identities. [Understanding]
Highly Developed Standard
Distinguish among the different types of identities, such as federated identities. [Analyzing]

DAT-LO-E18 [Essential] Differentiate access control models, including role-based, rule-based, and attribute-based. [Understanding]

Emerging Standard
Recognize access control models, including role-based, rule-based, and attribute-based. [Remembering]
Developed Standard
Differentiate access control models, including role-based, rule-based, and attribute-based. [Understanding]
Highly Developed Standard
Compare access control models, including role-based, rule-based, and attribute-based. [Analyzing]

DAT-LO-S20 [Supplemental] Investigate access control models, such as role-based, rule-based, and attribute-based. [Applying]


DAT-LO-S21 [Supplemental] Illustrate the fundamental value and benefits of security architectures used to protect information in computer systems. [Applying]


DAT-LO-E19 [Essential] Explain end-to-end data security. [Understanding]

Emerging Standard
Define end-to-end data security. [Remembering]
Developed Standard
Explain end-to-end data security. [Understanding]
Highly Developed Standard
Outline end-to-end data security. [Understanding]

DAT-LO-E20 [Essential] Illustrate important application and transport layer protocols, such as HTTP, HTTPS, SSH, SSL/TLS, IPsec and VPN technologies. [Applying]

Emerging Standard
Demonstrate important application and transport layer protocols. [Understanding]
Developed Standard
Illustrate important application and transport layer protocols, such as HTTP, HTTPS, SSH, SSL/TLS, IPsec and VPN technologies. [Applying]
Highly Developed Standard
Examine important application and transport layer protocols, such as HTTP, HTTPS, SSH, SSL/TLS, IPsec and VPN technologies. [Analyzing]

DAT-LO-S22 [Supplemental] Explain security threats and mitigations to data at the data link layer. [Understanding]


DAT-LO-S23 [Supplemental] Illustrate attacks and countermeasures on TLS, such as downgrade attacks, certificate forgery, implications of stolen root certificates, and certificate transparency. [Applying]


DAT-LO-S24 [Supplemental] Explain security threats and mitigations to data at the data link layer. [Understanding]


DAT-LO-S25 [Supplemental] Investigate privacy preserving protocols, such as Mixnet, Tor, Off-the-record message, and Signal. [Applying]


DAT-LO-E21 [Essential] Classify various cryptanalysis attacks, such as ciphertext only, chosen plaintext, chosen ciphertext, man-in-the-middle, and brute force. [Understanding]

Emerging Standard
List various cryptanalysis attacks. [Remembering]
Developed Standard
Classify various cryptanalysis attacks, such as ciphertext only, chosen plaintext, chosen ciphertext, man-in-the-middle, and brute force. [Understanding]
Highly Developed Standard
Carry out various cryptanalysis attacks, such as ciphertext only, chosen plaintext, chosen ciphertext, man-in-the-middle, and brute force. [Applying]

DAT-LO-S26 [Supplemental] Contrast different well-known cryptanalysis attacks. [Analyzing]


DAT-LO-S27 [Supplemental] Demonstrate timing attacks and their effects on well-known algorithms such as RSA, ElGamal, and the Digital Signature Algorithm. [Understanding]


DAT-LO-S28 [Supplemental] Describe how man-in-the-middle attacks affect the privacy aspect of data. [Understanding]


DAT-LO-S29 [Supplemental] Categorize in terms of complexity different techniques for attacks against public key ciphers, such as Pollard's p-1 and rho methods, quadratic sieve, and number field sieve. [Analyzing]


DAT-LO-E22 [Essential] Examine various ways that privacy can be jeopardized by using contemporary technology, including social media. [Analyzing]

Emerging Standard
Discuss various ways that privacy can be jeopardized by using contemporary technology, including social media. [Understanding]
Developed Standard
Examine various ways that privacy can be jeopardized by using contemporary technology, including social media. [Analyzing]
Highly Developed Standard
Appraise various ways that privacy can be jeopardized by using contemporary technology, including social media. [Evaluating]

DAT-LO-E23 [Essential] Discuss storage device encryption implemented at the hardware and software levels. [Understanding]

Emerging Standard
Recognize storage device encryption implemented at the hardware and software levels. [Remembering]
Developed Standard
Discuss storage device encryption implemented at the hardware and software levels. [Understanding]
Highly Developed Standard
Compare storage device encryption implemented at the hardware and software levels. [Analyzing]

DAT-LO-E24 [Essential] Contrast techniques for data erasure and their limitations in implementation. [Analyzing]

Emerging Standard
Describe techniques for data erasure. [Understanding]
Developed Standard
Contrast techniques for data erasure and their limitations in implementation. [Analyzing]
Highly Developed Standard
Critique techniques for data erasure and their limitations in implementation. [Evaluating]

SOF-E01 [Essential] Write secure code with appropriate documentation for a software system and its related data. [Applying]


SOF-E02 [Essential] Analyze security and ethical considerations at each phase of the software development lifecycle. [Analyzing]


SOF-E03 [Essential] Use documentation, such as third-party library documentation, in a given secure computing scenario. [Applying]


SOF-S01 [Supplemental] Implement isolation to secure a process or application. [Applying]


SOF-S02 [Supplemental] Discuss the relationship between an organization’s mission and secure software design. [Understanding]


SOF-S03 [Supplemental] Write software specifications, including security specifications, for a given process or application. [Applying]


SOF-S04 [Supplemental] Assess a given test plan, from a security perspective. Evaluating [Evaluating]


SOF-S05 [Supplemental] Examine social and legal aspects of software development from a security perspective. [Analyzing]


SOF-S06 [Supplemental] Develop user documentation for software installation with security appropriately included. [Creating]


SOF-LO-E02 [Essential] Execute access decisions and permissions based on explicit need. [Applying]

Emerging Standard
Classify access decisions and permissions based on explicit need. [Understanding]
Developed Standard
Execute access decisions and permissions based on explicit need. [Applying]
Highly Developed Standard
Analyze access decisions and permissions based on explicit need. [Analyzing]

SOF-LO-E01 [Essential] Apply fundamental design principles, including least privilege, open design, and abstraction, to system and application software. [Applying]

Emerging Standard
Describe fundamental design principles for system and application software. [Understanding]
Developed Standard
Apply fundamental design principles, including least privilege, open design, and abstraction, to system and application software. [Applying]
Highly Developed Standard
Evaluate the fundamental design principles used, including least privilege, open design, and abstraction, for a given software development scenario. [Evaluating]

SOF-LO-S01 [Supplemental] Test authorization and access control for a given class. [Applying]


COM-E01 [Essential] Discuss vulnerabilities and mitigations of system components throughout their lifecycle. [Understanding]


COM-E02 [Essential] Perform security testing for given components within a system. [Applying]


COM-S01 [Supplemental] Analyze how component security features impact systems, such as software and firmware updates. [Analyzing]


CON-E01 [Essential] Illustrate the construction and proper configuration of computer networks which adhere to current industry standards and organizational guidelines. [Applying]


CON-E02 [Essential] Investigate the impact of various connection and transmission attacks on network hardware and software. [Applying]


CON-S01 [Supplemental] Examine characteristics of commonly used physical networking media and interfaces. [Analyzing]


CON-S02 [Supplemental] Distinguish vulnerabilities and example exploits as they apply to network services, architectures, and protocols. [Analyzing]


CON-S03 [Supplemental] Implement appropriate defenses throughout an enterprise to harden the network against attackers. [Applying]


CON-S04 [Supplemental] Construct and properly configure computer networks which adhere to current industry standards and organizational guidelines. [Creating]


SYS-E01 [Essential] Discuss security aspects of system management in common system architectures. [Understanding]


SYS-E02 [Essential] Contrast various methods for authentication and access control in an enterprise, and why one might choose one over another. [Analyzing]


SYS-E03 [Essential] Perform system security testing with an understanding of normal, secure operation, and document results. [Applying]


SYS-S01 [Supplemental] Critique security throughout the system lifecycle, including security requirements, system management, system testing, and system disposal. Evaluating [Evaluating]


SYS-S02 [Supplemental] Outline a security threat model and how system monitoring tools and mechanisms can be used. [Analyzing]


SYS-S03 [Supplemental] Examine appropriate models for managing authentication, access control and authorization across systems in an organization. [Analyzing]


SYS-S04 [Supplemental] Apply cyber defense methods to prepare a system against attacks, including penetration testing, log analysis, resilience mechanisms, and the use of intrusion detection systems. [Applying]


SYS-S05 [Supplemental] Discuss legal aspects of system and network requirements, such as support for litigation holds and forensic analysis. [Understanding]


SYS-S06 [Supplemental] Construct virtual environments including disk and memory structures to meet organization needs. [Creating]


HUM-E01 [Essential] Discuss identity management in the context of attacks and mitigations. [Understanding]


HUM-E02 [Essential] Analyze the security of an individual’s data and privacy in the context of an organization and in their personal lives. [Analyzing]


HUM-E03 [Essential] Describe trends in human behavior which pose risks to individual and organizational privacy and security. [Understanding]


HUM-S01 [Supplemental] Analyze a variety of physical access controls. [Analyzing]


HUM-S02 [Supplemental] Use a variety of tools and techniques to detect and mitigate social engineering threats. [Applying]


HUM-S03 [Supplemental] Examine techniques to encourage personal compliance with cybersecurity rules, policies, and ethical norms. [Analyzing]


ORG-E01 [Essential] Describe policies, procedures, and ethical considerations to protect information security. [Understanding]


ORG-E02 [Essential] Describe security features in operating system and database administration in a local or cloud environment. [Understanding]


ORG-E03 [Essential] Summarize the components of a business continuity plan that ensures minimal down time and quick recovery in the face of cybersecurity incidents or natural disasters. [Understanding]


ORG-E04 [Essential] Describe physical security features to protect an organization’s computing and information resources. [Understanding]


ORG-S01 [Supplemental] Analyze risks to information assets in an organization and communicate them to stakeholders. [Analyzing]


ORG-S02 [Supplemental] Assess administrative procedures for protecting systems from attack and ensuring the availability of system access and functions in an organization. Evaluating [Evaluating]


ORG-S03 [Supplemental] Analyze the meaning and use of various security metrics and data with the aid of tools, to ensure quality control and security of data. [Analyzing]


ORG-S04 [Supplemental] Discuss issues related to personnel security in an organization, including the protection of personally identifiable information, and proper use or avoidance of fear, uncertainty, and doubt (FUD) as an awareness tool. [Understanding]


SOC-E01 [Essential] Interpret applicable cyber policies and ethics for a given scenario. [Understanding]


SOC-E02 [Essential] Summarize applicable national, international, and global security policies and legislation. [Understanding]


SOC-E03 [Essential] Distinguish social dynamics of computer attackers in a global context. [Analyzing]


SOC-S01 [Supplemental] Attribute specific cyber laws and potential economic impact for a given cybercrime scenario. [Analyzing]


SOC-S02 [Supplemental] Compare different cyber ethics theories that impact on individuals and society. [Analyzing]