Protect and Defend

Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.

Cybersecurity Defense Analysis (CDA)

Cybersecurity Defense Analysis uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.

Cybersecurity Defense Infrastructure Support (OPM 521)

Cybersecurity Defense Infrastructure Support tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources. Monitors network to actively remediate unauthorized activities.

Incident Response (CIR)

Incident Response responds to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.

Vulnerability Assessment and Management (VAM)

Vulnerability Assessment and Management conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations.