This guide explains how to use the NIST NICE Framework Heat Map to visualize, manage, and mitigate cybersecurity skills risk across your organization.
The NIST NICE Heat Map is a powerful visual tool designed to help your organization measure, manage, and mitigate cybersecurity skills risk. By aligning your team's performance with the National Institute of Standards and Technology (NIST) NICE Framework, the Heat Map provides a quantifiable benchmark against an internationally recognized standard.
What is the NIST NICE Framework?
The NICE Framework is a globally recognized resource that categorizes cybersecurity work into 5 Work Role Categories and 41 specific Work Roles.
Each Work Role is defined by TKS statements, which describe the requirements for performing cybersecurity work:
- Tasks: Specific activities or units of work directed toward organizational objectives.
- Knowledge: A retrievable set of concepts required to complete a task.
- Skills: The capacity to perform an observable action.
How to Read the Heat Map
The Heat Map uses color intensity to represent your organization’s alignment with the framework, allowing you to identify coverage gaps instantly. You can access it by navigating to Frameworks > NIST NICE Framework in the top navigation bar.
The color of each Work Role tile corresponds to your team's current alignment percentage:
- Good Alignment (70-100%): Represented by dark blue.
- Partial Alignment (40-69%): Represented by medium blue.
- Low Alignment (1-39%): Represented by light blue.
- No Alignment (0%): Represented by a white tile.
- No Content Mapped (N/A): Represented by a grey tile.
The "N/A" Quality Guarantee
If a Work Role is marked as "No Content Mapped" (N/A), it means the platform does not yet have sufficient content mapped to the TKS statements for that specific role. We maintain this strict threshold to ensure data integrity; we only provide a maturity score when it is backed by significant data density, ensuring your risk decisions are actionable and defensible.
Proactive Risk Management for Managers
The Heat Map empowers managers to surgically mitigate risk by focusing resources on the specific skills that pose the highest threat to the organization.
- Filtered Views:
- Org Managers: View the alignment of the entire workforce.
- Team Managers: See a pre-filtered view of your specific teams.
- Granular Drilling: Both views allow you to use the Teams filter to drill down into specific sub-groups.
Granular Gap Analysis
Click any Work Role to open a detailed side panel. This reveals exactly which TKS statements are:
- Demonstrated (Green): Successfully completed by at least one member of the team.
- Not Demonstrated (Red): Mapped content exists on the platform but has not been completed.
- Unmapped (icon): Content is not yet available on the platform for this specific TKS statement.
Dual-Layer Benchmarking
The side panel displays alignment against both the National Framework and the Platform Catalog. This transparency helps you identify whether a skill gap exists because of a lack of training or a lack of available content.
Daily “Snapshot of Truth”
Data refreshes daily at 03:00 GMT. This provides a stable, reliable snapshot for your daily reporting cycles, stand-ups, and stakeholder updates.
Explore by Teams/Sub-Teams and Individual Contributors
Managers can move beyond aggregate team data to view the specific contributions of sub-teams and every team member. Navigate to “Explore by” and select “Teams” from the drop-down.
- Select Teams and Work Roles: You can drill into specific areas by searching by work role name (e.g., Cybersecurity Architecture) and/or work role number (e.g., IO-WRL-001).
- Drill Down into Teams & Sub-Teams: Click on a specific Work Role to see the team’s alignment.
- Individual Performance: Drill down further to view individual contributors. Click on a specific team member to open a side panel showing their personal alignment to that Work Role. This view highlights their progress, clearly displaying which TKS statements are Demonstrated (Green), Not Demonstrated (Red), or Unmapped (icon), allowing you to pinpoint personalized skill gaps.
- Identify Skill Leaders and Single Points of Failure: View which individuals are contributing most to a Work Role's alignment score, helping you identify subject matter experts (talent) and potential single points of failure (risk) within your team.
💡 Pro-Tip: Building Targeted Training If you identify a "Not Demonstrated" TKS statement that is critical to your team, you can manually build a training path:
- Navigate to Manage > Custom Collections and select Create New.
- Filter by NIST NICE Framework and select the relevant Work Role.
- Locate the TKS number you identified on the Heat Map.
- Click View Labs and use the plus (+) sign to add that content to your collection for assignment.
Frequently Asked Questions
How is the alignment percentage calculated? The score measures the breadth of unique skills covered. If one user demonstrates a TKS statement, it contributes to the alignment percentage. If multiple users demonstrate the same statement, the score does not increase further, as that specific skill requirement is already considered "covered" for the team or organization.
What does "Unmapped" mean? "Unmapped" statements are parts of the complete NIST NICE framework for which content is not yet available on the platform. We display these to provide full transparency, serving as a roadmap for where you may need to plan for supplemental training.
Why did my score go down? To maintain an audit-ready posture, the Heat Map only tracks active license holders. A score will decrease if a user leaves the organization, moves to a different team (affecting team views), or has their license revoked.
Comments
0 comments
Please sign in to leave a comment.