EUROPEAN CYBERSECURITY COMPETENCE CENTRE - Learn more about ENISA's European Cybersecurity Skills Framework (ECSF)!

The European Cybersecurity Skills Framework (ECSF) is the result of the joint effort of ENISA and the ENISA Ad-hoc working group on Cybersecurity Skills Framework. The aim of the ECSF is to create a common understanding of the relevant roles, competencies, skills and knowledge; to facilitate cybersecurity skills recognition; and to support the design of cybersecurity-related training programs. It summarises all cybersecurity-related roles into 12 profiles, which are individually analysed into the details of the responsibilities, skills, synergies and interdependencies it corresponds to.

Symbols and names of different cybersecurity profiles — ENISA

date: 20/09/2022

The ECSF provides an open European tool to build a common understanding of the cybersecurity professional role profiles and common mappings with the appropriate skills and competences required.

The framework is complemented by a user manual, which constitutes a practical guide for its utilization, based on examples and use cases. The manual includes three examples for private organizations, that need to hire, upskill and/or reskill their personnel in cybersecurity, along with use cases, which represents the experience of seven organisations using the ECSF in different contexts.

A draft version of the framework was presented to the public in April 2022 via a webinar. On 20 and 21 September, the final version of the ECSF and its user manual were presented during the ENISA cybersecurity skills conference.

The framework consists of 2 documents:

The ECSF Role Profiles document – Listing the 12 typical cybersecurity professional role profiles along with their identified titles, missions, tasks, skills, knowledge, competences.
The ECSF User Manual document – Providing guidance and practical examples on how to leverage the framework and benefit from it as an organisation, provider of learning programmes or individual.