Sword Framework Update: Classification of 40 Cyber ​​Functions and TLP Protocol

In a strategic move aimed at strengthening the Kingdom of Saudi Arabia's digital infrastructure, the National Cybersecurity Authority (NCA) has released a series of significant updates to the Saudi Cybersecurity Workforce Framework (SIYOUF) project through the "Istilaa" platform. This initiative empowers experts and relevant stakeholders to provide their input, ensuring that national talent aligns with the latest rapidly evolving global standards in this vital field.

Strategic context and international standing

This update comes at a time when the Kingdom occupies a leading global position in cybersecurity indicators, reflecting the wise leadership's commitment to achieving the goals of Vision 2030, which relies heavily on secure digital transformation. The "Siyouf" framework is a cornerstone in building a qualified workforce capable of protecting the nation's vital interests and bridging the cybersecurity skills gap in the global labor market, thus enhancing the Kingdom's regional and international competitiveness as a model for governance and development of cyber capabilities.

Comprehensive structure: 5 categories and 40 functional roles

The updated framework provides a precise and systematic classification of cybersecurity professionals, distributed across five main categories, which are further divided into 12 areas of specialization and 40 job roles. This classification aims to standardize job titles and responsibilities across different sectors, thereby facilitating recruitment, training, and professional development. The main categories include:

• Cybersecurity Architecture and Research and Development (CARD): This specializes in the design of secure systems and technological innovation.
• Leadership and Staff Development (LWD): Focuses on team management and human capacity building.
• Governance, Risk and Compliance (GRCL): This involves setting policies and ensuring compliance with regulations.
• Protection and Defense (PD): This is the first line of defense for monitoring threats and responding to incidents.
• Industrial Control Systems and Operational Technologies (ICS/OT): These specialize in protecting critical infrastructure and factories.

Optical Signaling Protocol (TLP)

One of the most significant additions in the updated version is the adoption of the Optical Sign Language (TLP) protocol as a global standard for classifying and sharing sensitive information. The protocol aims to regulate the flow of information based on its level of confidentiality to ensure that sensitive data is not leaked, and it divides information into four color-coded levels:

• Red: Top Secret, sharing outside the direct recipient is prohibited.
• Orange: Limited circulation within the entity or with the relevant persons only.
• Green: It is permissible to exchange it within the professional community or sector without publishing it to the public.
• Transparent (Clear): Public information that can be freely traded without restrictions.

Areas of competence and the future of training

The framework introduced the concept of "competency areas" to link theoretical skills with practical application, helping educational and training institutions design programs that align with actual labor market needs. The authority emphasized that this framework is not a rigid template but a dynamic document that will undergo periodic reviews to keep pace with evolving cyber threats. It recommended that all government and private entities adopt this framework to ensure a common language and effective integration in addressing digital challenges.