Summary of NSA Criteria for CAE / Cyber Defense (CD)

Overall CAE-CDE requirements are: mapping of the institution's curriculum to the four-year core knowledge units + 5 optionals (22 total) and demonstrate that a student can reasonably complete the necessary course of study; demonstration of program outreach and collaboration, center for CD education, a robust and active CD academic program, CD multidisciplinary efforts, practice of CD at the institution level, and student and faculty CD efforts; focus area (optional) - all CAEs have the option to apply for one or more CAE-CDE Focus Area (FA) designations.

1. Cyber Defense Academic Program Path

   The Cyber Defense program path must have been in existence for at least 3 years. Evidence must show one year of student granted degrees with program path completion.

2. "Center" for CD Education

   The institution must have an officially established entity (either physical or virtual) serving as the focal point for its CD educational program. The center shall provide the following services: program guidance and oversight; general cyber defense information; and collaboration and outreach opportunities among students, faculty, and other institutions. Additionally, the center must be supported by a website that is dynamic, current and visible within the institution and the external community at large.

3. Student-based Cyber Defense Skills Development

   The institution must show how it fosters student development in the field of Cyber Defense. This criterion focuses on STUDENT-based skills development as it contributes to evolution of theory and practice in the field of Cyber Defense. Skills development shall relate back to one or more of the mapped knowledge units.

4. Cyber Defense Faculty and Courses Taught

   The institution must demonstrate that it has faculty responsible for the overall CD program of study and sufficient faculty members, either full- or part-time to ensure continuity of the program.

5. Cyber Defense Faculty Expertise and Research

   The institution must show that the faculty members are Cyber Defense experts and are active in current CD practice and research. Cyber Defense faculty members must be contributing their CD knowledge to publications, presentations, and professional societies as well as seeking grants for CD resources and mentoring CD students.

6. Cyber Defense is a Multidisciplinary Practice at the Institution

   The institution must demonstrate that CD is not treated as a separate discipline, but integrated into additional degree programs within the institution.

7. Institution Information System Security

   Provide links or attachments to the high-level IS Security Plan(s) for the institution to show how it practices institutional security. IS Security Plan must include how the Information System infrastructure of the institution is protected and how the plan is implemented, not just policies on use of the system.

8. Cyber Defense Outreach Beyond the Institution

   The institution must demonstrate how Cyber Defense practices are extended beyond the normal boundaries of the institution. Show how CD principles developed at the University are shared with others.