Skip to main content

European Cybersecurity Skills Framework (ECSF)

Staff shortages in cyber security and skills shortages are among the main concerns for both economic development and national security. Looking at the issue, ENISA identified Europe’s need for a comprehensive approach to define a range of cybersecurity roles and competences that could be exploited to reduce the shortage of staff and skills. ENISA has worked on the development of this framework, the European Cybersecurity Skills Framework (ECSF), which aims to strengthen the European cybersecurity culture by providing a common European language among communities, taking an essential step towards Europe’s digital future.  The ECSF provides a practical tool to support the identification and articulation of tasks, competences, skills and knowledge associated with the roles of European cybersecurity professionals. The main objective of the framework is to create a common understanding between individuals, employers and learning programme providers in all EU Member States, making it a valuable tool to bridge the gap between cybersecurity skills and learning environments.  The framework describes the most important requirements to be met in the context of cyber security work, defining a set of 12 professional profiles typical of cybersecurity. These profiles provide a common understanding of the key cybersecurity missions, tasks and skills needed in a professional cybersecurity context, making it the perfect reference for the profiling skills and knowledge needed by cybersecurity professionals. The framework is designed to be easily understandable and comprehensive enough to provide appropriate insights into cybersecurity and flexible enough to allow customisation to suit each user’s needs. Incorporating all stakeholders’ perspectives, the framework is applicable to all types of organisations and supports the development of all cybersecurity professions.  The ECSF is the result of the work carried out by ENISA’s ad hoc working group on the European Cybersecurity Competence Framework, consisting of experts representing various opinions. The developed framework is based on an analysis of existing frameworks, results and results of research on market needs and expert agreement. User case studies and indicative examples, inspired by various working and learning environments, demonstrate the practical implementation of this framework and support this work.  The main benefits of using the ECSF were: 

  • ensure common terminology and shared understanding of cybersecurity professionals across the EU; 
  • identify the critical skills set required from the workforce’s perspective in the cyber security sector to support its further development and improvement; 
  • promote harmonisation in education, training and development of the cyber security workforce. 

This ECSF User Manual provides a comprehensive overview of the main scope, framework principles and application opportunities of the ECSF. The main purpose of the manual is to make CESF easily accessible, understandable and usable by all stakeholders with an active role or the need for adequately qualified cybersecurity professionals.