Criteria for Measurement for CAE in Cyber Operations Advanced


The National Centers of Academic Excellence in Cyber Operations Program (CAE-Cyber Operations) is open to degree granting four-year colleges and graduate-level universities. CAE-Cyber Operations programs must be based within a computer science, electrical engineering or computer engineering department, or a degree program of equivalent technical depth, or a collaboration between two or more of these departments.

Applications are assessed against a specific set of academic requirements and programmatic criteria, listed below, which are intended to measure the depth and maturity of programs of instruction in cyber operations at the graduate and/or undergraduate levels. The criteria and requirements are reviewed annually and strengthened as the program matures, as technology advances and to keep pace with the evolving nature of the cyber operations field.

Applications must clearly demonstrate how their program meets each of the requirements and criteria to obtain designation. Successful applicant programs are designated as a CAE-Cyber Operations for a period of five academic years, after which they must successfully reapply to retain the designation. Designation as a National Center of Academic Excellence in Cyber Operations does not carry a commitment of funding from the CAE-Cyber Operations program sponsor (i.e., the National Security Agency).

The CAE-Cyber Operations program has new criteria for programs seeking an Advanced designation. The CAE-Cyber Operations Advanced designation is bestowed upon those programs who have successfully demonstrated an emphasis on experiential learning and a cyber operations curriculum based on depth, rather than breadth.

Criteria for Measurement for CAE in Cyber Operations Advanced

Criterion Criterion Name Requirement
1 Academic Content (includes mandatory and optional content) 100% foundational, 60% core, 2 specializations
2 Cyber Operations Recognized via Degree, Certificate or Focus Area Cyber operations must be explicitly recognized as a focus area or specialization and students must meet requirements to be awarded such recognition.
3 Program Accreditation/Curricula Review Applicant programs may undergo an in-person curriculum review.
4 Cyber Operations Treated as an Inter-Disciplinary Science Cyber operations concepts must be integrated into core and specialization curriculum as appropriate.
5 Cyber Operations Academic Program is Robust and Active Evidence that courses are maintained, current and offered frequently (e.g., every 18 months).
6 Faculty Involvement in Cyber Operations-related Research Evidence of faculty grants, papers published, conference presentations related to the field of cyber operations (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response. These technologies and techniques are critical to intelligence, military, and law enforcement organizations authorized to perform these specialized operations).
7 Student Involvement in Cyber Operations-related Research Evidence of student work on grant research, papers published, conference presentations related to the field of cyber operations (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response. These technologies and techniques are critical to intelligence, military, and law enforcement organizations authorized to perform these specialized operations).
8 Student Participation in Cyber Service-Learning Activities Evidence of participation in local/regional/national cyber exercises, outreach to community colleges and high schools, etc.
9 Commitment to Support the CAE-Cyber Operations Program First application: stated commitment. Renewals: Within the 5-year designation window, graduation of either 5 M.S. or 1 Doctoral student in addition to faculty support to the CAE-Cyber Operations Program.
10 Number of Faculty Involved in Cyber Operations Education and Research Activities At least 2 faculty actively teaching cyber (i.e., non CS/EE/CE core) courses.

Advanced Criterion 1: Academic Content

The applicant program must include Knowledge Units (KUs) (single or multiple courses, or course modules within single or multiple courses) covering 100% foundational academic content, 60% core academic content and a minimum of two areas of academic content specialization. CAE-Cyber Operations Advanced Foundational KUs represent the required knowledge for any cyber operations student and must be met either before entering or at completion of the cyber operations advanced program. The Cyber Operations Advanced Foundational KUs are the ten CAE-Cyber Operations Fundamental Mandatory KUs. Each school must use a documented process to vet their own students for the required foundational knowledge. Vetting can be any documented process.

Students meeting the academic criteria for the institution's cyber operations advanced program must meet 100% foundational requirements, complete coursework for 60% core academic requirements, complete six credit hours in a specialization KU and either complete a thesis or its equivalent in a cyber operations topic.

CAE-Cyber Operations Advanced applications will undergo a documentation review and a possible on-site, detailed curriculum review with representatives of the CAE-Cyber Operations program office and the relevant faculty at the applying institution which will look at the details of each course contributing to coverage of the knowledge units.


Advanced Criterion 2: Cyber Operations Recognized via Certificate or Focus Area

Students who participate sufficiently in the designated CAE-Cyber Operations Advanced curriculum (i.e., take and pass courses that completely satisfy foundational, core and specialization requirements described in Criterion 1) must be distinguished from other students through the awarding of a degree, certificate, or a reference to a focus area or specialization on their transcript and/or degree.


Advanced Criterion 3: Curricula Review

The CAE-Cyber Operations Advanced program must be based within a technically deep computer science, computer engineering or electrical engineering program, or a degree program of equivalent technical depth. Representatives of the CAE-Cyber Operations program Office may perform a two day on-site, detailed curriculum review focused on course content, course relevance (how current it is), course frequency (how often is the course taught, when was it last taught) with the participation of the faculty members who maintain and teach each course. 

When the applying CS/EE/CE program is accredited by the Accreditation Board for Engineering and Technology (ABET), accreditation can be used to show satisfaction of CAE-CO academic content requirements for topics explicitly covered by the ABET accreditation process. 


Advanced Criterion 4: Cyber Operations Treated as an Inter-Disciplinary Science

The goal of the CAE-Cyber Operations Advanced program is to produce graduating students with an in-depth educational foundation that enables them to better function in the world of specialized cyber operations. To best achieve this, a designated program must expose students to cyber operations in an inter-disciplinary manner. Cyber operations must not be treated as an isolated specialization, with classes focused solely on cyber operations tools, techniques, and principles. Instead, a cyber operations student must be exposed to the underlying technologies that make up the cyber domain, as well as the policy, social, legal, and ethical aspects of conducting cyber operations. To the greatest extent possible, this should be done by integrating cyber operations information, as appropriate, into the courses of many other academic disciplines (e.g., computer science, engineering, math, IT, business, law), as well as integrating elements of those disciplines into cyber operations classes, when they do exist as stand-alone offerings (which, for some topics, may be appropriate to do so). Thus, a curriculum suitable to satisfy the academic requirements for designation as a cyber operations program may include courses from multiple colleges within a university and from multiple programs and disciplines, or, in the case of a defined cyber operations degree program, it can be demonstrated that the relevant information from these disciplines has been integrated into the cyber operations program courses.


Advanced Criterion 5: Cyber Operations Academic Program is Robust and Active

To demonstrate that the academic program being submitted for designation as a CAE in Cyber Operations Advanced is robust and active, the applicant institutions must provide a list of courses (number, title, catalog description) included in meeting the cyber operations academic requirements and provide data showing when each course was last taught. (Note: this is not a detailed mapping of the course content, but rather just the course identification of all courses that significantly contribute to the satisfaction of a knowledge unit requirement).

Institutional policies on updating course materials to remain relevant must be cited and included in the application.

All courses must be identified in the course catalog.


Advanced Criterion 6: Faculty Involvement in Cyber Operations-related Research

The application should provide evidence that the faculty involved in cyber operations education are also active in research related to cyber operations (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response).

Evidence may be provided in the form of information:

  • related to research grants,
  • that demonstrates the faculty contributes to the common body of knowledge through the publication of papers, and
  • related to attendance and presentations at conferences related to cyber operations.

Advanced Criterion 7: Student Involvement in Cyber Operations Research

Since hands-on research reinforces the cyber operations curricula, the application should provide evidence that students are involved in cyber operations research (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response).

Evidence may be provided in the form of information showing:

  • student participation in research grant activities,
  • student research papers are required as part of cyber related courses,
  • student publications related to cyber operations topics, and
  • student attendance and presentations of cyber operations related topics at conferences.

Advanced Criterion 8: Student Participation in Cyber Service-Learning Activities

To encourage the spread of education related to cybersecurity and cyber operations, students are required to participate in activities that contribute to growing and strengthening the cyber operations community and cybersecurity for the Nation.

Examples of cyber service-learning activities might include:

  • participation in computer science/cybersecurity/cyber operations clubs and activities,
  • participation in cyber exercise activities, at the local, regional, and/or national level,
  • outreach activities and/or collaboration with other universities, 2-year schools, or local high schools.
  • cybersecurity/cyber operations presentations at conferences, or
  • outreach activities to local or state law enforcement.

Advanced Criterion 9: Commitment to Support the CAE-Cyber Operations Program

For initial application to the CAE-Cyber Operations Advanced Program, the applying institution must make a stated commitment to support the CAE-Cyber Operations program. Examples of support could be in the form of student applicants to the CAE-Cyber Operations Summer Internship Program, comprehensive faculty participation in Knowledge Unit review and changes, mentorship of another institution applying for the CAE-Cyber Operations Advanced designation, and/or faculty support in the form of briefing or teaching during the CAE-Cyber Operations Summer Intern Program.

For renewal applications to the CAE-Cyber Operations Advanced Program, the applying institution must provide evidence of CAE-Cyber Operations Program support with, at a minimum, the graduation of five M.S. students or 1 Doctoral student and CAE-Cyber Operations Program support from at least three faculty members, over the course of the five-year designation window.


Advanced Criterion 10: Number of Faculty Involved in Cyber Operations Education and Research Activities

There must be the equivalent of at least two full-time faculty members teaching relevant cyber operations courses who are also active in relevant cyber operations research.

For the purposes of meeting this criterion, full time is considered to be teaching 3 courses associated with the required knowledge units per semester. Faculty with significant active research clearly and directly associated with cyber operations, or who are advising multiple students at the Master's or Doctoral level on clearly cyber operations research topics, may request that credit for such be allowed for one or two of the required courses.

A biography or curriculum vitae for each faculty member must be provided as part of the program application.