Factor 1, Knowledge Required by the Position

Factor 1 measures the nature and extent of information or facts an employee must understand to do acceptable work (e.g., steps, procedures, practices, rules, policies, theories, principles, and concepts) and the nature and extent of the skills necessary to apply that knowledge. You should only select a factor level under this factor when the knowledge described is required and applied.

Note: Factor Level Description is abbreviated as FLD.

Factor Level Description 1-6 (950 Points)

Level 1-6 — 950 Points

Knowledge Required for All Positions in This Series at This Level:

Knowledge of, and skill in applying, most of the following:

• Modern IT principles, methodologies, frameworks and practices in the assigned IT domain(s).
• IT systems development life cycle management concepts.
• Performance monitoring principles and methods.
• Quality assurance principles.
• Technical documentation methods and procedures.
• Systems security methods and procedures.
• Analytical methods.
• Technical concepts and solutions through effective oral and written communications in IT environments.

This knowledge is sufficient to:

• Perform routine and recurring assignments in assigned IT domain(s) while adapting to emerging technologies and best practices.
• Identify and resolve issues and problems.
• Draft and update procedural documentation and instructional materials.
• Provide information and assistance to customers.
• Evaluate established methods and procedures and prepare recommendations for changes in methods and practices where appropriate, guided by goals.
• Ensure the application of appropriate security measures aligned with industry standards.

Note: Remember to refer to these common requirements when applying the knowledge and skill requirements for any specialty at this level.

Level 1-6 — 950 Points

Cluster 1 – IT Operations and Security

Knowledge of a wide range of IT principles, methods, and practices, including:

• Operating systems, hardware, and software platforms.
• Network and system administration fundamentals.
• Information security principles and compliance requirements.
• Customer support methodologies and service delivery standards.
• Diagnostic and troubleshooting techniques.
• Automation tools and digital service technologies.
• IT policies, procedures, and documentation standards.

 This knowledge is sufficient to:

• Analyze and diagnose computer hardware, software, or system malfunctions or problems (e.g., identifying incidents, escalating issues, and resolving user-reported errors).
• Install, configure, and maintain IT systems and network components (e.g., setting up computers, printers, and telecommunications devices; applying patches and upgrades; integrating network hardware or software).
• Support cybersecurity compliance and ensure the confidentiality, integrity, and availability of systems and data (e.g., performing backups and recovery, monitoring security, and supporting compliance activities).
• Deliver customer support services, including responding to inquiries and complaints, gathering and evaluating customer feedback, and preparing help documentation.
• Use automation tools to improve service delivery and operational efficiency (e.g., applying scripts or tools to streamline support tasks).
• Interpret and apply technical guidance to resolve recurring IT issues and support system operations (e.g., determining appropriate products or services for clients, integrating client expectations into service delivery).

Level 1-6 — 950 Points

Cluster 2 – IT Development and Analysis

Knowledge of a range of IT principles, methods, and practices applicable to:

• Web development and maintenance, including HTML, CSS, JavaScript, and content management systems.
• Application and software development, debugging, and source code management.
• Database management systems, including data entry, retrieval, and maintenance.
• File management functions such as backup, recovery, and version control.
• Data retention, archiving, and disposition policies.
• Monitoring tools and techniques for web servers and applications.
• Federal and industry standards for web accessibility, usability, and branding.
• Communication and collaboration with technical and non-technical stakeholders.

This knowledge is sufficient to:

• Design, develop, and maintain websites and web-based applications that meet user needs and comply with agency and federal standards (e.g., developing templates, reviewing/updating content, ensuring accessibility).
• Develop, modify, and debug software and applications using programming languages and tools (e.g., writing code, managing source code with version control systems).
• Configure and maintain databases and information tracking systems to support web applications and data-driven services (e.g., preparing data for input/export, maintaining metadata).
• Install and configure monitoring tools on web servers or websites to ensure operational stability and performance.
• Perform file management functions, including allocation, deletion, backup, recovery, and upgrades to ensure data integrity and availability.
• Apply data retention policies to evaluate data for archiving or dispositioning in compliance with legal and organizational requirements.
• Communicate effectively with others to resolve hardware/software issues affecting websites and to coordinate with design and development teams.

Level 1-6 — 950 Points

Cluster 2 – IT Development and Analysis

Knowledge of:

• Modern IT principles, methodologies, frameworks, and practices in application development, data management, and web services.
• Software development life cycle (SDLC) and debugging techniques.
• Web development tools and standards (e.g., HTML, CSS, JavaScript, accessibility).
• Database management systems and data retention policies.
• Performance monitoring and quality assurance principles.
• File management and version control systems.
• Technical documentation methods and procedures.
• Systems security methods and procedures.
• Analytical methods and effective communication in IT environments.

 This knowledge is sufficient to:

• Perform routine and recurring assignments in application, data, and web development while adapting to emerging technologies and best practices.
• Design, develop, and maintain websites and web-based applications.
• Write, modify, and debug software using programming languages and tools.
• Develop and use databases that support web applications and services.
• Install and configure monitoring tools on web servers or websites.
• Perform file management functions such as backup, recovery, and upgrades.
• Draft and update procedural documentation and instructional materials.
• Provide information and assistance to customers and stakeholders.
• Evaluate established methods and recommend improvements.
• Ensure the application of appropriate security measures aligned with industry standards.

Level 1-6 — 950 Points

Cluster 3 – IT Strategy and Planning

Knowledge of a range of IT principles, methods, and practices applicable to:

• Strategic IT planning and enterprise architecture frameworks.
• Organizational mission, goals, and business processes as they relate to IT alignment.
• IT policy development, documentation, and implementation.
• Capital planning, investment control, and IT resource management.
• IT governance, compliance, and auditing practices.
• Federal IT standards, regulations, and enterprise architecture maturity models.
• Techniques for analyzing and documenting IT systems, including the use of diagrams and models.
• Communication and collaboration with stakeholders across business and technical domains.

This knowledge is typically acquired through a combination of formal training in information systems, public administration, or a related field, and practical experience supporting IT planning, policy, or architecture functions.

This knowledge is sufficient to:

• Support the development and implementation of enterprise architecture plans and documentation (e.g., contributing to baseline or target architecture diagrams, sequencing plans, and IT modernization roadmaps).
• Assist in aligning IT systems and strategies with organizational goals and business processes (e.g., identifying system capabilities that support mission needs).
• Participate in IT policy development and review, including drafting or updating policies, standards, and procedures to guide IT operations and governance.
• Contribute to IT strategic planning activities, such as gathering data for workforce planning, capital investment, or knowledge management initiatives.
• Support compliance and audit activities by reviewing documentation, identifying gaps, and helping to ensure alignment with enterprise architecture principles.
• Collaborate with internal and external stakeholders to gather requirements, review IT documentation, and provide input on IT planning and governance processes.

Level 1-6 — 950 Points

Knowledge of:

• Modern IT principles, methodologies, frameworks, and practices in IT operations, systems administration, and customer support.
• Operating systems, hardware, and software platforms.
• Network and system administration fundamentals.
• Systems security methods and procedures.
• IT systems development life cycle (SDLC) concepts.
• Performance monitoring and quality assurance principles.
• Technical documentation methods and procedures.
• Analytical methods for diagnosing and resolving IT issues.
• Effective oral and written communication in technical environments.

 This knowledge is sufficient to:

• Perform routine and recurring assignments in IT operations and support while adapting to emerging technologies and best practices.
• Analyze and diagnose hardware, software, or system malfunctions or problems.
• Install, configure, and maintain IT systems and network components.
• Support cybersecurity compliance and ensure confidentiality, integrity, and availability of systems and data.
• Provide customer support services, including troubleshooting, responding to inquiries, and gathering feedback.
• Use automation tools to improve service delivery and operational efficiency.
• Draft and update procedural documentation and instructional materials.
• Identify and resolve issues and recommend changes in methods and practices.
• Ensure the application of appropriate security measures aligned with industry standards.

Level 1-6 — 950 Points

Cluster 3 – IT Strategy and Planning

Knowledge of:

• Modern IT principles, methodologies, frameworks, and practices in IT strategy, policy, and enterprise architecture.
• Strategic planning and IT governance frameworks.
• Enterprise architecture concepts and documentation standards.
• IT systems development life cycle (SDLC) and capital planning.
• Performance monitoring and quality assurance principles.
• Policy development and compliance assessment.
• Technical documentation and audit preparation methods.
• Systems security and risk management practices.
• Analytical methods and effective communication in IT environments.

 This knowledge is sufficient to:

• Perform routine and recurring assignments in IT planning and governance while adapting to emerging technologies and best practices.
• Support the development and implementation of enterprise architecture plans and documentation.
• Assist in aligning IT systems and strategies with organizational goals and business processes.
• Participate in IT policy development and review.
• Contribute to strategic planning, capital investment, and workforce planning activities.
• Draft and update procedural documentation and instructional materials.
• Provide information and assistance to internal and external stakeholders.
• Evaluate established methods and recommend improvements.
• Ensure the application of appropriate security and compliance measures aligned with industry standards.

Factor Level Description 1-7 (1250 Points)

Level 1-7 — 1250 Points

Knowledge Required for All Positions in This Series at This Level:

Knowledge of, and skill in applying, most of the following:

• Modern IT concepts, principles, methodologies, frameworks and practices in the assigned IT domain(s).
• The mission and programs of customer organizations and alignment with digital transformation initiatives.
• The organization’s IT infrastructure.
• Performance management/measurement methods, tools, and techniques.
• Systems testing and evaluation principles, methods, and tools.
• IT security principles and methods.
• Requirement analysis principles and methods.
• COTS products and components.
• Digital technologies and protocols to evaluate system, network, and data interoperability and scalability.
• New and emerging information technologies and/or industry trends.
• Acquisition management policies and procedures.
• Cost-benefit analysis principles and methods.
• Analytical methods and practices.
• Project management principles and methods.
• Technical concepts and solutions to use effective oral and written communications in IT environments.

 This knowledge is sufficient to:

• Plan and carry out difficult and complex assignments and develop new methods, approaches, and procedures in assigned IT domain(s) while adapting emerging technologies and best practices.
• Provide advice and guidance on a wide range and variety of complex IT issues.
• Interpret IT policies, standards, and guidelines.
• Conduct analyses and recommend resolution of complex issues affecting IT functions.
• Evaluate and recommend adoption of new or enhanced approaches to delivering IT services.
• Test and optimize the functionality of systems, networks, and data.
• Identify and define business or technical requirements applied to the design, development, implementation, management, and support of systems and networks.
• Ensure optimal use of commercially available products.
• Evaluate proposals for the acquisition of IT products or services.
• Prepare and present reports.
• Represent the organization in interactions with other organizations.
• Provide technical leadership on group projects.

Note: Remember to refer to these common requirements when applying the knowledge and skill requirements for any specialty at this level.

Level 1-7 — 1250 Points

Cluster 1 – IT Operations and Security

Knowledge of and skill in applying:

• Modern IT concepts, principles, methodologies, frameworks, and practices in IT operations, systems administration, customer support, and cybersecurity.
• The mission and programs of supported organizations and how IT services align with digital transformation goals.
• The organization’s IT infrastructure including network, server, and endpoint environments.
• Performance management and monitoring tools and techniques to assess system health and service delivery.
• Systems testing and evaluation principles, including backup/recovery validation and patch management.
• IT security principles and methods, including risk identification, vulnerability management, and compliance with cybersecurity policies.
• Requirement analysis principles and methods to support system configuration, integration, and user needs.
• Commercial off-the-shelf (COTS) products and automation tools used in IT service delivery.
• Digital technologies and protocols to evaluate system, network, and data interoperability and scalability.
• New and emerging technologies and industry trends relevant to IT operations and cybersecurity.
• Acquisition management policies and procedures for evaluating IT products and services.
• Cost-benefit analysis principles and methods to support IT investment decisions.
• Analytical methods and practices for diagnosing and resolving complex IT issues.
• Project management principles and methods for planning and executing IT initiatives.
• Technical communication skills to convey complex IT concepts clearly in both oral and written formats.

This knowledge is sufficient to:

• Plan and carry out difficult and complex assignments in IT operations, customer support, and cybersecurity, while adapting to emerging technologies and best practices.
• Provide advice and guidance on a wide range of complex IT issues, including system performance, service delivery, and security posture.
• Interpret IT policies, standards, and guidelines to ensure compliance and operational effectiveness.
• Conduct analyses and recommend resolution of complex issues affecting IT functions, such as system outages, security incidents, or service degradation.
• Evaluate and recommend adoption of new or enhanced approaches to delivering IT services, including automation and cloud-based solutions.
• Test and optimize the functionality of systems, networks, and data to ensure availability, reliability, and performance.
• Identify and define business or technical requirements applied to the design, implementation, and support of IT systems and networks.
• Ensure optimal use of commercially available products and tools in support of IT operations.
• Evaluate proposals for the acquisition of IT products or services, including hardware, software, and support contracts.
• Prepare and present technical reports, system documentation, and user guidance materials.
• Represent the organization in interactions with other IT teams, vendors, and stakeholders.
• Provide technical leadership on group projects, including mentoring junior staff and coordinating cross-functional efforts.

Level 1-7 — 1250 Points

Cluster 2 – IT Development & Analysis

Knowledge of and skill in applying:

• Modern IT concepts, principles, methodologies, frameworks, and practices in application development, data management, and web services.
• The mission and programs of supported organizations and how IT systems and services align with digital transformation goals.
• The organization’s IT infrastructure including web, application, and database environments.
• Performance management and monitoring tools and techniques for applications and data systems.
• Systems testing and evaluation principles, including regression, user acceptance, and system integration testing.
• IT security principles and methods, including secure coding, access control, and incident reporting.
• Requirement analysis principles and methods for designing and implementing user-centric applications and data solutions.
• COTS products and open-source tools used in application and web development.
• Digital technologies and protocols for system, network, and data interoperability and scalability.
• New and emerging technologies and industry trends in software development, data analytics, and web architecture.
• Acquisition management policies and procedures for evaluating IT products and services.
• Cost-benefit analysis principles and methods to support IT investment decisions.
• Analytical methods and practices for diagnosing and resolving complex application and data issues.
• Project management principles and methods for planning and executing IT initiatives.
• Technical communication skills to convey complex IT concepts clearly in both oral and written formats.

This knowledge is sufficient to:

• Plan and carry out difficult and complex assignments in application development, data management, and web services, while adapting to emerging technologies and best practices.
• Provide advice and guidance on a wide range of complex IT issues, including software performance, data integrity, and web usability.
• Interpret IT policies, standards, and guidelines to ensure compliance and quality in application and data environments.
• Conduct analyses and recommend resolution of complex issues affecting application functionality, data accuracy, and system integration.
• Evaluate and recommend adoption of new or enhanced approaches to delivering IT services, including automation and cloud-based solutions.
• Test and optimize the functionality of applications, databases, and websites for performance, security, and user experience.
• Identify and define business or technical requirements applied to the design, development, implementation, and support of applications and data systems.
• Ensure optimal use of commercially available products and tools in support of application and data services.
• Evaluate proposals for the acquisition of IT products or services, including software, platforms, and support contracts.
• Prepare and present technical reports, system documentation, and user guidance materials.
• Represent the organization in interactions with other IT teams, vendors, and stakeholders.
• Provide technical leadership on group projects, including mentoring junior staff and coordinating cross-functional efforts.

Level 1-7 — 1250 Points

Cluster 3 – IT Strategy and Planning

Knowledge of and skill in applying:

• Modern IT concepts, principles, methodologies, frameworks, and practices in IT strategy, enterprise architecture, and policy development.
• The mission, goals, and business processes of the organization and how IT aligns with digital transformation initiatives.
• The organization’s IT infrastructure and enterprise architecture components.
• Performance management and measurement tools and techniques.
• Systems testing, evaluation, and modernization planning methods.
• IT security principles and methods, including risk management and compliance.
• Requirement analysis and business process modeling techniques.
• COTS products and enterprise tools used in architecture and planning.
• Digital technologies and protocols for evaluating system, network, and data interoperability and scalability.
• New and emerging technologies and industry trends relevant to IT governance and planning.
• Acquisition management policies and procedures.
• Cost-benefit analysis principles and methods to support IT investment decisions.
• Analytical methods and practices for evaluating IT systems and strategic alignment.
• Project management principles and methods for planning and executing IT initiatives.
• Technical communication skills to convey complex IT concepts clearly in both oral and written formats.

This knowledge is sufficient to:

• Plan and carry out difficult and complex assignments in IT strategy, enterprise architecture, and policy development, while adapting to emerging technologies and best practices.
• Provide advice and guidance on a wide range of complex IT issues, including architecture alignment, compliance, and modernization.
• Interpret IT policies, standards, and guidelines to ensure strategic alignment and governance.
• Conduct analyses and recommend resolution of complex issues affecting IT planning and enterprise architecture.
• Evaluate and recommend adoption of new or enhanced approaches to IT governance and service delivery.
• Test and optimize the functionality and alignment of systems, networks, and data with enterprise goals.
• Identify and define business or technical requirements applied to the design, development, and implementation of enterprise IT systems.
• Ensure optimal use of commercially available tools and evaluate proposals for IT products or services.
• Prepare and present reports, roadmaps, and architectural documentation.
• Represent the organization in interactions with internal and external stakeholders, including interagency and industry forums.
• Provide technical leadership on group projects and contribute to enterprise-wide IT initiatives.

 

Factor Level Description 1-8 (1550 Points)

Level 1-8 — 1550 Points

Knowledge Required for All Positions in This Series at This Level:

Mastery of, and skill in applying, advanced IT principles, concepts, methods, standards, and practices sufficient to accomplish assignments such as:

• Develop and interpret policies, procedures, and strategies governing the planning and delivery of services throughout the agency.
• Provide expert technical advice, guidance, and recommendations to management and other technical specialists on critical IT issues.
• Apply new developments to previously unsolvable problems.
• Make decisions or recommendations that significantly influence important agency IT policies or programs.

AND

Mastery of, and skill in applying, most of the following:

• Interrelationships of multiple IT domains.
• The agency’s IT architecture.
• New IT developments and applications.
• Emerging technologies and their applications to business processes.
• IT security concepts, standards, and methods.
• Project management principles, methods, and practices, encompassing developing plans, roadmaps and schedules, estimating resource requirements, defining milestones and deliverables, monitoring activities, and evaluating and reporting on accomplishments.
• Technical concepts and solutions through effective oral and written communications in IT environments.

 This knowledge is sufficient to:

• Ensure the integration of IT programs and services; and develop solutions to complex integration/interoperability challenges.
• Design, develop, and manage secure systems that meet evolving business mission requirements, and enhance or optimize the existing IT landscape and IT architecture.
• Manage assigned projects.
• Communicate complex technical requirements to non-technical personnel.
• Prepare and present briefings to senior management officials on complex/controversial IT governance, strategy, and digital risk issues.

Note: Remember to refer to these common requirements when applying the knowledge and skill requirements for any specialty at this level.

Level 1-8 — 1550 Points

Cluster 1 – IT Operations and Security

Mastery of, and skill in applying, advanced IT principles, concepts, methods, standards, and practices in IT operations, systems administration, cybersecurity, and enterprise infrastructure sufficient to:

• Develop and interpret policies, procedures, and strategies governing the planning and delivery of secure and resilient IT services across the enterprise.
• Provide expert technical advice and recommendations to senior leadership and technical specialists on critical issues such as zero-trust architecture, cyber risk management, and infrastructure modernization.
• Apply new developments—such as AI-driven automation, software-defined networking, and hybrid cloud orchestration—to previously unsolvable operational and security challenges.
• Make decisions or recommendations that significantly influence agency-wide IT policies, cybersecurity posture, and service delivery models.
• Mastery of, and skill in applying, most of the following:
• Interrelationships of multiple IT domains (e.g., network, OS, cybersecurity, customer support).
• The agency’s IT architecture and enterprise security framework.
• Emerging technologies and their application to operational resilience and digital risk.
• IT security concepts, standards (e.g., NIST, FISMA), and methods.
• Project management principles for planning, executing, and evaluating enterprise IT initiatives.
• Technical communication to convey complex operational and security concepts to non-technical stakeholders and senior executives.

 This knowledge is sufficient to:

• Ensure integration of IT operations, cybersecurity, and support services across the enterprise.
• Design and manage secure, scalable systems that meet evolving mission needs.
• Lead enterprise-wide projects involving infrastructure modernization, cyber defense, and service optimization.
• Communicate complex technical requirements and risk implications to senior leadership.
• Brief executives on critical IT governance, continuity, and security issues.

Level 1-8 — 1550 Points

Cluster 2 – IT Development and Analysis

Mastery of, and skill in applying, advanced IT principles, concepts, methods, standards, and practices in application development, data architecture, and web services sufficient to:

• Develop and interpret policies and strategies for enterprise application platforms, data governance, and digital service delivery.
• Provide expert technical guidance on complex issues such as cross-platform integration, AI/ML implementation, and data lifecycle management.
• Apply emerging technologies—such as low-code/no-code platforms, real-time analytics, and intelligent automation—to previously unsolvable development and data challenges.
• Make decisions or recommendations that significantly influence agency-wide software architecture, data strategy, and digital transformation initiatives.
• Mastery of, and skill in applying, most of the following:
• Interrelationships of application, data, and web service domains.
• The agency’s IT architecture and data governance framework.
• Emerging technologies and their application to business process automation and user experience.
• IT security standards for secure coding, data protection, and web application security.
• Project management for agile development, release planning, and performance evaluation.
• Technical communication to translate complex technical concepts into actionable insights for non-technical stakeholders.

 This knowledge is sufficient to:

• Ensure integration of application, data, and web services across platforms and business units.
• Design and manage secure, scalable systems that support mission-critical applications and data flows.
• Lead enterprise-wide initiatives involving application modernization, data integration, and digital service optimization.
• Communicate technical requirements and risks to senior leaders and stakeholders.
• Present briefings on IT governance, data strategy, and digital risk to executive audiences.

Level 1-8 — 1550 Points

Cluster 3 – IT Strategy and Planning

Mastery of, and skill in applying, advanced IT principles, concepts, methods, standards, and practices in IT strategy, enterprise architecture, and policy development sufficient to:

• Develop and interpret policies, procedures, and strategies that govern enterprise-wide IT planning, governance, and modernization.
• Provide expert advice to senior executives and technical leaders on complex issues such as enterprise architecture alignment, digital transformation, and IT investment strategy.
• Apply new developments—such as cloud-native architecture, AI governance, and zero-trust frameworks—to previously unsolvable strategic and interoperability challenges.
• Make decisions or recommendations that significantly influence agency-wide IT governance, investment priorities, and digital risk posture.
• Mastery of, and skill in applying, most of the following:
• Interrelationships of IT domains including architecture, cybersecurity, operations, and policy.
• The agency’s enterprise architecture and IT governance framework.
• Emerging technologies and their strategic application to mission delivery.
• IT security and risk management standards.
• Project and portfolio management for enterprise IT initiatives.
• Technical communication to influence policy, investment, and strategic direction.

 This knowledge is sufficient to:

• Ensure integration of IT strategy, architecture, and governance across the enterprise.
• Design and manage secure, future-ready systems aligned with mission and business goals.
• Lead strategic initiatives involving IT modernization, digital transformation, and enterprise risk management.
• Communicate complex technical and policy issues to senior leadership and external stakeholders.
• Present briefings on IT strategy, governance, and digital risk to executive and interagency audiences.

 

Factor Level Description 1-9 (1850 Points)

Level 1-9 — 1850 Points

Knowledge Required for All Positions in This Series at This Level:

Mastery of IT theories, principles, concepts, standards, guidelines, laws practices and regulations of IT, and consultative skill sufficient to:

• Develop new approaches, frameworks, theories, concepts, principles, standards, and methods within emerging IT function(s) (e.g., artificial intelligence, cloud computing, etc.).
• Advise cross-functional IT experts within the agency and across interagency collaborations on a variety of situations and issues that involve applying or adapting new theories, concepts, principles, standards, methods, or practices, that are either self-developed or shaped through leadership and technical foresight from the employee.
• Serve as senior expert and strategic advisor to top agency management officials to advise on integrating IT programs and functions (e.g. data analytics, software development, artificial intelligence, enterprise solutions, cloud services, IT governance, etc.) with other critical programs of equivalent scope and complexity.

Note: Remember to refer to these common requirements when applying the knowledge and skill requirements for any specialty at this level.

Level 1-9 — 1850 Points

Cluster 1 – IT Operations and Security

Mastery of IT theories, principles, concepts, standards, guidelines, laws, practices, and regulations in IT operations, systems administration, cybersecurity, and enterprise infrastructure, and consultative skill sufficient to:

• Develop new approaches, frameworks, and methods for secure and resilient IT operations, including zero-trust architecture, cryptographic agility, and intelligent automation.
• Lead the design and implementation of enterprise-wide operational strategies that integrate cybersecurity, cloud infrastructure, and service delivery.
• Advise cross-functional IT experts and interagency partners on emerging threats (e.g., adversarial AI, legacy cloud vulnerabilities) and operational resilience.
• Serve as a senior expert and strategic advisor to top agency officials on integrating IT operations and cybersecurity with mission-critical programs such as continuity of operations, digital modernization, and national security systems.

 This includes mastery of:

• Interrelationships across IT domains (e.g., cybersecurity, systems engineering, cloud operations).
• The agency’s enterprise IT architecture and operational governance.
• Emerging technologies and their application to operational resilience and digital risk.
• Federal cybersecurity frameworks (e.g., NIST RMF, FISMA, FedRAMP).
• Strategic project and risk management across complex IT environments.
• Executive-level communication to influence policy, investment, and operational decisions.

Level 1-9 — 1850 Points

Cluster 2: IT Development and Analysis

Mastery of IT theories, principles, concepts, standards, guidelines, laws, practices, and regulations in application development, data architecture, and web services, and consultative skill sufficient to:

• Develop new theories, frameworks, and standards for secure, scalable, and intelligent digital platforms, including synthetic data ecosystems, AI-assisted development, and federated data governance.
• Lead the design and implementation of enterprise-wide application modernization and data integration strategies.
• Advise cross-functional IT experts and interagency collaborators on adapting and applying emerging technologies to mission-critical systems.
• Serve as a senior expert and strategic advisor to top agency officials on integrating application platforms, data services, and digital experience with broader agency programs such as public engagement, regulatory compliance, and digital transformation.

 This includes mastery of:

• Interrelationships across application, data, and web service domains.
• The agency’s enterprise architecture and data governance framework.
• Emerging technologies such as AI/ML, low-code platforms, and real-time analytics.
• Secure software development and data protection standards.
• Strategic planning and agile portfolio management.
• Executive-level communication to shape digital policy and investment.

Level 1-9 — 1850 Points

Cluster 3 – IT Strategy and Planning

Mastery of IT theories, principles, concepts, standards, guidelines, laws, practices, and regulations in IT strategy, enterprise architecture, and governance, and consultative skill sufficient to:

• Develop new strategic frameworks, architectural models, and governance methods for integrating emerging technologies such as AI, cloud-native platforms, and digital identity systems.
• Lead the development of enterprise-wide IT modernization strategies that align with mission priorities and national digital policy.
• Advise cross-functional and interagency IT leaders on complex, multi-domain issues involving interoperability, digital risk, and strategic investment.
• Serve as a senior expert and strategic advisor to top agency officials on integrating IT strategy and architecture with other critical programs such as public safety, economic development, or national security.

 This includes mastery of:

• Interrelationships across IT domains and their alignment with business and mission goals.
• The agency’s enterprise architecture, governance, and investment frameworks.
• Emerging technologies and their strategic application to digital transformation.
• Federal IT policy, acquisition, and cybersecurity regulations.
• Strategic portfolio and change management.
• Executive-level communication to influence agency-wide and interagency IT direction.

 

Factor 2, Supervisory Controls

“Supervisory Controls” covers the nature and extent of direct or indirect controls exercised by the supervisor, the employee’s responsibility, and the review of completed work. Controls are exercised by the supervisor in the way assignments are made, instructions are given to the employee, priorities and deadlines are set, and objectives and boundaries are defined. Responsibility of the employee depends upon the extent to which the employee is expected to develop the sequence and timing of various aspects of the work, to modify or recommend modification of instructions, and to participate in establishing priorities and defining objectives. The degree of review of completed work depends upon the nature and extent of the review, e.g., close and detailed review of each phase of the assignment, detailed review of the finished assignment, spot-check of finished work for accuracy, or review only for adherence to policy.

Level 2-3 — 275 Points

How Work is Assigned – The supervisor outlines or discusses possible problem areas and defines objectives, plans, priorities, and deadlines. Assignments have clear precedents requiring successive steps in planning and execution.

Employee Responsibility – The employee:

• independently plans and carries out the assignments in conformance with accepted policies and practices;
• adheres to instructions, policies, and guidelines in exercising judgment to resolve commonly encountered work problems and deviations; and
• brings controversial information or findings to the supervisor’s attention for direction.

How Work is Reviewed – The supervisor:

• Provides assistance on controversial or unusual situations that do not have clear precedents.
• Reviews completed work for conformity with policy, the effectiveness of the employee’s approach to the problem, technical soundness, and adherence to deadlines.
• Does not usually review in detail the methods used to complete the assignment.

 

Level 2-4 — 450 Points

How Work Is Assigned – The supervisor outlines overall objectives and available resources. The employee and supervisor, in consultation, discuss timeframes, scope of the assignment including possible stages, and possible approaches.

Employee Responsibility – The employee:

• Determines the most appropriate principles, practices, and methods to apply in all phases of assignments, including the approach to be taken, degree of intensity, and depth of research in management advisories.
• Frequently interprets regulations on his/her own initiative, applies new methods to resolve complex and/or intricate, controversial, or unprecedented issues and problems, and resolves most of the conflicts that arise.
• Keeps the supervisor informed of progress and of potentially controversial matters.

How Work Is Reviewed – The supervisor reviews completed work for soundness of overall approach, effectiveness in meeting requirements or producing expected results, the feasibility of recommendations, and adherence to requirements. The supervisor does not usually review methods used.

 

Level 2-5 — 650 Points

How Work Is Assigned – The supervisor provides administrative and policy direction in terms of broadly defined missions or functions of the agency.

Employee Responsibility – The employee:

• Is responsible for a significant agency or equivalent level IT program or function.
• Defines objectives.
• Interprets policies promulgated by authorities senior to the immediate supervisor and determines their effect on program needs.
• Independently plans, designs, and carries out the work to be done.
• Is a technical authority.

How Work Is Reviewed – The supervisor:

• Reviews work for potential impact on broad agency policy objectives and program goals.
• Normally accepts work as being technically authoritative.
• Normally accepts work without significant change.

 

Factor 3, Guidelines

This factor covers the nature of guidelines and the judgment employees need to apply them. Individual assignments may vary in the specificity, applicability, and availability of guidelines; thus, the judgment that employees use similarly varies. The existence of detailed plans and other instructions may make innovation in planning and conducting work unnecessary or undesirable. However, in the absence of guidance provided by prior agency experience with the task at hand or when objectives are broadly stated, the employee may use considerable judgment in developing an approach or planning the work. Examples of guidelines used in administrative work in the Information Technology Group, 2200, are:

 

Federal Cybersecurity & IT Governance Guidelines

Year	Guideline / Policy	Issuing Authority	Description & Impact
1996	Clinger–Cohen Act (ITMRA)	Congress	Requires agencies to manage IT investments for performance and results, establishes CIO roles, and mandates capital planning and enterprise architecture.
2002	Federal Information Security Management Act (FISMA)	Congress	Establishes statutory requirements for securing federal systems, including risk assessments, security controls, and annual reporting. Updated in 2014 for modernization.
2010	GPRA Modernization Act	Congress	Strengthens performance management by requiring agencies to set strategic goals and link IT investments to mission outcomes.
2016	OMB Circular A-130 – Management of Federal Information Resources	OMB	Provides comprehensive policy for IT governance, cybersecurity, privacy, and records management across federal agencies.
2021	Executive Order 14028 – Improving the Nation’s Cybersecurity	White House	Mandates Zero Trust adoption, MFA, encryption, and continuous monitoring across all federal agencies. Sets the foundation for modern cybersecurity architecture.
2022	OMB Memorandum M-22-09 – Moving the U.S. Government Toward Zero Trust Cybersecurity Principles	OMB	Establishes a governmentwide Zero Trust strategy with five pillars (Identity, Devices, Networks, Applications, Data). Requires agencies to meet ZT goals by FY 2024.
2023	OMB Circular A-94 – Guidelines and Discount Rates for Benefit-Cost Analysis	OMB	Updated guidance for conducting cost-benefit and cost-effectiveness analyses for federal programs and IT investments.
2024	OMB Memorandum M-24-15 – FedRAMP Modernization & Cloud Security Alignment	OMB	Updates FedRAMP to align with Zero Trust principles, ensuring secure cloud adoption and continuous monitoring for all federal systems.
2025	Executive Order 14144 – Strengthening Cybersecurity	White House	Reinforces Zero Trust mandates with advanced requirements: microsegmentation, phishing-resistant MFA, endpoint detection & response (EDR), and encrypted internal traffic.
2025	NIST SP 1800-35 – Implementing Zero Trust Architecture	NIST	Provides practical, real-world examples for deploying Zero Trust in hybrid environments, including automation and orchestration for IT infrastructure.
2026	NSA Zero Trust Implementation Guidelines	NSA	Offers detailed steps for asset discovery, governance, and infrastructure hardening to operationalize Zero Trust across federal networks.

 

Do not confuse guidelines with the knowledge described under Factor 1 – Knowledge Required by the Position. Guidelines either provide reference data or impose certain constraints on applications. For example, there may be several generally accepted methods of accomplishing work, perhaps set forth in an agency operating manual; however, in a particular office, the policy may be to use only one of those methods, or the policy may state specifically under what conditions the office uses each method. The primary components of this factor are: Guidelines Used and Judgment Needed.

 

Level 3‑3 — 275 Points

Guidelines Used – The employee uses a wide variety of reference materials and manuals; however, they are not always directly applicable to issues and problems or have gaps in specificity. Precedents are available outlining the preferred approach to more general problems or issues.

Judgment Needed – The employee uses judgment in researching, choosing, interpreting, modifying, and applying available guidelines for adaptation to specific problems or issues.

 

Level 3‑4 — 450 Points

Guidelines Used – The employee uses guidelines and precedents that are very general regarding agency policy statements and objectives. Guidelines specific to assignments are often scarce, inapplicable or have gaps in specificity that require considerable interpretation and/or adaptation for application to issues and problems.

Judgment Needed – The employee uses judgment, initiative, and resourcefulness in deviating from established methods to:

• Modify, adapt, and/or refine broader guidelines to resolve specific complex and/or intricate issues and problems.
• Treat specific issues or problems.
• Research trends and patterns.
• Develop new methods and criteria.
• Propose new policies and practices.

 

Level 3‑5 — 650 Points

Guidelines Used – The employee uses guidelines that are often ambiguous and express conflicting or incompatible goals and objectives, requiring extensive interpretation.

Judgment Needed – The employee uses judgment and ingenuity and exercises broad latitude to:

• Determine the intent of applicable guidelines.
• Develop policy and guidelines for specific areas of work.
• Formulate interpretations that may take the form of policy statements and guidelines. 

Top agency management officials and senior staff recognize the employee as a technical expert.

Factor 4, Complexity

This factor covers the nature, number, variety, and intricacy of tasks, steps, processes, or methods in the work performed; the difficulty in identifying what needs to be done; and the difficulty and originality involved in performing the work. The primary components of this factor are: Nature of Assignment, What Needs to Be Done, and Difficulty and Originality Involved.

Level 4‑3 — 150 Points

Illustration(s)

Level 4‑3 — 150 Points

Cluster 1 – IT Operations and Security

Nature of Assignment

Work involves applying different and unrelated IT processes, procedures, and methods in areas such as system administration, network operations, customer support, and cybersecurity compliance.

What Needs to Be Done

The employee analyzes technical issues related to system performance, user support, and security compliance. They select appropriate resolutions from a range of acceptable alternatives, such as applying patches, escalating incidents, or configuring systems to meet operational needs.

Difficulty and Originality Involved

The employee identifies and analyzes important factors such as system interdependencies, user requirements, and security risks. They apply an understanding of how these factors interact across IT functions to ensure reliable and secure operations.

Level 4‑3 — 150 Points

Cluster 2 – Development and Analysis

Nature of Assignment

Work involves applying different and unrelated IT processes, procedures, and methods in software development, database management, and web services.

What Needs to Be Done

The employee analyzes technical issues related to application functionality, data integrity, and web usability. They select appropriate tools and methods to develop, maintain, or troubleshoot systems and services.

Difficulty and Originality Involved

The employee identifies and analyzes important factors such as user requirements, data structures, and interface design. They apply an understanding of how these elements interact to ensure functional, secure, and user-friendly applications and websites.

Level 4‑3 — 150 Points

Cluster 3 – IT Strategy and Planning

Nature of Assignment

Work involves applying different and unrelated IT processes, procedures, and methods in strategic planning, policy development, and enterprise architecture.

What Needs to Be Done

The employee analyzes technical and organizational issues related to IT alignment, governance, and compliance. They select appropriate frameworks and tools to support planning, documentation, and policy implementation.

Difficulty and Originality Involved

The employee identifies and analyzes important factors such as mission alignment, system capabilities, and policy gaps. They apply an understanding of interrelationships among IT functions to support enterprise-wide planning and decision-making.

Level 4‑3 — 150 Points

Nature of Assignment – Work consists of various duties that involve applying a series of different and unrelated IT processes, procedures, and methods

What Needs to Be Done

The employee:

• Decides what needs to be done based on analyses of the subjects and technical issues, were related to the assignment.
• Selects appropriate resolutions and courses of action from many acceptable alternatives.

Difficulty and Originality Involved – The employee identifies and analyzes important factors and conditions in order to recognize and apply an understanding of interrelationships among different IT functions and activities.

Level 4‑4 — 225 Points

Cluster 1 – IT Operations and Security

Nature of Assignment

Work consists of a variety of duties involving many different, diverse, and unrelated IT processes and methodologies—such as multi-cloud ecosystems, zero-trust architecture, and intelligent automation—applied across systems administration, cybersecurity, and customer support functions.

What Needs to Be Done

The employee decides what needs to be done by:

• Evaluating unusual circumstances such as decentralized data environments, hybrid infrastructure, or edge computing.
• Considering different approaches, including adaptive automation, layered defense strategies, or low-code/no-code tools for service delivery.
• Dealing with incomplete or conflicting data from monitoring systems, user reports, or security logs.

Difficulty and Originality Involved

The employee uses judgment and originality by:

• Interpreting structured and unstructured data from logs, diagnostics, and user feedback.
• Planning and prioritizing work across multiple systems and platforms.
• Refining methods and techniques to optimize system reliability, cybersecurity resilience, and service delivery.

Level 4‑4 — 225 Points

Cluster 2 – IT Development and Analysis

Nature of Assignment

Work consists of a variety of duties involving many different, diverse, and unrelated IT processes and methodologies, such as modular application frameworks, API-driven architectures, and intelligent automation, across application development, data management, and web services. Assignments often require integrating tools and technologies across platforms and disciplines, including low-code/no-code environments, open-source libraries, and cloud-native services.

What Needs to Be Done

The employee decides what needs to be done by:

• Evaluating unusual circumstances such as decentralized data environments, cross-platform application dependencies, or real-time data streaming.
• Considering different approaches, including adaptive algorithms, machine learning outputs, or containerized deployment strategies.
• Dealing with incomplete, conflicting, or evolving requirements from stakeholders, users, or system constraints.

Difficulty and Originality Involved

The employee uses judgment and originality by:

• Interpreting structured and unstructured data from diverse sources to inform design and development decisions.
• Planning and sequencing development, testing, and deployment activities across multiple systems and environments.
• Refining methods and techniques to optimize application performance, data integrity, and user experience, while ensuring cybersecurity and accessibility compliance.

Level 4‑4 — 225 Points

Cluster 3 – IT Strategy and Planning

Nature of Assignment

Work consists of a variety of duties involving many different, diverse, and unrelated IT processes and methodologies—such as enterprise architecture frameworks, zero-trust principles, multi-cloud governance, and intelligent automation applied to strategic planning, policy development, and enterprise IT alignment.

What Needs to Be Done

The employee decides what needs to be done by:

• Evaluating unusual circumstances such as decentralized data environments, evolving enterprise architecture maturity, or conflicting stakeholder priorities.
• Considering different approaches, including modular platforms, adaptive governance models, and low-code/no-code tools for planning and documentation.
• Dealing with incomplete, ambiguous, or conflicting data from business units, technical teams, or external partners.

Difficulty and Originality Involved

The employee uses judgment and originality by:

• Interpreting structured and unstructured data from architectural artifacts, policy documents, and system assessments.
• Planning and sequencing work across interdependent IT governance, architecture, and compliance activities.
• Refining methods and techniques to optimize strategic alignment, cybersecurity resilience, and enterprise service delivery.

 

Level 4‑5 — 325 Points

Illustration(s)

 

Level 4‑5 — 325 Points

Cluster 1 – IT Operations and Security

Nature of Assignment

Work consists of a variety of duties requiring the application of many different, diverse, and unrelated processes and methods to a broad range of IT activities or functions—such as digital infrastructure, systems integration, and enterprise-wide technologies. Assignments often involve in-depth analysis of IT issues related to interoperability, cybersecurity, and performance optimization across hybrid and multi-cloud environments.

What Needs to Be Done

The employee makes decisions that involve significant uncertainties regarding the most effective approach or methodology to apply, such as selecting a digital strategy, enterprise architecture model, or technical methodology. These decisions are shaped by:

• Ongoing evaluation of stakeholder and customer business requirements.
• Rapidly evolving and emerging technologies, such as zero-trust architecture, AI-driven automation, or edge computing.

Difficulty and Originality Involved

The employee:

• Develops new IT standards, methods, and techniques for operations, support, and security.
• Evaluates the impact of technological change across IT infrastructure domains, including legacy modernization and system life-cycle management.
• Conceives solutions to highly complex technical issues involving governance, resilience, user experience, or cross-functional integration.

The work frequently involves integrating the activities of multiple IT functional areas, such as cybersecurity, systems administration, and network engineering.

Level 4‑5 — 325 Points

Cluster 2 – IT Development and Analysis

Nature of Assignment

Work consists of a variety of duties requiring the application of many different, diverse, and unrelated processes and methods to a broad range of IT activities or functions, such as full-stack development, data architecture, and enterprise-wide web services. Assignments often involve in-depth analysis of IT issues related to system interoperability, data integrity, and performance optimization across distributed platforms.

What Needs to Be Done

The employee makes decisions that involve significant uncertainties regarding the most effective approach or methodology to apply, such as selecting a development framework, data architecture model, or integration strategy. These decisions are shaped by:

• Ongoing evaluation of stakeholder and customer business requirements.
• Rapidly evolving and emerging technologies, such as AI-assisted development, low-code/no-code platforms, and real-time analytics.

Difficulty and Originality Involved

The employee:

• Develops new standards, methods, and techniques for application development, data management, and web services.
• Evaluates the impact of technological change across application and data ecosystems, including cloud migration and platform modernization.
• Conceives solutions to highly complex technical issues involving user experience, data governance, and cross-functional integration.

The work frequently involves integrating the activities of multiple IT functional areas, including development, data engineering, and cybersecurity.

Level 4‑5 — 325 Points

Cluster 3 – IT Strategy and Planning

Nature of Assignment

Work consists of a variety of duties requiring the application of many different, diverse, and unrelated processes and methods to a broad range of IT activities or functions, such as digital strategy, enterprise architecture, and IT governance. Assignments often involve in-depth analysis of IT issues related to interoperability, security, and performance optimization across enterprise-wide systems and platforms.

What Needs to Be Done

The employee makes decisions that involve significant uncertainties regarding the most effective approach or methodology to apply, such as selecting an enterprise architecture model, modernization roadmap, or governance framework. These decisions are shaped by:

• Ongoing evaluation of stakeholder and customer business requirements.
• Rapidly evolving and emerging technologies, such as multi-cloud environments, AI integration, and zero-trust security models.

Difficulty and Originality Involved

The employee:

• Develops new IT standards, methods, and techniques for strategic planning, architecture, and policy.
• Evaluates the impact of technological change across IT strategy and infrastructure domains, including legacy modernization and digital transformation.
• Conceives solutions to highly complex technical issues involving governance, resilience, and cross-functional integration.

The work frequently involves integrating the activities of multiple IT functional areas, including architecture, cybersecurity, operations, and policy.

Level 4‑5 — 325 Points

Nature of Assignment

Work consists of a variety of duties requiring the application of many different, diverse, and unrelated processes and methods to a broad range of IT activities or functions (e.g., digital infrastructure, systems integration, and enterprise-wide technologies). Often involve in-depth analysis of IT issues (e.g., related to interoperability, security, and performance optimization).

What Needs to Be Done

The employee makes decisions that involve significant uncertainties with regard to the most effective approach or methodology to be applied e.g., digital strategy, enterprise architecture model, or technical methodology). These changes typically result from:

• Ongoing evaluation of stakeholder and/or customer business requirements; or
• Rapidly evolving and/or emerging technology (e.g.,

Difficulty and Originality Involved

The employee:

• Develops new IT standards, methods, and techniques.
• Evaluates the impact of technological change across IT strategy and/or infrastructure domains (e.g., multi-cloud environments, legacy modernization efforts or system life-cycle management).
• Conceives of solutions to highly complex technical issues (e.g. involving governance, resilience, user experience, or cross functional integration).

The work frequently involves integrating the activities of multiple IT functional areas.

 

Level 4‑6 — 450 Points

Cluster 1 – IT Operations and Security

Nature of Assignment

Work consists of broad functions and processes such as:

• Planning and leading efforts to address IT operations and cybersecurity challenges in areas where precedents do not exist, such as integrating AI-driven threat detection, implementing quantum-resilient architectures, or modernizing legacy infrastructure in zero-trust environments.
• Establishing new operational concepts and governance structures to support evolving digital strategies, including enterprise-wide automation, cyber risk frameworks, and hybrid cloud orchestration.

Assignments are characterized by:

• Exceptional breadth of scale and intensity, often involving concurrent or sequential initiatives across multiple domains (e.g., systems engineering, cybersecurity, and service delivery).
• Engagement with internal and external stakeholders, including cross-functional teams, interagency partners, and vendors.
• Ongoing innovation to formulate and implement new operational models, digital policy structures, and strategic security solutions.

What Needs to Be Done

The employee determines what needs to be done by conducting extensive investigation and comprehensive analysis of largely undefined, emerging, or cross-domain conditions. This includes:

• Evaluating the impact of digital transformation on operational resilience.
• Anticipating and mitigating risks associated with ethical AI use, supply chain vulnerabilities, and next-generation IT capabilities.

Difficulty and Originality Involved

The employee makes continuing efforts to:

• Develop emergent operational frameworks, cybersecurity models, and adaptive service delivery strategies.
• Solve persistent challenges such as legacy system integration, cyber threat evolution, and enterprise-wide performance optimization that have previously resisted resolution.

Level 4‑6 — 450 Points

Cluster 2 – IT Development and Analysis

Nature of Assignment

Work consists of broad functions and processes such as:

• Planning and leading enterprise-scale initiatives to address application modernization, data integration, and digital service transformation in areas where precedents do not exist, such as synthetic data ecosystems, AI-assisted development, or decentralized data architectures.
• Establishing new concepts and approaches for digital governance, user experience design, and agile delivery frameworks that align with evolving organizational strategies.

Assignments are characterized by:

• Exceptional breadth and intensity, involving multiple concurrent or sequential activities across application, data, and web service domains.
• Engagement with internal and external stakeholders, including developers, data scientists, policy teams, and interagency collaborators.
• Ongoing innovation to implement new digital strategies, data governance models, and intelligent automation platforms.

What Needs to Be Done

The employee determines what needs to be done by conducting extensive investigation and comprehensive analysis of emerging technologies, user needs, and cross-domain dependencies. This includes:

• Evaluating the implications of digital transformation on data ethics, accessibility, and system interoperability.
• Designing solutions that anticipate future-state architectures and user expectations.

Difficulty and Originality Involved

The employee makes continuing efforts to:

• Develop new frameworks for secure, scalable, and user-centric digital platforms.
• Solve persistent challenges in data integration, application performance, and digital equity that have resisted traditional solutions.

Level 4‑6 — 450 Points

Cluster 3 – IT Strategy and Planning

Nature of Assignment

Work consists of broad functions and processes such as:

• Planning and leading strategic initiatives to address enterprise IT governance, architecture, and modernization in areas where precedents do not exist, such as integrating AI governance, quantum-resilient systems, or federated data strategies.
• Establishing new concepts and approaches for digital policy, investment prioritization, and interagency collaboration that support evolving organizational and national strategies.

Assignments are characterized by:

• Exceptional breadth and intensity, often involving concurrent or sequential efforts across architecture, policy, and strategic planning domains.
• Engagement with internal and external stakeholders, including senior executives, interagency councils, and industry partners.
• Ongoing innovation to formulate and implement new digital governance structures, strategic frameworks, and enterprise transformation models.

What Needs to Be Done

The employee determines what needs to be done by conducting extensive investigation and comprehensive analysis of undefined, emerging, or cross-domain factors. This includes:

• Evaluating the strategic impact of digital transformation, ethical AI deployment, and next-generation IT capabilities on agency mission and policy.

Difficulty and Originality Involved

The employee makes continuing efforts to:

• Develop new theories, frameworks, and strategic models for enterprise IT governance and modernization.
• Solve persistent challenges in interoperability, digital risk management, and strategic alignment that have resisted conventional approaches.

Level 4‑6 — 450 Points

Nature of Assignment

Work consists of broad functions and processes such as:

• Planning and leading efforts to address IT issues in areas where precedents do not exist (e.g. integration of AI systems, quantum-resilient architectures, etc.).
• Establishing new concepts and approaches, (e.g. innovative organizational methodologies, governance structures, or digital strategies in support of evolving organizational strategies).

Assignments are characterized by:

• Exceptional breadth of scale and intensity of effort.
• Often involving several activities being pursued concurrently or sequentially with engagement with internal and external stakeholders (e.g. cross-functional teams involved in hybrid computing environments, zero-trust architecture development or synthetic data modeling).
• Ongoing innovation to formulate and implement new concepts, digital policy structures, and strategic solutions.

What Needs to Be Done

The employee decides what needs to be done by conducting extensive investigation and comprehensive analysis of largely undefined, emerging, or cross domain factors and conditions to determine the nature and scope of problems and to devise solutions (e.g.  evaluating digital transformation impacts, ethical AI use, and next-generation IT capabilities).

Difficulty and Originality Involved

The employee makes continuing efforts to develop emergent concepts, frameworks, theories, or programmatic solutions (e.g. adaptive IT classification structures, ethical AI deployment models, predictive analytics environments), or to solve persistent challenges that have previously resisted solution.

 

Factor 5, Scope and Effect

This factor covers the relationships between the nature of work (i.e., the purpose, breadth, and depth of the assignment) and the effect of work products or services both within and outside the organization. Effect measures such things as whether the work output facilitates the work of others, provides timely services of a personal nature, or impacts on the adequacy of research conclusions. The concept of effect alone does not provide sufficient information to properly understand and evaluate the impact of the position. The scope of the work completes the picture to allow consistent evaluations. Consider only the effect of properly performed work. The primary components of this factor are: Scope of the Work and Effect of the Work.

 

Level 5‑3 — 150 Points

Cluster 1 – IT Operations and Security

Scope of the Work

Work involves addressing a variety of recurring technical issues related to system performance, user support, and IT infrastructure. Assignments require applying established IT operations, system administration, and security procedures to ensure continuity of service and compliance with organizational standards.

Effect of the Work

Work affects:

• The installation, configuration, and maintenance of IT systems and network components across platforms.
• The quality, integrity, and reliability of IT services delivered to internal and external users, including the confidentiality and availability of systems and data.

Level 5‑3 — 150 Points

Cluster 2 – Applications, Data, and Web Services

Scope of the Work

Work involves resolving a variety of common issues in application development, data management, and web services. Tasks are performed using established programming, database, and web development practices to ensure functionality, usability, and compliance with standards.

Effect of the Work

Work affects:

• The design, testing, and implementation of applications, databases, and websites that support mission-critical operations.
• The quality, integrity, and reliability of digital services and data-driven solutions provided to users and stakeholders.

Level 5‑3 — 150 Points

Cluster 3: IT Strategy and Planning

Scope of the Work

Work involves supporting strategic planning, policy development, and enterprise architecture activities by applying established frameworks and analytical methods. Assignments include gathering data, drafting documentation, and assisting in aligning IT initiatives with organizational goals.

Effect of the Work

Work affects:

• The planning and documentation of IT systems and enterprise architecture across platforms.
• The quality, integrity, and reliability of IT governance, compliance, and strategic alignment efforts throughout the organization.

Level 5‑3 — 150 Points

Scope of the Work

Work involves a variety of common problems, questions, or situations that are dealt with in accordance with established IT criteria.

Effect of the Work

Work affects:

• The design, testing, implementation, operation, or support of IT systems across platform(s); or the quality, integrity, and reliability of IT services.

 

Level 5‑4 — 225 Points

Cluster 1 – IT Operations and Security

Scope of the Work

Work involves:

• Establishing operational and security criteria aligned with IT frameworks (e.g., NIST, ITIL, Zero Trust).
• Formulating and leading projects involving systems integration, infrastructure modernization, and automation of operational workflows.
• Assessing the effectiveness of IT operations and cybersecurity programs using performance metrics, compliance audits, and service-level analytics.
• Investigating and analyzing a variety of unfamiliar IT conditions, such as emerging threats, hybrid cloud configurations, or complex incident response scenarios.

Effect of the Work

Work affects a wide range of agency activities or the activities of other organizations by:

• Enabling secure and resilient information system integration across platforms.
• Influencing enterprise-wide risk management processes and business continuity planning.
• Enhancing the reliability and performance of IT service delivery across the organization.

Level 5‑4 — 225 Points

Cluster 2 – IT Development and Analysis

Scope of the Work

Work involves:

• Establishing development, data, and web service criteria aligned with IT frameworks (e.g., DevSecOps, Agile, data governance models).
• Formulating projects involving application modernization, process automation, and digital service transformation.
• Assessing program effectiveness through analytics dashboards, user experience metrics, and compliance with accessibility and security standards.
• Investigating and analyzing unfamiliar IT conditions, such as cross-platform integration challenges, real-time data streaming, or AI-assisted development environments.

Effect of the Work

Work affects a wide range of agency activities or the activities of other organizations by:

• Driving enterprise-wide application and data integration strategies.
• Improving the quality, accessibility, and performance of digital services.
• Supporting mission-critical decision-making through reliable and secure data systems.

Level 5‑4 — 225 Points

Cluster 3 – IT Strategy and Planning

Scope of the Work

Work involves:

• Establishing strategic and architectural criteria aligned with enterprise IT frameworks (e.g., TOGAF, COBIT, Federal Enterprise Architecture).
• Formulating projects involving enterprise architecture, digital transformation, and IT governance modernization.
• Assessing program effectiveness through maturity models, performance scorecards, and strategic alignment reviews.
• Investigating and analyzing unfamiliar IT conditions, such as evolving stakeholder needs, emerging technologies, or conflicting policy requirements.

Effect of the Work

Work affects a wide range of agency activities or the activities of other organizations by:

• Shaping enterprise-wide IT strategy and investment decisions.
• Influencing cross-agency collaboration, system interoperability, and digital service delivery.
• Advancing the organization’s ability to adapt to technological change and policy mandates.

Level 5‑4 — 225 Points

Scope of the Work

Work involves:

• Establishing criteria aligned with IT frameworks.
• Formulating projects (e.g., involving system architecture, process automation, or digital transformation).
• Assessing program effectiveness (e.g., though data analytics, performance metrics, and IT governance standards).
• Investigating/analyzing a variety of unfamiliar IT conditions, problems, or issues.

Effect of the Work

Work affects a wide range of agency activities or the activities of other organizations (e.g., information system integration, risk management process, or enterprise-wide service delivery).

 

Level 5‑5 — 325 Points

Cluster 1 – IT Operations and Security

Scope of the Work

Work involves:

• Isolating and defining unprecedented technological conditions, such as emergent threats from adversarial AI models or systemic vulnerabilities in legacy cloud infrastructures.
• Resolving critical, cross-domain problems that span cybersecurity, systems administration, and enterprise operations.
• Developing, testing, and implementing new technologies—such as intelligent automation platforms, cryptographic agility frameworks, or zero-trust orchestration—within mission-critical IT environments.

Effect of the Work

Work affects technical decision-making by senior subject matter experts and contributes to the development and strategic implementation of major aspects of agency-wide IT programs. This includes:

• Influencing enterprise architecture modernization strategies.
• Shaping risk management frameworks and operational resilience policies.
• Enabling secure, scalable service delivery across the organization.

Level 5‑5 — 325 Points

Cluster 2 – IT Development and Analysis

Scope of the Work

Work involves:

• Isolating and defining unprecedented technological conditions, such as synthetic data generation for AI training, or integration challenges across federated data ecosystems.
• Resolving critical problems across application development, data architecture, and web service domains.
• Designing, testing, and deploying new technologies—such as intelligent automation platforms, adaptive user interfaces, or secure API gateways—within enterprise-scale digital environments.

Effect of the Work

Work affects technical decision-making by senior IT and data leaders and contributes to the strategic implementation of major agency-wide initiatives, including:

• Federated data governance strategies.
• Enterprise-wide application modernization.
• Digital service transformation and user experience optimization.

Level 5‑5 — 325 Points

Cluster 3 – IT Strategy and Planning

Scope of the Work

Work involves:

• Isolating and defining unprecedented technological and strategic conditions, such as systemic interoperability gaps, adversarial AI risks, or legacy system constraints in cloud-native transitions.
• Resolving critical problems that span enterprise architecture, IT governance, and digital transformation.
• Developing, testing, and implementing new technologies and frameworks—such as synthetic data ecosystems, cryptographic agility models, or AI governance protocols—within mission-aligned IT strategies.

Effect of the Work

Work affects high-level technical and policy decisions by senior executives and contributes to the development and strategic implementation of major agency-wide IT programs, including:

• Enterprise architecture modernization.
• Strategic IT investment planning.
• Cross-agency digital risk and governance frameworks.

Level 5‑5 — 325 Points

Scope of the Work

Work involves:

• Isolating and defining unprecedented technological conditions (e.g. emergent threats for adversarial AI models or systemic vulnerabilities with legacy cloud infrastructures).
• Resolving critical problems across domains.
• Developing, testing, and implementing new technologies (e.g. synthetic data ecosystems, intelligent automation platforms, cryptographic agility framework, etc.) within mission-oriented IT environments.

Effect of the Work

Work affects technical decision making by senior subject matter experts or contribute to the development and strategic implementation of major aspects of agencywide IT programs (e.g. enterprise architect moderation, federate data governance strategies, etc.).

 

Level 5‑6 — 450 Points

Cluster 1 – IT Operations and Security

Scope of the Work

Work involves planning, developing, and executing broad, strategically integrated assignments of significant public and governmental interest. These include:

• Leading cross-agency digital modernization initiatives focused on secure infrastructure, operational resilience, and cyber defense.
• Managing projects that span multiple domains such as cloud service orchestration, cybersecurity compliance, and AI-enabled threat detection.
• Driving innovation in operational models and security frameworks that influence federal IT operations and policy.

Effect of the Work

Work:

• Often leads to recommendations for realigning IT responsibilities among agencies or restructuring government-wide operational functions, such as zero trust implementation, post-quantum readiness, or AI-enabled digital support systems.
• Impacts large population segments over sustained periods through modernization of public-facing platforms, secure high-value data environments, and scalable infrastructure supporting long-term service delivery.

Level 5‑6 — 450 Points

Cluster 2 – IT Development and Analysis

Scope of the Work

Work involves planning, developing, and executing broad, strategically integrated assignments that are of significant public and governmental interest. These include:

• Leading cross-agency initiatives to modernize digital services, integrate enterprise data, and deploy intelligent applications.
• Managing projects that span multiple domains such as cloud-native development, secure data sharing, and AI governance.
• Establishing innovative digital strategies and governance models that shape the future of public service delivery.

Effect of the Work

Work:

• Often results in recommendations for restructuring how agencies manage application platforms, data governance, and digital services, such as federated data strategies, AI-assisted service delivery, or adaptive user experience frameworks.
• Impacts large population segments over sustained periods by enabling modernization of public platforms, secure data ecosystems, and scalable digital infrastructure.

Level 5‑6 — 450 Points

Cluster 3 – IT Strategy and Planning

Scope of the Work

Work involves planning, developing, and executing broad, strategically integrated assignments that are of significant public and governmental interest. These include:

• Leading cross-agency digital transformation efforts that align IT strategy with national priorities and mission outcomes.
• Managing projects that span multiple domains such as enterprise architecture modernization, AI governance, and cloud policy development.
• Establishing new digital policy structures and strategic frameworks that influence the direction of federal IT governance.

Effect of the Work

Work:

• Often leads to recommendations for realigning IT responsibilities across agencies or restructuring government-wide strategic functions, such as enterprise architecture reform, post-quantum readiness, or AI governance integration.
• Impacts large population segments over sustained periods by enabling long-term modernization of public services, secure digital ecosystems, and resilient infrastructure for mission-critical operations.

Level 5‑6 — 450 Points

Scope of the Work

Work involves planning, developing, and executing broad, strategically integrated assignments (e.g. cross agency digital modernization initiatives) and of significant public and the governmental interest. Projects typically span across multiple domains (e.g. cloud service orchestration, cybersecurity compliance, and AI governance) and exert strong influence across federal agencies.

Effect of the Work

Work:

• Often leads to recommendations for realigning IT responsibilities among agencies or restructuring government-wide functions (e.g. zero trust implementation, post quantum readiness, AI-enable digital support systems, etc.) or other equally significant changes in the future direction of IT programs.
• Impacts large population segments over sustained periods (e.g. modernization of public platforms, high-value data sharing environments, scalable infrastructure supporting long-term service delivery.)

Factor 6, Personal Contacts

These factors include face-to-face and remote dialogue (e.g., telephone, email, and video conferences) with people not in the supervisory chain. (Personal contacts with supervisors are under Factor 2 – Supervisory Controls.) Levels described under these factors consider what is required to make the initial contact, the difficulty of communicating with those contacted, the setting in which the contact takes place, and the nature of the discourse. The setting describes how well the employee and those contacted recognize their relative roles and authorities. The nature of the discourse defines the reason for the communication and the context or environment in which the communication takes place. For example, the reason for communicating may be to exchange factual information or to negotiate. The communication may take place in an environment of significant controversy and/or with people of differing viewpoints, goals, and objectives.

Only credit points under Factors 6 and 7 for contacts essential for successfully performing the work and with a demonstrable impact on its difficulty and responsibility. Factors 6 and 7 are interdependent, so use the same personal contacts to evaluate both factors.

Determine the appropriate level for Personal Contacts and the corresponding level for Purpose of Contacts. Obtain the point value for these factors from the intersection of the two levels as shown on the Point Assignment Chart at the end of this section.

Personal Contacts

Level 6−1 ⎯ 10 points

The personal contacts are with employees within the immediate office or related offices. Limited contacts with the public.

Level 6−2 ⎯ 25 points

The personal contacts are with employees and managers in the agency, both inside and outside the immediate office or related units, as well as employees, representatives of private concerns, and/or the general public, in moderately structured settings. Contact with employees and managers may be from various levels in the agency, such as:

• Headquarters
• Regions
• Districts
• Field offices
• Other operating offices at the same location.

 

Level 6−3 ⎯ 60 points

Individuals or groups from outside the agency, including consultants, contractors, vendors, or representatives of professional associations, the media, or public interest groups, in moderately unstructured settings. This level may also include contacts with agency officials who are several managerial levels removed from the employee when such contacts occur on an ad hoc basis. Must recognize or learn the role and authority of each party during the course of the meeting.

 

Level 6−4 ⎯ 110 points

High-ranking officials from outside the agency at national or international levels, in highly unstructured situations. Typical contacts at this level include:

• Heads of other agencies and Presidential advisors
• Members of Congress
• State governors or mayors of major cities
• Leading representatives of foreign governments
• Executives of comparable private sector organizations
• Leaders of national stakeholder and/or interest groups
• Nationally recognized representatives of the news media on IT matters of national importance.

 

Factor 7, Purpose of Contacts

Level 7−1 ⎯ 20 points

To acquire, clarify, or exchange information needed to complete the assignments, regardless of the nature of the information. The information may range from easily understood to highly technical.

 

Level 7−2 ⎯ 50 points

To plan, coordinate, or advise on work efforts, or to resolve issues or operating problems by influencing or persuading people who are working toward mutual goals and have basically cooperative attitudes. Contacts typically involve identifying options for resolving problems.

 

Level 7−3 ⎯ 120 points

To influence and persuade employees and managers to accept and implement findings and recommendations. May encounter resistance as a result of issues, such as organizational conflict, competing objectives, or resource problems. Must be skillful in approaching contacts to obtain the desired effect; e.g., gaining compliance with established policies and regulations by persuasion or negotiation.

 

Level 7−4 ⎯ 220 points

To present, justify, defend, negotiate, or settle matters involving significant or controversial issues; e.g., recommendations changing the nature and scope of programs or dealing with substantial expenditures. The work usually involves active participation in conferences, meetings, hearings, or presentations involving problems or issues of considerable consequence or importance. People contacted typically have diverse viewpoints, goals, or objectives requiring the employee to achieve a common understanding of the problem and a satisfactory solution by convincing them, arriving at a compromise, or developing suitable alternatives.

 

Factor 8, Physical Demands

This factor covers the requirements and physical demands placed on the employee by the work assignment. This includes physical characteristics and abilities (e.g., agility or dexterity requirements) and the physical exertion involved in the work (e.g., climbing, lifting, pushing, balancing, stooping, kneeling, crouching, crawling or reaching). The frequency or intensity of physical exertion must also be considered.

Note: Laws and regulations governing pay for irregular or intermittent duty involving unusual physical hardship or hazard are in section 5545(d), of title 5, United States Code, and Subpart I of part 550 of title 5, Code of Federal Regulations.

 

Level 8−1 ⎯ 5 points

The work is sedentary. Some work may require walking and standing in conjunction with travel and to attendance at meetings and conferences away from the work site. Some employees may carry light items, such as papers, books, or small parts, or drive a motor vehicle. The work does not require any special physical effort.

 

Factor 9, Work Environment

This factor considers the discomfort and risk of danger in the employee’s physical surroundings and the safety precautions required. Although safety regulations and techniques can reduce or eliminate some discomfort and dangers, they typically place additional demands upon the employee.

Note: Laws and regulations governing pay for irregular or intermittent duty involving unusual physical hardship or hazard are in section 5545(d), of title 5, United States Code, and Subpart I of part 550 of title 5, Code of Federal Regulations.

 

Level 9−1 ⎯ 5 points

The work area is adequately lighted, heated, and ventilated. The work environment involves everyday risks or discomforts that require normal safety precautions. Some employees may occasionally be exposed to uncomfortable conditions in such places as research and production facilities.