OPM.gov /

Competency-Based Classification Standard for the Information Technology Management Series, 2210

Introduction

This position classification standard (PCS) provides series definitions, titling instructions, and grading criteria for nonsupervisory administrative positions in the Information Technology Group, 2200, for General Schedule (GS) and other “white collar” pay plans. In the General Schedule position classification system established under chapter 51 of title 5, United States Code, the positions addressed here would be two-grade interval positions.

This PCS is divided into three parts. Part I contains occupational information that is applicable to Federal work covered by the PCS without regard to pay plan or classification system. Part II provides the grading criteria for positions classified in accordance with GS grade definitions. Part III includes explanatory material about the development of this PCS and will be updated after this draft is finalized.

The term “General Schedule” or “GS” traditionally denotes the major position classification system and pay structure for white collar work in the Federal Government. Agencies no longer subject to chapter 51 have replaced the GS pay plan indicator with agency-unique pay plan indicators. For that reason, reference to General Schedule or GS has been omitted from much of this PCS.

Coverage

This position classification standard covers the following occupational series:

Information Technology Management, 2210

Establishing the Occupational Series and Standard

Issuance of this PCS establishes, renames, modifies, or cancels occupational series and classification standards and guidance as described in the following table. The table also indicates how to classify work previously covered by classification standards affected by this issuance.

New/Previous Series or Guidance

Action Taken / How to Classify

Work Previously Covered

Information Technology Management, 2210

Renames and supersedes the Information Job Family Standard (JFS) for Administrative Work in the IT Group, 2200 last revised October 2018, to the Information Technology Position Classification Job Standard, 2210.

General Series Determination Guidelines

Selection of the correct series for a position is an essential part of the entire human resources management process for a variety of reasons. For example, qualification requirements used in recruiting are based on the series of the position; career ladders are influenced by the series; and organizational structure is often designed with consideration of the series of assigned positions.

Determining the correct series for a position is usually apparent by reviewing the assigned duties and responsibilities and then comparing them to the series definitions and general occupational information the PCS provides. Generally, the series determination for a position is based on the primary work of the position, the highest level of work performed, and the paramount knowledge required to do the work of the position. Normally, it is fairly easy to make this decision. However, in other instances, determining the correct series may not be as obvious.

Use the following guidelines to determine the predominant series when the work of a position matches more than one occupation or occupational group.

Paramount knowledge Although there may be several different kinds of work in the position, most positions will have a paramount knowledge requirement. The paramount knowledge is the most important type of subject matter knowledge or experience required to do the work.
Reason for the position’s existence. The primary purpose of the position or management’s intent in establishing the position is a positive indicator for determining the appropriate
Organizational mission and/or function. Positions generally align with the mission and function of the organization to which they are assigned. The organization’s function is often mirrored in the organizational title and may influence the appropriate series.
Recruitment Supervisors and managers can help by identifying the occupational series providing the best qualified applicants to do the work. This is closely related to the paramount knowledge required.

Although the work of some positions may include administrative work requiring information technology knowledge and skills, classification to the Information Technology Group, 2200, may not be appropriate. The Additional Occupational Considerations section of this PCS provides examples where the work may involve applying related knowledge and skills, but not to the extent that it warrants classification to this job family.

Additional information may be found in The Classifier’s Handbook.

Distinguishing Between IT Workers and IT Users

In many work situations, it is common for employees to use technology in performing assigned duties and responsibilities. This use may vary from writing documents and researching online to creating complex spreadsheets, managing databases, or designing graphics. In most of these situations, information technology (IT) systems are used as a tool to complete job-related tasks, but the work product itself is not IT-focused. Although these positions may require knowledge and proficiency in IT applications and tools, they do not involve the design, development, delivery, or direct support of IT systems and services. Instead, such positions depend on subject-matter expertise where IT is used to enhance outcomes; not as the core of the job. In many cases, an employee with advanced knowledge and skill in the use of IT systems may be regarded as the IT “expert” in the immediate organization and relied upon by other employees for limited technical advice and assistance in the application of IT systems to the assignment area. However, in most cases, employees of this nature are sophisticated or advanced IT users and, as such, their positions should be classified to the appropriate subject-matter series associated with the assignment area rather than to an occupational series and specialty covered by this standard. The work covered by this standard requires knowledge of IT systems, concepts, and methods as the paramount requirement in comparison to IT user positions that require paramount knowledge of other subject-matter principles, concepts, and methods and ancillary knowledge of IT systems, concepts, and methods. In some cases, the ancillary knowledge of information technology may be identified as a required qualification or selective factor for rating applicants for a position, but this requirement does not justify assignment of the position to the IT occupational group. Refer to the Additional Occupational Considerations section for further information.

Distinguishing Between Administrative Work and Professional Work

It is not always easy to distinguish between administrative work classified in two-grade interval occupational series, such as the series covered by this standard, and professional work classified in two-grade interval occupational series, such as the Data Science Series, 1560, and the Computer Engineer Series, 0854. Some tasks are common to both types of occupations, particularly at the entry and developmental grade levels of professional work and the higher-grade levels of administrative work sometimes some similarities. To determine the proper occupational series, consider the characteristics and requirements of the work as well as management’s intent in establishing the position. In making this determination, the following information should be considered:

Is it a developmental position with clear progression to higher grade levels as a specialist based on progressively more difficult assignments requiring the application of:

a broad knowledge of IT principles, concepts, and methods;
a high degree of analytical ability;
skill in problem solving;
skill in communicating effectively, both orally and in writing; and
an understanding of the interrelationships between the different IT specialties.

Professional Information Technology Work Involves:

Broad range of responsibilities related to policy, planning, strategic alignment and governance.
Focusing on IT strategy, cybersecurity policies, enterprise architecture, project management, IT business alignment.
Understanding theories and assumptions, principles and the underlying relationship of professional IT role and its cross-functional responsibilities ensuring IT technology serves organization’s objective effectively.
Overseeing technical teams.
Applying a range and depth of knowledge acquired specifically through an intensive learning regimen of the phenomena, theories, and concepts of scientific body of information technology.
Identifying, analyzing, advising, consulting, and reporting on scientific, theoretical, and factual data, conditions, and problems related to IT strategy, policymaking, compliance and resources allocation.
Defining IT policies, framework and the best practices.
Articulating and directing IT initiatives and vision and ensuring organization mission and goals are aligned with organization’s business objective.
Staying abreast of, and evaluating, scientific subjects, analyses, laws, regulations, policies, and ethics in information technology.

Administrative Information Technology Work involves:

Operation-focused and hands-on technical tasks such as system administration, network engineering, hardware maintenance troubleshooting.
Using and completing recurring methods, standardized procedures and established processes.
Applying basic practical technical knowledge and experience, on-the-job activities of accepted methods, processes, standards in accordance with acceptable scientific principles and results.
Maintaining service network, servers, and cloud environment.
Building and maintaining IT applications.
Protecting assets based on strategic security policies.
Ensuring implementation and operational reliability of IT systems.
Ensuring technical compliance and security enforcement.
Implementing and optimizing IT solutions.
Coding, infrastructure configuration, hardware maintenance, and cybersecurity.

Understanding the Distinction between Professional and Administrative IT Work

When classifying federal positions, it is essential to distinguish between professional and administrative work. This distinction affects not only the occupational series assigned but also the qualification requirements, career progression, and alignment with agency mission needs. Professional work typically requires a positive education requirement and involves the application of scientific or theoretical knowledge, while administrative work focuses on managing programs, policies, and operations using practical knowledge and experience.

The table below outlines the key differences between these two categories of work:

Comparison Table: Professional vs. Administrative Work

Category	Professional Work	Administrative Work
Primary Focus	Application of theoretical principles from a recognized academic discipline	Execution of programmatic, policy, or operational responsibilities
Knowledge Base	Requires a positive education requirement (e.g., degree in computer science, engineering, accounting)	Based on practical knowledge, experience, and understanding of organizational functions
Nature of Work	Involves research, analysis, evaluation, and innovation	Involves planning, organizing, coordinating, and implementing established policies or procedures
Decision-Making	Requires independent judgment in applying scientific or technical principles	Requires judgment in applying policies and procedures, often within established frameworks
Examples of Work	· Designing algorithms · Conducting scientific research · Evaluating system architecture	· Managing IT procurement · Coordinating project schedules · Developing administrative procedures
Series Examples	· Computer Science (1550) · Computer Engineering (0854) · Data Science (1560) · Accounting (0510)	· IT Management (2210) · Program Analyst (0343) · Management Analyst (0343)
Work Products	Results in new knowledge, systems, or innovations	Results in efficient operations, compliance, and resource management
Supervision	May lead technical teams or conduct independent research	May supervise other IT employees, lead multifunction teams, support staff or coordinate across departments
Evaluation Criteria	Based on technical accuracy, innovation, and theoretical application	Based on efficiency, effectiveness, and adherence to policy

Summary

The distinction between professional and administrative work is foundational to accurate position classification. Professional positions require the application of scientific, mathematical, or theoretical knowledge, typically gained through formal education, and are classified in series such as 1550 (Computer Science), 0854 (Computer Engineering), or 1560 (Data Science). In contrast, administrative positions, such as those in the 2210 IT Management Series, focus on the oversight, coordination, and implementation of IT programs and services, relying on practical knowledge and experience rather than academic specialization.

To ensure proper classification:

Refer to the Introduction to the Position Classification Standards (PCS),
Review the Additional Occupational Considerations section in the PCS,
Analyze the paramount knowledge required, the nature of the work, and the qualifications needed,
Determine whether the work aligns with the IT 2210 series or a professional series requiring a positive education requirement.

General Series, Titling, and Occupational Guidance

Information Technology Management, 2210

Qualification Standard

Official Titling Provisions

Title 5, United States Code, requires the U.S. Office of Personnel Management (OPM) to establish the authorized official position titles which include a basic title (e.g., Information Technology Specialist) that may be appended with one or more prefixes and/or suffixes. Agencies must use official position titles for human resources management, budget, and fiscal purposes. Instructions for assigning official position titles are provided in this section.

Supervisors and Leaders

Add the prefix “Supervisory” to the basic title when the agency classifies the position as supervisory. If the position is covered by the General Schedule refer to the General Schedule Supervisory Guide for additional titling and grading information.

Add the prefix “Lead” to the basic title when the agency classifies the position as leader. If the position is covered by the General Schedule refer to the General Schedule Leader Grade Evaluation Guide for additional titling and grading information.

Specialty or Parenthetical Titles

There are no specialty or parenthetical titles specified for this series. Agencies may supplement the official title with agency established parenthetical titles if necessary for recruitment or other human resources needs. A parenthetical designation should be used only when it is decided that it would add materially to the understanding and identification of the position. Parenthetical titles should be used only where it would be helpful or necessary to identify further the duties and responsibilities involved, and such duties and responsibilities reflect special knowledge and skills needed to perform the work. In all cases where a parenthetical title is used, the position description must reflect the duties which support the parenthetical designation.

Organizational Titles

Organizational and functional titles do not replace, but complement, official position titles. Agencies may establish organizational and functional titles for internal administration, public convenience, or similar purposes. Examples of organizational titles are Branch Chief and Division Chief. Examples of functional titles are Chief of Network Management, Chief of Cybersecurity, and Cybersecurity Division Chief.

IT 2210 Classification Crosswalk by Cluster (with Unofficial Titles)

IT Cluster	Basic Federal Title	Common Specialties	Unofficial/Descriptive Titles	NICE Work Role Codes	OPM Cyber Job Codes & Names
IT Operations and Security	IT Specialist IT Cybersecurity Specialist	Customer Support, Systems Administration, Security, Cybersecurity	- Cybersecurity Analyst - Network Engineer - IT Support Specialist - Cloud Security Engineer	- OM-ADM-001 (System Administrator) - OM-STS-001 (Help Desk Technician) - PR-CDA-001 (Cyber Defense Analyst) - PR-INF-001 (Incident Responder)	- 805: IT Customer Support - 807: IT Systems Administration - 901–916: Cybersecurity
IT Development and Analysis	IT Specialist	Applications Software, Data Management, Systems Analysis	- Software Developer - Data Analyst - Data Scientist - Application Engineer	- SP-DEV-001 (Software Developer) - AN-ASA-001 (Systems Analyst) - AN-DSA-001 (Data Scientist)	- 808: IT Systems Development - 814: IT Data Science and Analytics
IT Strategy and Planning	IT Specialist Program Manager Project Manager	Policy and Planning, Enterprise Architecture, Program Management, Project Management	- Enterprise Architect - IT Program Manager - IT Project Manager - Strategic IT Planner	- OV-SPP-002 (Enterprise Architect) - OV-SPP-003 (Strategic Planner) - OV-PMA-001 (Program Manager) - OV-PMA-002 (Project Manager)	- 801: IT Program Management - 803: IT Policy and Planning - 804: Enterprise Architecture

Official Titling Guidance

To support the use of descriptive or functional job titles in job announcements and working titles, refer to the latest OPM guidance:

OPM Job Titling Guidance Memo (September 2025)

This memo encourages agencies to:

Use plain language, functional titles in job postings
Align federal job announcements with private-sector terminology
Maintain official federal titles for personnel documentation while using descriptive working titles for clarity and outreach

Series Definition

This series covers two-grade interval administrative positions that manage, supervise, lead, administer, develop, deliver, and support information technology (IT) systems and services across three primary clusters:

IT Operations and Security – Ensures the day-to-day functionality, security, and resilience of IT infrastructure, including systems administration, network operations, and cybersecurity.
IT Development and Analysis – Focuses on designing, developing, testing, and implementing software applications, data solutions, and web/internet services to meet mission needs.
IT Strategy and Planning – Provides long-term vision, governance, and alignment of IT initiatives with organizational goals through strategic planning, policy development, and enterprise architecture.

Positions in this series require IT principles, concepts, and methods as the paramount qualification, including knowledge of systems architecture, software development, data lifecycle management, networking, and cybersecurity. Information technology encompasses automated and digital systems used for acquiring, storing, manipulating, managing, transmitting, and securing information. Work performed in this series includes broad knowledge of computers, network components, cloud infrastructure, peripheral equipment, software, firmware, services, and related resources, as well as emerging technologies such as artificial intelligence (AI), machine learning (ML), automation tools, and zero-trust security frameworks that enable secure, efficient, and resilient IT operations.

Titling

Basic titles for this occupation are:

Information Technology Specialist or IT Specialist

Work that involves developing, delivering, and supporting IT systems and services is Information Technology Specialist or IT Specialist. Agencies may use organizational or functional titles with the basic title to further identify the duties and responsibilities performed and the special knowledge and skills needed.

IT Cybersecurity Specialist

Work that involves the security of and operations in cyberspace and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery activities, including computer network operations, information assurance, diplomacy, military, and intelligence missions as they relate to securing the global information and communication infrastructure.” (Note – See Interpretive Guidance for Cybersecurity Positions for evaluation criteria and information regarding this work.)

IT Program Manager

Work that involves managing one or more major multi-year IT initiatives of such magnitude must be carried out through multiple related IT projects. The IT Program Manager leads, coordinates, communicates, integrates and is accountable for the overall success of the program, ensuring alignment with critical agency priorities. They are responsible for ensuring the work efforts achieve the outcome specified within the agency’s business strategy, including appropriate strategic, life cycle management and capital IT investment plans. Work includes project selection, prioritization, evaluation and monitoring, cost schedule management, risk management, quality management and resource allocations.

IT Project Manager

Work that involves directly managing information technology projects to provide a unique service or product. (Note – See Interpretive Guidance for IT Project Managers for evaluation criteria and information regarding this work.)

No parenthetical titles are specified for this series. Agencies may construct supplemental parenthetical titles that further describe and differentiate work. Refer to the OPM Cybersecurity Codes Linked to the NICE Cybersecurity Workforce Framework and the NICE Workforce Framework for Cybersecurity (NICE Framework) | NICCS on additional titling options representing the skills your agency needs for hiring talent. Determining a title that aligns with the key skills of a position is required. Refer to the organizational and the parenthetical titling guidance above for appropriately using additional titling.

General Occupational Information

Information technology (IT) refers to systems and services used in the automated acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, assurance, or reception of information. IT includes computers, network components, peripheral equipment, software, firmware, services, and related resources.

Perhaps no other occupation has experienced such dramatic and constant changes that have affected the IT occupation in recent years. The growing use of information technology throughout our economy has resulted in an unprecedented explosion in the demand for skilled IT workers. This phenomenon affects virtually every aspect of the IT human resources management process from recruitment to retirement. The position classification function is no exception. Continuous, significant developments in technology and its application dramatically influence the occupation, with a particular emphasis on information security and cybersecurity. As more information, products, and services become widely available to customers by way of shared resources, the need to assure confidentiality, resiliency, integrity, and availability of systems, networks, and data has become increasingly important.

Previously, OPM prescribed eleven parenthetical titles for the 2210 Information Technology Management series. However, the information technology field continues to evolve at a pace that makes such title prescriptions restrictive and impractical. Jobs within IT frequently vary so extensively throughout the government that it is not possible to reflect all the possible combinations and permutations of duties and responsibilities in a standard. To assist in alleviating this challenge, information technology work has been identified and grouped into clusters in order to further highlight potential duties and responsibilities, specialized competencies and skills, and technological advancements shaping these roles. As IT continues to evolve, organizations increasingly rely on technology such as artificial intelligence, machine learning, and cloud computing to optimize data management, automate workflows, and enhance overall efficiency. Although multiple skills and tasks are represented by these clusters, the criteria for their establishment reflect the reality of the rapid advancement of technology, possible differences organizations may have in their requirements for filling these positions, and differences between specific organizational and functional structures. In order to align the critical role of competencies with classification, skills-based hiring, and workforce planning, agencies may create functional areas or identify specializations for quality ranking or selective certification. These measures can help to verify candidates who possess the technical expertise, specialized credentials, and experience necessary for positions managing AI-driven solutions, cloud-based infrastructure, and collaborative digital ecosystems. Agencies may also create their own organization-specific IT specialties as needed to ensure that candidates possess the necessary qualifications and expertise, and to adapt to advancements in technology, ensuring their workforce remains equipped to handle emerging digital challenges.

Information Technology plays a crucial role in modern organizations, ensuring seamless operations, efficient system development, and strategic alignment with business goals. Three clusters of information technology work have been outlined below: IT Operations and Security, IT Development and Analysis, and IT Strategy and Planning.

IT Operations and Security

This cluster involves the planning, installation, operation, and maintenance of hardware and software systems, as well as ensuring the security and integrity of systems, networks, and data. It includes functions such as system administration, network services, customer support, and information security. Employees in this cluster establish and sustain the confidentiality, integrity, and availability of systems, networks, and data through the development and implementation of security programs, policies, procedures, and digital tools.

Types of work may include but is not limited to:

the planning, analysis, design, development, testing, quality assurance, configuration, installation, implementation, integration, maintenance, and/or management or administration of network systems used for the transmission and exchange of information and resources in digital communication formats and platforms.
ensuring the confidentiality, integrity, and availability of systems, networks, and data through the planning, analysis, development, implementation, maintenance, and enhancement of information systems security programs, policies, procedures, and tools.
planning and coordinating the installation, testing, operation, troubleshooting, and maintenance of hardware and software systems.
the planning and delivery of customer support services, including installation, configuration, troubleshooting, customer assistance, and/or training, in response to customer requirements.
the planning, installation, configuration, testing, implementation, and management of the systems environment in support of the organization’s IT architecture and business needs.

IT Development and Analysis

This cluster focuses on the design, development, testing, and implementation of new and improved information systems. This includes application software development, systems analysis, data management, and web/internet services. Employees in this cluster perform needs analyses, consult with customers to identify specific system needs, develop overall functional requirements, conduct business process reengineering, and prepare business cases for the application of IT solutions.

Types of work may include but are not limited to:

the review and evaluation of information technology processes and procedures to support the planning, design, and implementation of new or improved technology systems to meet business
the requirements analysis, design, documentation, development, modification, testing, deployment, and maintenance of new or existing software and applications.
the planning, development, collection, implementation, security, storage, maintenance, utilization, and administration of systems for the acquisition, storage, and retrieval of data throughout its lifecycle.
the technical planning, design, development, testing, implementation, and management of internet, intranet, and extranet activities, including systems/applications development and technical management of websites.

IT Strategy and Planning

This cluster encompasses strategic planning, policy development, and enterprise architecture. This involves aligning IT strategies with organizational goals and objectives, setting the overall direction and vision for IT within the organization. Employees in this cluster develop and maintain strategic plans, assess policy needs, provide policy guidance, prepare IT budgets, manage IT investment portfolios, and conduct audits of IT programs and projects.

Types of work may include but are not limited to:

the strategic research, analysis, planning, design, implementation, documentation, assessment, and management of the enterprise structural framework to align IT strategy, plans, and systems with the mission, goals, structure, and business processes of the organization.
a broad spectrum of IT management activities that typically extend and applies to an entire organization or major components of an organization. This includes strategic planning, capital planning and investment control, workforce planning, policy and standards development, resource management, knowledge management, auditing, and information security management.

In addition to the three foundational IT clusters: IT Operations and Security, IT Development and Analysis, and IT Strategy and Planning, each representing a distinct domain of expertise within the federal IT workforce the following table provides a comparison of the three clusters. To support accurate classification, workforce planning, and alignment with the NICE Framework and OPM Cyber Job Coding structure, the table below provides a side-by-side comparison of these clusters. It highlights their core functions, typical roles, and how they differ in purpose and scope.

IT Cluster Comparison Table with NICE and OPM Cyber Job Code Names

IT Cluster	Definition	Common Roles	Distinguishing Focus	NICE Work Role Codes	OPM Cyber Job Codes & Names
IT Operations and Security	Encompasses the planning, installation, operation, maintenance, and protection of IT systems, networks, and data.	Network Administrator, Systems Administrator, Cybersecurity Analyst, IT Support Specialist	Ensures secure, stable, and efficient IT infrastructure and services.	- OM-ADM-001 (System Administrator) - PR-CDA-001 (Cyber Defense Analyst) - OM-STS-001 (Help Desk Technician)	- 805: IT Customer Support - 807: IT Systems Administration - 901–916: Cybersecurity (e.g., Cyber Defense Analyst, Security Architect, Incident Responder)
IT Development and Analysis	Involves the design, development, testing, and evaluation of software, applications, and systems to meet mission needs.	Software Developer, Application Engineer, Data Analyst, Systems Analyst	Builds and improves IT solutions through software engineering and data-driven insights.	- SP-DEV-001 (Software Developer) - AN-ASA-001 (Systems Analyst) - AN-DSA-001 (Data Scientist)	- 808: IT Systems Development - 814: IT Data Science and Analytics
IT Strategy and Planning	Focuses on long-term IT visioning, policy development, enterprise architecture, and strategic alignment with mission goals.	Enterprise Architect, IT Policy Analyst, Strategic Planner, IT Program Manager	Guides IT direction, governance, and investment decisions.	- OV-SPP-002 (Enterprise Architect) - OV-PMA-001 (Program Manager) - OV-SPP-003 (Strategic Planner)	- 801: IT Program Management - 803: IT Policy and Planning - 804: Enterprise Architecture

Summary of Distinctions

Operations and Security ensures the day-to-day functionality and protection of IT systems.
Development and Analysis focuses on creating and refining IT solutions and data products.
Strategy and Planning provides the vision, governance, and alignment of IT with organizational goals.

Each cluster supports a different phase of the IT lifecycle and requires distinct competencies, which are reflected in both the NICE Framework and OPM Cyber Job Coding Structure.

The Role of Competencies

Skills-based hiring emphasizes an individual’s capabilities and potential contributions over traditional credentials. Central to this approach are competencies—measurable patterns of knowledge, skills, abilities, behaviors, and other characteristics required for successful job performance.

In the fast-paced and ever-evolving field of Information Technology (IT), competencies must continuously adapt. This includes not only changes in technical knowledge and skills but also shifts in how emerging technologies reshape work behaviors, roles, and expectations. As the shelf life of skills shortens, it becomes increasingly important to update competencies in real time to reflect the demands of modern IT work.

Competencies serve as a unifying framework across multiple human capital functions. Many organizations, including those in the Federal Government, use competencies to integrate position classification, qualifications, and assessment policy. This integration ensures consistency and alignment across the talent lifecycle—from defining work and setting qualification standards to assessing candidates and developing the workforce.

Competency models have a proven track record in workforce development. They support the design of core curricula, training programs, and career pathways that align workforce capabilities with organizational needs. In IT, this alignment ensures that employees possess the up-to-date competencies necessary to deliver effective mission support and fosters a common language across roles and functions.

Competencies are also foundational to recruitment, assessment, selection, career development, succession planning, and retention. Identifying and evaluating critical competencies during the hiring process enhances staffing outcomes and builds a high-performing IT workforce. Sustaining, rewarding, and refreshing these competencies is essential for long-term workforce engagement and retention.

While competencies are often associated with individual qualifications, they also inform position classification standards. These standards, particularly through the Factor Evaluation System (FES), incorporate competencies in Factor 1 – Knowledge Required by the Position to define technical requirements and work contexts. Other classification factors similarly reflect a structured foundation of competencies.

In developing this Position Classification Standard (PCS), we have aligned IT competencies with all facets of IT work, including the knowledge, skills, abilities, and tasks required, to ensure effective integration with related human resources systems and programs. This alignment supports a cohesive approach to classification, qualifications, and assessment policy, enabling a more agile, capable, and mission-ready IT workforce.

Important General Competencies

Although there is a wide variability among positions in the IT Management Series, there are certain general competencies applicable to these types of positions. The IT 2210 Competency Based Qualifications Standard includes the following competency requirements described below as well as proficiency levels found at various grade levels throughout the series.

The specific important general competencies are defined below.

Attention to Detail - Is thorough when performing work and conscientious about attending to detail.
Customer Service - Works with clients and customers to assess their needs, provide information or assistance, resolve their problems, or satisfy their expectations; knows about available products and services; is committed to providing quality products and services. Note: Clients and customers include any individuals who use or receive the services or products that your work unit produces, including the general public, individuals who work in the agency, other agencies, or organizations outside the Government.
Decision Making - Makes sound, well-informed, and objective decisions; perceives the impact and implications of decisions; commits to action, even in uncertain situations, to accomplish organizational goals; causes change.
Information Management - Identifies a need for and knows where or how to gather information; organizes and maintains information or information management systems.
Interpersonal Skills - Shows understanding, friendliness, courtesy, tact, empathy, concern, and politeness to others; develops and maintains effective relationships with others; may include effectively dealing with individuals who are difficult, hostile, or distressed; relates well to people from varied backgrounds and different situations.
Oral Communication - Expresses information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
Problem Solving - Identifies problems; determines accuracy and relevance of information; uses sound judgment to generate and evaluate alternatives, and to make recommendations.
Reasoning - Identifies rules, principles, or relationships that explain facts, data, or other information; analyzes information and makes correct inferences or draws accurate conclusions.
Teamwork - Encourages and facilitates cooperation, pride, trust, and group identity; fosters commitment and team spirit; works with others to achieve goals.
Technical Competence – Uses knowledge that is acquired through formal training or extensive on-the-job experience to perform one's job; works with, understands, and evaluates technical information related to the job; advises others on technical issues.

Since the IT Series covers a broad and varied spectrum of positions some may require specialized KSAs and competencies not identified in these qualifications. In addition, to the general competencies identified as important for IT work, OPM as part of the Federal Workforce Competency Initiative for IT 2210 work in a separate issuance identified technical competencies for agency use. The IT 2210 technical competencies may be used for assessing and hiring talent as supported by a job analysis. In appropriate cases, selective factors may be constructed by agencies to indicate those knowledge and skills considered essential in producing a list of eligibles qualified to perform the duties of the position satisfactorily. The selective factors for a position should represent the basic qualifications for the job and must be demonstrably job-related and reflected in the duties and responsibilities assigned to the position. Selective factors must represent knowledge or skills required of a candidate at the time of entry into a position or those which could not be learned without a significant amount of training. For additional information concerning selective factors and a discussion of quality ranking factors, see the General Schedule Operations Handbook. The General Schedule Handbook also includes guidance on applying Competency Based Qualification Requirements.

Impact of Automation

Automation, artificial intelligence (AI), digital tools, and cloud technologies—alongside traditional IT systems—are now essential to enhancing program operations, organizational efficiency, and overall productivity across the federal workforce. These technologies empower employees to work more intelligently and effectively by enabling real-time project tracking, complex data analysis, file and information management, and the generation of actionable insights. Employees routinely input, store, and retrieve information across multiple digital platforms, often leveraging cloud-based systems. Additionally, internet-based and AI-powered tools are used to conduct research, streamline workflows, and improve the quality and impact of their work.

While these tools significantly enhance how work is performed, they do not change the fundamental nature or purpose of the work itself. The core requirement for successful performance remains the employee’s subject-matter knowledge, such as understanding rules, regulations, and work processes. Automation tools typically replace or supplement manual or machine-assisted methods, but they do not alter the paramount knowledge required to carry out the duties.

For example:

In the IT Operations and Security cluster, employees may use automated monitoring tools to detect network anomalies or AI-driven threat intelligence platforms to support cybersecurity operations. However, the classification of these roles still depends on the knowledge of security protocols, systems architecture, and incident response—not the tools themselves.
In the IT Development and Analysis cluster, software developers may use AI-assisted coding environments or automated testing frameworks, but the work remains rooted in the application of programming principles, system design, and data modeling.
In the IT Strategy and Planning cluster, professionals may use cloud-based dashboards and predictive analytics to inform enterprise architecture or policy decisions. Yet, the classification is based on their ability to interpret strategic objectives, apply governance frameworks, and align IT investments with mission goals.

Ultimately, the proper classification of positions must be based on the knowledge and skills required to perform the primary duties of the role—not on the tools used to execute those duties. This principle aligns with the guidance in the Introduction to the Position Classification Standards, the Additional Occupational Considerations, and the broader framework for determining whether a position belongs in the IT Management Series (GS-2210) or in a professional series requiring a positive education requirement or specialized expertise in another domain.

Additional Occupational Considerations

Some positions may include administrative work requiring IT knowledge and skills typically associated with the Information Technology Series, 2210 In some cases, a closer look may reveal classification to a series in this standard may not always be appropriate. The General Series Determination Guidelines section of this Standard offers guidance on selecting the most appropriate series.

The following table provides examples of work similar to work performed in the 2210 series, but not to the extent the paramount knowledge required, the reason for the position’s existence, the mission and/or function of the organization, and the recruitment source for the best qualified candidates would warrant classification to a series in this PCS.

NOTE: In the table below, the term job family standard is abbreviated as JFS, and position classification standard is abbreviated as PCS.

Table: Work Involvement and Corresponding Series Definitions

If Work Involves…	See This Standard or Series Definition
Knowledge of security concepts, methods, practices, and procedures as the paramount requirement in developing, evaluating, maintaining, and/or operating systems, policies, devices, procedures, and methods used for safeguarding information, property, personnel, operations, and materials.	Security Administration, 0080
Knowledge of a specific subject-matter field(s) (e.g., human resources management, inventory management) as the paramount requirement even when performing IT assignments.	Human Resources Management, 0200
Skill in the use of personal computers and knowledge of specialized and/or general office software applications, e.g., desktop publishing, to provide administrative support.	Miscellaneous Clerk and Assistant, 0303 Secretary, 0318
Operating or supervising the operation of computer systems, including the operation of peripheral equipment.	Computer Operation, 0332
IT support or services functions. Work requires a practical knowledge of IT systems, workflow, and controls.	Computer Clerk and Assistant, 0335
When the paramount qualification requirements are management and executive knowledge and when the position does not require competence in a specialized subject matter or functional area.	Program Management, 0340
Substantive knowledge of agency programs and activities; agency mission, policies, and objectives; management principles and processes; and analytical and evaluative methods as they relate to the evaluation of government programs and operations.	Management and Program Analysis, 0343
Acquisition, technical acceptance, installation, testing, modification, or replacement of telecommunications equipment, services, and systems.	Telecommunications, 0391
Designing new automated financial accounting systems or developing modifications to existing systems.	Accounting and Budget Group, 0500
Professional knowledge of mathematics, engineering, physics, or related fields as the paramount requirement even when performing IT assignments.	Natural Resources Management and Biological Sciences Group, 0400 Engineering and Architecture Group, 0800 Mathematical Sciences Group, 1500 Physical Science Group, 1300
Professional knowledge of fundamentals and principles of computer engineering; computer hardware, systems, software, and computer systems architecture and integration.	Computer Engineering, 0854
Communicating information through visual means that requires knowledge of the principles of visual design.	Visual Information, 1084
Professional knowledge of the theories, principles, and techniques of library science.	Librarian, 1410
Knowledge of one or more scientific, engineering, technical, or other fields and practical knowledge of techniques for organizing, accessing, or disseminating information.	Technical Information Services, 1412
Professional knowledge of theoretical foundations of computer science; specialized knowledge of design characteristics, limitations, and potential applications of information systems.	Computer Science, 1550
Applying data science principles, including statistical analysis, machine learning, data mining, and predictive modeling, to extract insights and support decision-making.	Data Science, 1560
Knowledge of investigative techniques, rules of evidence, Federal laws and statutes, and criminal laws in planning and conducting investigations of computer and Internet-related crimes.	Criminal Investigating, 1811
Knowledge of quality assurance methods, principles and practices in assuring the quality of products acquired and used by the Federal Government.	Quality Assurance, 1910
Operating computerized analytical test and diagnostic equipment to install, test, troubleshoot, maintain, and repair electronic equipment.	Electronic Equipment Installation and Maintenance Family, 2600
Preparing and updating subject-matter information on an organization’s Website that requires knowledge of subject-matter programs and processes and basic Website development techniques.	Appropriate subject-matter series

Crosswalk: Series Comparison with IT Work

Series	Title	Modern Work Description	Paramount Knowledge Required	IT Classification?
0080	Security Administration	Managing physical and information security systems	Security policies, procedures, and physical safeguards	❌ Not IT unless digital systems are central
0200	Human Resources Management	Managing HR systems, data, and workforce analytics	HR laws, policies, and practices	❌ IT user; not IT work
0303	Misc. Clerk and Assistant	Using office software for clerical support	Administrative procedures and office tools	❌ IT user; not IT work
0318	Secretary	Scheduling, correspondence, and digital file management	Office management and communication	❌ IT user; not IT work
0332	Computer Operation	Operating mainframes and peripheral systems	System operation procedures	⚠️ Possibly IT if duties expand to system administration
0335	Computer Clerk and Assistant	Providing IT-related clerical support	Workflow and data entry knowledge	❌ Entry-level support; not professional IT
0340	Program Management	Leading programs and initiatives	Executive and management knowledge	❌ Not IT unless technical oversight is required
0343	Management and Program Analysis	Evaluating programs using data and systems	Analytical methods and program knowledge	⚠️ Related to IT analytics but not IT unless systems design is involved
0391	Telecommunications	Installing and maintaining telecom systems	Telecom hardware, signal flow, and electronics	❌ IT‑adjacent; not IT unless IT systems are primary
0500	Accounting and Budget	Designing or modifying financial systems	Accounting principles and standards	❌ Not IT unless system design is paramount
0854	Computer Engineering	Designing hardware and embedded systems	Engineering, hardware, and systems integration	✅ Professional IT (requires positive education)
1084	Visual Information	Designing digital content and interfaces	Visual design and communication	❌ Related to IT (e.g., UX/UI), but not IT
1300	Physical Sciences	Applying scientific principles in IT contexts	Physics, chemistry, or related sciences	❌ Not IT unless IT knowledge is paramount
1410	Librarian	Managing digital and physical knowledge resources	Library science and metadata	❌ Not IT unless managing digital systems
1412	Technical Information Services	Disseminating technical content using IT tools	Technical subject matter and communication	❌ IT‑enabled, not IT
1500	Mathematical Sciences	Applying math and statistics to solve problems	Mathematics and modeling	⚠️ Related to IT (e.g., algorithms), but not IT unless systems are involved
1550	Computer Science	Designing software, algorithms, and systems	Computer science theory and application	✅ Core professional IT series
1560	Data Science	Applying machine learning and analytics	Data modeling, statistics, and AI	✅ Often IT; classified here if data science is paramount
1811	Criminal Investigating	Investigating cybercrime and digital forensics	Law enforcement and investigative techniques	❌ Not IT; cyber‑enabled law enforcement
1910	Quality Assurance	Ensuring software and system quality	QA principles and testing methods	⚠️ Related to IT testing; not IT unless systems design is involved
2600	Electronic Equipment Installation and Maintenance	Installing and repairing electronic systems	Electronics and diagnostic tools	❌ Technical support; not professional IT

Key Distinction: IT vs. Non-IT Work

IT Work (GS-2210) requires:

Knowledge of IT principles, concepts, and methods.
Application of IT systems, software, security, and architecture.
Work that is technical or analytical in nature, not just enabled by IT tools.

Non-IT Work involves:

Use of IT tools to perform non-technical duties.
Paramount knowledge in another discipline (e.g., HR, accounting, law enforcement).
Classification in a different occupational series, even if IT systems are used.

Crosswalk to the Standard Occupational Classification

The Office of Management and Budget requires all Federal agencies to use the Standard Occupational Classification (SOC) system for statistical data reporting purposes. The Bureau of Labor Statistics (BLS) uses SOC for the National Compensation Survey and other statistical reporting. OPM and other Federal agencies maintain a “crosswalk” between OPM authorized occupational series and the SOC codes to serve this need. These SOC codes and this requirement have no effect on the administration of any Federal human resources management system. The information in this table is for information only and has no direct impact on classifying positions covered by this job standard. The SOC codes shown here generally apply only to nonsupervisory positions in these occupations. As changes occur to the SOC codes, OPM will update this information. More information about SOC is available at http://stats.bls.gov/soc.

Federal IT Occupational Crosswalk (Updated for ONET Alignment)

IT Cluster	Specialty Areas	Position Title	SOC Code (Title-Based)	SOC Code (Series-Based)
IT Operations & Security	- Customer Support - Systems Administration - Network Operations - Cybersecurity - Cloud Infrastructure - Help Desk Services	- IT Specialist - IT Cybersecurity Specialist - Network Administrator - Cloud Operations Engineer	- 15-1231: Computer User Support Specialists - 15-1232: Network Support Specialists - 15-1244: Network & Computer Systems Administrators - 15-1212: Information Security Analysts - 15-1299: Computer Occupations, All Other	15-1299: Computer Occupations, All Other
IT Development & Analysis	- Software Development - Application Engineering - Data Management - Data Science - AI/ML Engineering - DevOps	- Software Developer - Data Scientist - Application Engineer - DevOps Engineer	- 15-1251: Software Developers - 15-1252: Software QA Analysts - 15-2051: Data Scientists - 15-1242: Database Administrators - 15-1243: Database Architects - 15-1299: Computer Occupations, All Other	15-1299: Computer Occupations, All Other
IT Strategy & Planning	- Enterprise Architecture - IT Policy & Governance - Strategic Planning - Program Management - Project Management - Digital Transformation	- Enterprise Architect - IT Program Manager - IT Project Manager - Strategic Planner	- 15-1241: Computer Network Architects - 11-3021: Computer & Information Systems Managers - 15-1299: Computer Occupations, All Other	15-1299: Computer Occupations, All Other 11-3021: CIS Managers (for PM roles)

Cross-Cutting Work Areas

Area	Description	Aligned SOC Codes
Artificial Intelligence (AI)	Designing and deploying AI/ML models for automation, decision support, and analytics	15-2051: Data Scientists 15-1299: Computer Occupations, All Other
Digital Services	Building and managing user-centered digital platforms and services	15-1251: Software Developers 15-1241: Network Architects 15-1299: Computer Occupations, All Other
Cloud Management	Architecting, deploying, and maintaining cloud-based infrastructure and services	15-1244: Network & Systems Administrators 15-1241: Network Architects 15-1299: Computer Occupations, All Other

Important Classification Note

All IT 2210 positions remain aligned with SOC 15-1299 (Computer Occupations, All Other) at the series level.
Specialty work aligns with more specific SOC codes based on duties (e.g., cybersecurity → 15-1212; software development → 15-1251; data science → 15-2051).

Grading Information

Part II provides grading information for use in determining the appropriate grade of nonsupervisory two-grade interval administrative positions in the Information Technology Series, 2210. These grading criteria are applicable to General Schedule positions classified under chapter 51 of title 5, United States Code. They may also be used as appropriate to determine work levels for other Federal position classification systems. You will find more complete instructions for evaluating positions in the following OPM publications: Introduction to the Position Classification Standards and The Classifier’s Handbook.

How to Use This Grading Information

Evaluate positions on a factor-by-factor basis using the factor level descriptions (FLDs) provided in this PCS. Compare each factor in the position description to the appropriate FLDs and illustrations. If the factor information in the position description fully matches an FLD for the series and specialty, you may assign the level without reviewing the illustrations. FLDs are progressive or cumulative in nature. For example, each FLD for Factor 1 – Knowledge Required by the Position encompasses the knowledge and skills identified at the previous level. Use only designated point values.

The FLDs in this Standard cover nonsupervisory positions at grades 5 through 15. Evaluate supervisory and leader positions by applying the appropriate functional guide.

Use the occupation and specialty-specific factor illustrations following the FLDs as a frame of reference for applying factor level concepts. Do not rely solely on the illustrations in evaluating positions because they reflect a limited range of actual work examples. The level of work described in some illustrations may be higher than the threshold for a particular factor level. If the factor information in the position description fails to fully match a relevant illustration, but does fully match the FLD, you may still assign the level.

A link to the IT competency guidance is included in the factor levels is to serve as a guide to support applying a skills-based approach across all IT work areas. Link will be added when IT 2210 Competency Model is issued and posted

For each factor, record the factor level used, the points assigned, and relevant comments on the Position Evaluation Summary Worksheet. Convert the total points to a grade using the Grade Conversion Table and record the grade in the Summary section of the Worksheet. The shaded portions of the table reflect the most commonly found grades in this standard.

Grade Conversion Table

Point Range	GS Grade
1855-2100	9
2105-2350	10
2355-2750	11
2755-3150	12
3155-3600	13
3605-4050	14
4055-up	15

Position Evaluation Summary Worksheet

Organization:

Position #:

Evaluation Factors		Factor Level Used (FL#, etc.)	Points Assigned	Comments
1. Knowledge Required by the Position
2. Supervisory Controls
3. Guidelines
4. Complexity
5. Scope and Effect
6/7. Personal Contacts and Purpose of Contacts
8. Physical Demands
9. Work Environment
SUMMARY	Total Points
SUMMARY	Grade Conversion

Additional Remarks:

Title, Series, and Grade Assigned:

Prepared by: Date:

Agencies may copy for local use.

Factor Level Descriptions (FLDs)

Factor 1, Knowledge Required by the Position

Factor 1 measures the nature and extent of information or facts an employee must understand to do acceptable work (e.g., steps, procedures, practices, rules, policies, theories, principles, and concepts) and the nature and extent of the skills necessary to apply that knowledge. You should only select a factor level under this factor when the knowledge described is required and applied.

Note: Factor Level Description is abbreviated as FLD.

Factor Level Description 1-6 (950 Points)

Level 1-6 — 950 Points

Knowledge Required for All Positions in This Series at This Level:

Knowledge of, and skill in applying, most of the following:

Modern IT principles, methodologies, frameworks and practices in the assigned IT domain(s).
IT systems development life cycle management concepts.
Performance monitoring principles and methods.
Quality assurance principles.
Technical documentation methods and procedures.
Systems security methods and procedures.
Analytical methods.
Technical concepts and solutions through effective oral and written communications in IT environments.

This knowledge is sufficient to:

Perform routine and recurring assignments in assigned IT domain(s) while adapting to emerging technologies and best practices.
Identify and resolve issues and problems.
Draft and update procedural documentation and instructional materials.
Provide information and assistance to customers.
Evaluate established methods and procedures and prepare recommendations for changes in methods and practices where appropriate, guided by goals.
Ensure the application of appropriate security measures aligned with industry standards.

Note: Remember to refer to these common requirements when applying the knowledge and skill requirements for any specialty at this level.

Level 1-6 — 950 Points

Cluster 1 – IT Operations and Security

Knowledge of a wide range of IT principles, methods, and practices, including:

Operating systems, hardware, and software platforms.
Network and system administration fundamentals.
Information security principles and compliance requirements.
Customer support methodologies and service delivery standards.
Diagnostic and troubleshooting techniques.
Automation tools and digital service technologies.
IT policies, procedures, and documentation standards.

This knowledge is sufficient to:

Analyze and diagnose computer hardware, software, or system malfunctions or problems (e.g., identifying incidents, escalating issues, and resolving user-reported errors).
Install, configure, and maintain IT systems and network components (e.g., setting up computers, printers, and telecommunications devices; applying patches and upgrades; integrating network hardware or software).
Support cybersecurity compliance and ensure the confidentiality, integrity, and availability of systems and data (e.g., performing backups and recovery, monitoring security, and supporting compliance activities).
Deliver customer support services, including responding to inquiries and complaints, gathering and evaluating customer feedback, and preparing help documentation.
Use automation tools to improve service delivery and operational efficiency (e.g., applying scripts or tools to streamline support tasks).
Interpret and apply technical guidance to resolve recurring IT issues and support system operations (e.g., determining appropriate products or services for clients, integrating client expectations into service delivery).

Level 1-6 — 950 Points

Cluster 2 – IT Development and Analysis

Knowledge of a range of IT principles, methods, and practices applicable to:

Web development and maintenance, including HTML, CSS, JavaScript, and content management systems.
Application and software development, debugging, and source code management.
Database management systems, including data entry, retrieval, and maintenance.
File management functions such as backup, recovery, and version control.
Data retention, archiving, and disposition policies.
Monitoring tools and techniques for web servers and applications.
Federal and industry standards for web accessibility, usability, and branding.
Communication and collaboration with technical and non-technical stakeholders.

This knowledge is sufficient to:

Design, develop, and maintain websites and web-based applications that meet user needs and comply with agency and federal standards (e.g., developing templates, reviewing/updating content, ensuring accessibility).
Develop, modify, and debug software and applications using programming languages and tools (e.g., writing code, managing source code with version control systems).
Configure and maintain databases and information tracking systems to support web applications and data-driven services (e.g., preparing data for input/export, maintaining metadata).
Install and configure monitoring tools on web servers or websites to ensure operational stability and performance.
Perform file management functions, including allocation, deletion, backup, recovery, and upgrades to ensure data integrity and availability.
Apply data retention policies to evaluate data for archiving or dispositioning in compliance with legal and organizational requirements.
Communicate effectively with others to resolve hardware/software issues affecting websites and to coordinate with design and development teams.

Level 1-6 — 950 Points

Cluster 2 – IT Development and Analysis

Knowledge of:

Modern IT principles, methodologies, frameworks, and practices in application development, data management, and web services.
Software development life cycle (SDLC) and debugging techniques.
Web development tools and standards (e.g., HTML, CSS, JavaScript, accessibility).
Database management systems and data retention policies.
Performance monitoring and quality assurance principles.
File management and version control systems.
Technical documentation methods and procedures.
Systems security methods and procedures.
Analytical methods and effective communication in IT environments.

This knowledge is sufficient to:

Perform routine and recurring assignments in application, data, and web development while adapting to emerging technologies and best practices.
Design, develop, and maintain websites and web-based applications.
Write, modify, and debug software using programming languages and tools.
Develop and use databases that support web applications and services.
Install and configure monitoring tools on web servers or websites.
Perform file management functions such as backup, recovery, and upgrades.
Draft and update procedural documentation and instructional materials.
Provide information and assistance to customers and stakeholders.
Evaluate established methods and recommend improvements.
Ensure the application of appropriate security measures aligned with industry standards.

Level 1-6 — 950 Points

Cluster 3 – IT Strategy and Planning

Knowledge of a range of IT principles, methods, and practices applicable to:

Strategic IT planning and enterprise architecture frameworks.
Organizational mission, goals, and business processes as they relate to IT alignment.
IT policy development, documentation, and implementation.
Capital planning, investment control, and IT resource management.
IT governance, compliance, and auditing practices.
Federal IT standards, regulations, and enterprise architecture maturity models.
Techniques for analyzing and documenting IT systems, including the use of diagrams and models.
Communication and collaboration with stakeholders across business and technical domains.

This knowledge is typically acquired through a combination of formal training in information systems, public administration, or a related field, and practical experience supporting IT planning, policy, or architecture functions.

This knowledge is sufficient to:

Support the development and implementation of enterprise architecture plans and documentation (e.g., contributing to baseline or target architecture diagrams, sequencing plans, and IT modernization roadmaps).
Assist in aligning IT systems and strategies with organizational goals and business processes (e.g., identifying system capabilities that support mission needs).
Participate in IT policy development and review, including drafting or updating policies, standards, and procedures to guide IT operations and governance.
Contribute to IT strategic planning activities, such as gathering data for workforce planning, capital investment, or knowledge management initiatives.
Support compliance and audit activities by reviewing documentation, identifying gaps, and helping to ensure alignment with enterprise architecture principles.
Collaborate with internal and external stakeholders to gather requirements, review IT documentation, and provide input on IT planning and governance processes.

Level 1-6 — 950 Points

Knowledge of:

Modern IT principles, methodologies, frameworks, and practices in IT operations, systems administration, and customer support.
Operating systems, hardware, and software platforms.
Network and system administration fundamentals.
Systems security methods and procedures.
IT systems development life cycle (SDLC) concepts.
Performance monitoring and quality assurance principles.
Technical documentation methods and procedures.
Analytical methods for diagnosing and resolving IT issues.
Effective oral and written communication in technical environments.

This knowledge is sufficient to:

Perform routine and recurring assignments in IT operations and support while adapting to emerging technologies and best practices.
Analyze and diagnose hardware, software, or system malfunctions or problems.
Install, configure, and maintain IT systems and network components.
Support cybersecurity compliance and ensure confidentiality, integrity, and availability of systems and data.
Provide customer support services, including troubleshooting, responding to inquiries, and gathering feedback.
Use automation tools to improve service delivery and operational efficiency.
Draft and update procedural documentation and instructional materials.
Identify and resolve issues and recommend changes in methods and practices.
Ensure the application of appropriate security measures aligned with industry standards.

Level 1-6 — 950 Points

Cluster 3 – IT Strategy and Planning

Knowledge of:

Modern IT principles, methodologies, frameworks, and practices in IT strategy, policy, and enterprise architecture.
Strategic planning and IT governance frameworks.
Enterprise architecture concepts and documentation standards.
IT systems development life cycle (SDLC) and capital planning.
Performance monitoring and quality assurance principles.
Policy development and compliance assessment.
Technical documentation and audit preparation methods.
Systems security and risk management practices.
Analytical methods and effective communication in IT environments.

This knowledge is sufficient to:

Perform routine and recurring assignments in IT planning and governance while adapting to emerging technologies and best practices.
Support the development and implementation of enterprise architecture plans and documentation.
Assist in aligning IT systems and strategies with organizational goals and business processes.
Participate in IT policy development and review.
Contribute to strategic planning, capital investment, and workforce planning activities.
Draft and update procedural documentation and instructional materials.
Provide information and assistance to internal and external stakeholders.
Evaluate established methods and recommend improvements.
Ensure the application of appropriate security and compliance measures aligned with industry standards.

Factor Level Description 1-7 (1250 Points)

Level 1-7 — 1250 Points

Knowledge Required for All Positions in This Series at This Level:

Knowledge of, and skill in applying, most of the following:

Modern IT concepts, principles, methodologies, frameworks and practices in the assigned IT domain(s).
The mission and programs of customer organizations and alignment with digital transformation initiatives.
The organization’s IT infrastructure.
Performance management/measurement methods, tools, and techniques.
Systems testing and evaluation principles, methods, and tools.
IT security principles and methods.
Requirement analysis principles and methods.
COTS products and components.
Digital technologies and protocols to evaluate system, network, and data interoperability and scalability.
New and emerging information technologies and/or industry trends.
Acquisition management policies and procedures.
Cost-benefit analysis principles and methods.
Analytical methods and practices.
Project management principles and methods.
Technical concepts and solutions to use effective oral and written communications in IT environments.

This knowledge is sufficient to:

Plan and carry out difficult and complex assignments and develop new methods, approaches, and procedures in assigned IT domain(s) while adapting emerging technologies and best practices.
Provide advice and guidance on a wide range and variety of complex IT issues.
Interpret IT policies, standards, and guidelines.
Conduct analyses and recommend resolution of complex issues affecting IT functions.
Evaluate and recommend adoption of new or enhanced approaches to delivering IT services.
Test and optimize the functionality of systems, networks, and data.
Identify and define business or technical requirements applied to the design, development, implementation, management, and support of systems and networks.
Ensure optimal use of commercially available products.
Evaluate proposals for the acquisition of IT products or services.
Prepare and present reports.
Represent the organization in interactions with other organizations.
Provide technical leadership on group projects.

Note: Remember to refer to these common requirements when applying the knowledge and skill requirements for any specialty at this level.

Level 1-7 — 1250 Points

Cluster 1 – IT Operations and Security

Knowledge of and skill in applying:

Modern IT concepts, principles, methodologies, frameworks, and practices in IT operations, systems administration, customer support, and cybersecurity.
The mission and programs of supported organizations and how IT services align with digital transformation goals.
The organization’s IT infrastructure including network, server, and endpoint environments.
Performance management and monitoring tools and techniques to assess system health and service delivery.
Systems testing and evaluation principles, including backup/recovery validation and patch management.
IT security principles and methods, including risk identification, vulnerability management, and compliance with cybersecurity policies.
Requirement analysis principles and methods to support system configuration, integration, and user needs.
Commercial off-the-shelf (COTS) products and automation tools used in IT service delivery.
Digital technologies and protocols to evaluate system, network, and data interoperability and scalability.
New and emerging technologies and industry trends relevant to IT operations and cybersecurity.
Acquisition management policies and procedures for evaluating IT products and services.
Cost-benefit analysis principles and methods to support IT investment decisions.
Analytical methods and practices for diagnosing and resolving complex IT issues.
Project management principles and methods for planning and executing IT initiatives.
Technical communication skills to convey complex IT concepts clearly in both oral and written formats.

This knowledge is sufficient to:

Plan and carry out difficult and complex assignments in IT operations, customer support, and cybersecurity, while adapting to emerging technologies and best practices.
Provide advice and guidance on a wide range of complex IT issues, including system performance, service delivery, and security posture.
Interpret IT policies, standards, and guidelines to ensure compliance and operational effectiveness.
Conduct analyses and recommend resolution of complex issues affecting IT functions, such as system outages, security incidents, or service degradation.
Evaluate and recommend adoption of new or enhanced approaches to delivering IT services, including automation and cloud-based solutions.
Test and optimize the functionality of systems, networks, and data to ensure availability, reliability, and performance.
Identify and define business or technical requirements applied to the design, implementation, and support of IT systems and networks.
Ensure optimal use of commercially available products and tools in support of IT operations.
Evaluate proposals for the acquisition of IT products or services, including hardware, software, and support contracts.
Prepare and present technical reports, system documentation, and user guidance materials.
Represent the organization in interactions with other IT teams, vendors, and stakeholders.
Provide technical leadership on group projects, including mentoring junior staff and coordinating cross-functional efforts.

Level 1-7 — 1250 Points

Cluster 2 – IT Development & Analysis

Knowledge of and skill in applying:

Modern IT concepts, principles, methodologies, frameworks, and practices in application development, data management, and web services.
The mission and programs of supported organizations and how IT systems and services align with digital transformation goals.
The organization’s IT infrastructure including web, application, and database environments.
Performance management and monitoring tools and techniques for applications and data systems.
Systems testing and evaluation principles, including regression, user acceptance, and system integration testing.
IT security principles and methods, including secure coding, access control, and incident reporting.
Requirement analysis principles and methods for designing and implementing user-centric applications and data solutions.
COTS products and open-source tools used in application and web development.
Digital technologies and protocols for system, network, and data interoperability and scalability.
New and emerging technologies and industry trends in software development, data analytics, and web architecture.
Acquisition management policies and procedures for evaluating IT products and services.
Cost-benefit analysis principles and methods to support IT investment decisions.
Analytical methods and practices for diagnosing and resolving complex application and data issues.
Project management principles and methods for planning and executing IT initiatives.
Technical communication skills to convey complex IT concepts clearly in both oral and written formats.

This knowledge is sufficient to:

Plan and carry out difficult and complex assignments in application development, data management, and web services, while adapting to emerging technologies and best practices.
Provide advice and guidance on a wide range of complex IT issues, including software performance, data integrity, and web usability.
Interpret IT policies, standards, and guidelines to ensure compliance and quality in application and data environments.
Conduct analyses and recommend resolution of complex issues affecting application functionality, data accuracy, and system integration.
Evaluate and recommend adoption of new or enhanced approaches to delivering IT services, including automation and cloud-based solutions.
Test and optimize the functionality of applications, databases, and websites for performance, security, and user experience.
Identify and define business or technical requirements applied to the design, development, implementation, and support of applications and data systems.
Ensure optimal use of commercially available products and tools in support of application and data services.
Evaluate proposals for the acquisition of IT products or services, including software, platforms, and support contracts.
Prepare and present technical reports, system documentation, and user guidance materials.
Represent the organization in interactions with other IT teams, vendors, and stakeholders.
Provide technical leadership on group projects, including mentoring junior staff and coordinating cross-functional efforts.

Level 1-7 — 1250 Points

Cluster 3 – IT Strategy and Planning

Knowledge of and skill in applying:

Modern IT concepts, principles, methodologies, frameworks, and practices in IT strategy, enterprise architecture, and policy development.
The mission, goals, and business processes of the organization and how IT aligns with digital transformation initiatives.
The organization’s IT infrastructure and enterprise architecture components.
Performance management and measurement tools and techniques.
Systems testing, evaluation, and modernization planning methods.
IT security principles and methods, including risk management and compliance.
Requirement analysis and business process modeling techniques.
COTS products and enterprise tools used in architecture and planning.
Digital technologies and protocols for evaluating system, network, and data interoperability and scalability.
New and emerging technologies and industry trends relevant to IT governance and planning.
Acquisition management policies and procedures.
Cost-benefit analysis principles and methods to support IT investment decisions.
Analytical methods and practices for evaluating IT systems and strategic alignment.
Project management principles and methods for planning and executing IT initiatives.
Technical communication skills to convey complex IT concepts clearly in both oral and written formats.

This knowledge is sufficient to:

Plan and carry out difficult and complex assignments in IT strategy, enterprise architecture, and policy development, while adapting to emerging technologies and best practices.
Provide advice and guidance on a wide range of complex IT issues, including architecture alignment, compliance, and modernization.
Interpret IT policies, standards, and guidelines to ensure strategic alignment and governance.
Conduct analyses and recommend resolution of complex issues affecting IT planning and enterprise architecture.
Evaluate and recommend adoption of new or enhanced approaches to IT governance and service delivery.
Test and optimize the functionality and alignment of systems, networks, and data with enterprise goals.
Identify and define business or technical requirements applied to the design, development, and implementation of enterprise IT systems.
Ensure optimal use of commercially available tools and evaluate proposals for IT products or services.
Prepare and present reports, roadmaps, and architectural documentation.
Represent the organization in interactions with internal and external stakeholders, including interagency and industry forums.
Provide technical leadership on group projects and contribute to enterprise-wide IT initiatives.

Factor Level Description 1-8 (1550 Points)

Level 1-8 — 1550 Points

Knowledge Required for All Positions in This Series at This Level:

Mastery of, and skill in applying, advanced IT principles, concepts, methods, standards, and practices sufficient to accomplish assignments such as:

Develop and interpret policies, procedures, and strategies governing the planning and delivery of services throughout the agency.
Provide expert technical advice, guidance, and recommendations to management and other technical specialists on critical IT issues.
Apply new developments to previously unsolvable problems.
Make decisions or recommendations that significantly influence important agency IT policies or programs.

AND

Mastery of, and skill in applying, most of the following:

Interrelationships of multiple IT domains.
The agency’s IT architecture.
New IT developments and applications.
Emerging technologies and their applications to business processes.
IT security concepts, standards, and methods.
Project management principles, methods, and practices, encompassing developing plans, roadmaps and schedules, estimating resource requirements, defining milestones and deliverables, monitoring activities, and evaluating and reporting on accomplishments.
Technical concepts and solutions through effective oral and written communications in IT environments.

This knowledge is sufficient to:

Ensure the integration of IT programs and services; and develop solutions to complex integration/interoperability challenges.
Design, develop, and manage secure systems that meet evolving business mission requirements, and enhance or optimize the existing IT landscape and IT architecture.
Manage assigned projects.
Communicate complex technical requirements to non-technical personnel.
Prepare and present briefings to senior management officials on complex/controversial IT governance, strategy, and digital risk issues.

Note: Remember to refer to these common requirements when applying the knowledge and skill requirements for any specialty at this level.

Level 1-8 — 1550 Points

Cluster 1 – IT Operations and Security

Mastery of, and skill in applying, advanced IT principles, concepts, methods, standards, and practices in IT operations, systems administration, cybersecurity, and enterprise infrastructure sufficient to:

Develop and interpret policies, procedures, and strategies governing the planning and delivery of secure and resilient IT services across the enterprise.
Provide expert technical advice and recommendations to senior leadership and technical specialists on critical issues such as zero-trust architecture, cyber risk management, and infrastructure modernization.
Apply new developments—such as AI-driven automation, software-defined networking, and hybrid cloud orchestration—to previously unsolvable operational and security challenges.
Make decisions or recommendations that significantly influence agency-wide IT policies, cybersecurity posture, and service delivery models.
Mastery of, and skill in applying, most of the following:
Interrelationships of multiple IT domains (e.g., network, OS, cybersecurity, customer support).
The agency’s IT architecture and enterprise security framework.
Emerging technologies and their application to operational resilience and digital risk.
IT security concepts, standards (e.g., NIST, FISMA), and methods.
Project management principles for planning, executing, and evaluating enterprise IT initiatives.
Technical communication to convey complex operational and security concepts to non-technical stakeholders and senior executives.

This knowledge is sufficient to:

Ensure integration of IT operations, cybersecurity, and support services across the enterprise.
Design and manage secure, scalable systems that meet evolving mission needs.
Lead enterprise-wide projects involving infrastructure modernization, cyber defense, and service optimization.
Communicate complex technical requirements and risk implications to senior leadership.
Brief executives on critical IT governance, continuity, and security issues.

Level 1-8 — 1550 Points

Cluster 2 – IT Development and Analysis

Mastery of, and skill in applying, advanced IT principles, concepts, methods, standards, and practices in application development, data architecture, and web services sufficient to:

Develop and interpret policies and strategies for enterprise application platforms, data governance, and digital service delivery.
Provide expert technical guidance on complex issues such as cross-platform integration, AI/ML implementation, and data lifecycle management.
Apply emerging technologies—such as low-code/no-code platforms, real-time analytics, and intelligent automation—to previously unsolvable development and data challenges.
Make decisions or recommendations that significantly influence agency-wide software architecture, data strategy, and digital transformation initiatives.
Mastery of, and skill in applying, most of the following:
Interrelationships of application, data, and web service domains.
The agency’s IT architecture and data governance framework.
Emerging technologies and their application to business process automation and user experience.
IT security standards for secure coding, data protection, and web application security.
Project management for agile development, release planning, and performance evaluation.
Technical communication to translate complex technical concepts into actionable insights for non-technical stakeholders.

This knowledge is sufficient to:

Ensure integration of application, data, and web services across platforms and business units.
Design and manage secure, scalable systems that support mission-critical applications and data flows.
Lead enterprise-wide initiatives involving application modernization, data integration, and digital service optimization.
Communicate technical requirements and risks to senior leaders and stakeholders.
Present briefings on IT governance, data strategy, and digital risk to executive audiences.

Level 1-8 — 1550 Points

Cluster 3 – IT Strategy and Planning

Mastery of, and skill in applying, advanced IT principles, concepts, methods, standards, and practices in IT strategy, enterprise architecture, and policy development sufficient to:

Develop and interpret policies, procedures, and strategies that govern enterprise-wide IT planning, governance, and modernization.
Provide expert advice to senior executives and technical leaders on complex issues such as enterprise architecture alignment, digital transformation, and IT investment strategy.
Apply new developments—such as cloud-native architecture, AI governance, and zero-trust frameworks—to previously unsolvable strategic and interoperability challenges.
Make decisions or recommendations that significantly influence agency-wide IT governance, investment priorities, and digital risk posture.
Mastery of, and skill in applying, most of the following:
Interrelationships of IT domains including architecture, cybersecurity, operations, and policy.
The agency’s enterprise architecture and IT governance framework.
Emerging technologies and their strategic application to mission delivery.
IT security and risk management standards.
Project and portfolio management for enterprise IT initiatives.
Technical communication to influence policy, investment, and strategic direction.

This knowledge is sufficient to:

Ensure integration of IT strategy, architecture, and governance across the enterprise.
Design and manage secure, future-ready systems aligned with mission and business goals.
Lead strategic initiatives involving IT modernization, digital transformation, and enterprise risk management.
Communicate complex technical and policy issues to senior leadership and external stakeholders.
Present briefings on IT strategy, governance, and digital risk to executive and interagency audiences.

Factor Level Description 1-9 (1850 Points)

Level 1-9 — 1850 Points

Knowledge Required for All Positions in This Series at This Level:

Mastery of IT theories, principles, concepts, standards, guidelines, laws practices and regulations of IT, and consultative skill sufficient to:

Develop new approaches, frameworks, theories, concepts, principles, standards, and methods within emerging IT function(s) (e.g., artificial intelligence, cloud computing, etc.).
Advise cross-functional IT experts within the agency and across interagency collaborations on a variety of situations and issues that involve applying or adapting new theories, concepts, principles, standards, methods, or practices, that are either self-developed or shaped through leadership and technical foresight from the employee.
Serve as senior expert and strategic advisor to top agency management officials to advise on integrating IT programs and functions (e.g. data analytics, software development, artificial intelligence, enterprise solutions, cloud services, IT governance, etc.) with other critical programs of equivalent scope and complexity.

Note: Remember to refer to these common requirements when applying the knowledge and skill requirements for any specialty at this level.

Level 1-9 — 1850 Points

Cluster 1 – IT Operations and Security

Mastery of IT theories, principles, concepts, standards, guidelines, laws, practices, and regulations in IT operations, systems administration, cybersecurity, and enterprise infrastructure, and consultative skill sufficient to:

Develop new approaches, frameworks, and methods for secure and resilient IT operations, including zero-trust architecture, cryptographic agility, and intelligent automation.
Lead the design and implementation of enterprise-wide operational strategies that integrate cybersecurity, cloud infrastructure, and service delivery.
Advise cross-functional IT experts and interagency partners on emerging threats (e.g., adversarial AI, legacy cloud vulnerabilities) and operational resilience.
Serve as a senior expert and strategic advisor to top agency officials on integrating IT operations and cybersecurity with mission-critical programs such as continuity of operations, digital modernization, and national security systems.

This includes mastery of:

Interrelationships across IT domains (e.g., cybersecurity, systems engineering, cloud operations).
The agency’s enterprise IT architecture and operational governance.
Emerging technologies and their application to operational resilience and digital risk.
Federal cybersecurity frameworks (e.g., NIST RMF, FISMA, FedRAMP).
Strategic project and risk management across complex IT environments.
Executive-level communication to influence policy, investment, and operational decisions.

Level 1-9 — 1850 Points

Cluster 2: IT Development and Analysis

Mastery of IT theories, principles, concepts, standards, guidelines, laws, practices, and regulations in application development, data architecture, and web services, and consultative skill sufficient to:

Develop new theories, frameworks, and standards for secure, scalable, and intelligent digital platforms, including synthetic data ecosystems, AI-assisted development, and federated data governance.
Lead the design and implementation of enterprise-wide application modernization and data integration strategies.
Advise cross-functional IT experts and interagency collaborators on adapting and applying emerging technologies to mission-critical systems.
Serve as a senior expert and strategic advisor to top agency officials on integrating application platforms, data services, and digital experience with broader agency programs such as public engagement, regulatory compliance, and digital transformation.

This includes mastery of:

Interrelationships across application, data, and web service domains.
The agency’s enterprise architecture and data governance framework.
Emerging technologies such as AI/ML, low-code platforms, and real-time analytics.
Secure software development and data protection standards.
Strategic planning and agile portfolio management.
Executive-level communication to shape digital policy and investment.

Level 1-9 — 1850 Points

Cluster 3 – IT Strategy and Planning

Mastery of IT theories, principles, concepts, standards, guidelines, laws, practices, and regulations in IT strategy, enterprise architecture, and governance, and consultative skill sufficient to:

Develop new strategic frameworks, architectural models, and governance methods for integrating emerging technologies such as AI, cloud-native platforms, and digital identity systems.
Lead the development of enterprise-wide IT modernization strategies that align with mission priorities and national digital policy.
Advise cross-functional and interagency IT leaders on complex, multi-domain issues involving interoperability, digital risk, and strategic investment.
Serve as a senior expert and strategic advisor to top agency officials on integrating IT strategy and architecture with other critical programs such as public safety, economic development, or national security.

This includes mastery of:

Interrelationships across IT domains and their alignment with business and mission goals.
The agency’s enterprise architecture, governance, and investment frameworks.
Emerging technologies and their strategic application to digital transformation.
Federal IT policy, acquisition, and cybersecurity regulations.
Strategic portfolio and change management.
Executive-level communication to influence agency-wide and interagency IT direction.

Factor 2, Supervisory Controls

“Supervisory Controls” covers the nature and extent of direct or indirect controls exercised by the supervisor, the employee’s responsibility, and the review of completed work. Controls are exercised by the supervisor in the way assignments are made, instructions are given to the employee, priorities and deadlines are set, and objectives and boundaries are defined. Responsibility of the employee depends upon the extent to which the employee is expected to develop the sequence and timing of various aspects of the work, to modify or recommend modification of instructions, and to participate in establishing priorities and defining objectives. The degree of review of completed work depends upon the nature and extent of the review, e.g., close and detailed review of each phase of the assignment, detailed review of the finished assignment, spot-check of finished work for accuracy, or review only for adherence to policy.

Level 2-3 — 275 Points

How Work is Assigned – The supervisor outlines or discusses possible problem areas and defines objectives, plans, priorities, and deadlines. Assignments have clear precedents requiring successive steps in planning and execution.

Employee Responsibility – The employee:

independently plans and carries out the assignments in conformance with accepted policies and practices;
adheres to instructions, policies, and guidelines in exercising judgment to resolve commonly encountered work problems and deviations; and
brings controversial information or findings to the supervisor’s attention for direction.

How Work is Reviewed – The supervisor:

Provides assistance on controversial or unusual situations that do not have clear precedents.
Reviews completed work for conformity with policy, the effectiveness of the employee’s approach to the problem, technical soundness, and adherence to deadlines.
Does not usually review in detail the methods used to complete the assignment.

Level 2-4 — 450 Points

How Work Is Assigned – The supervisor outlines overall objectives and available resources. The employee and supervisor, in consultation, discuss timeframes, scope of the assignment including possible stages, and possible approaches.

Employee Responsibility – The employee:

Determines the most appropriate principles, practices, and methods to apply in all phases of assignments, including the approach to be taken, degree of intensity, and depth of research in management advisories.
Frequently interprets regulations on his/her own initiative, applies new methods to resolve complex and/or intricate, controversial, or unprecedented issues and problems, and resolves most of the conflicts that arise.
Keeps the supervisor informed of progress and of potentially controversial matters.

How Work Is Reviewed – The supervisor reviews completed work for soundness of overall approach, effectiveness in meeting requirements or producing expected results, the feasibility of recommendations, and adherence to requirements. The supervisor does not usually review methods used.

Level 2-5 — 650 Points

How Work Is Assigned – The supervisor provides administrative and policy direction in terms of broadly defined missions or functions of the agency.

Employee Responsibility – The employee:

Is responsible for a significant agency or equivalent level IT program or function.
Defines objectives.
Interprets policies promulgated by authorities senior to the immediate supervisor and determines their effect on program needs.
Independently plans, designs, and carries out the work to be done.
Is a technical authority.

How Work Is Reviewed – The supervisor:

Reviews work for potential impact on broad agency policy objectives and program goals.
Normally accepts work as being technically authoritative.
Normally accepts work without significant change.

Factor 3, Guidelines

This factor covers the nature of guidelines and the judgment employees need to apply them. Individual assignments may vary in the specificity, applicability, and availability of guidelines; thus, the judgment that employees use similarly varies. The existence of detailed plans and other instructions may make innovation in planning and conducting work unnecessary or undesirable. However, in the absence of guidance provided by prior agency experience with the task at hand or when objectives are broadly stated, the employee may use considerable judgment in developing an approach or planning the work. Examples of guidelines used in administrative work in the Information Technology Group, 2200, are:

Federal Cybersecurity & IT Governance Guidelines

Year	Guideline / Policy	Issuing Authority	Description & Impact
1996	Clinger–Cohen Act (ITMRA)	Congress	Requires agencies to manage IT investments for performance and results, establishes CIO roles, and mandates capital planning and enterprise architecture.
2002	Federal Information Security Management Act (FISMA)	Congress	Establishes statutory requirements for securing federal systems, including risk assessments, security controls, and annual reporting. Updated in 2014 for modernization.
2010	GPRA Modernization Act	Congress	Strengthens performance management by requiring agencies to set strategic goals and link IT investments to mission outcomes.
2016	OMB Circular A-130 – Management of Federal Information Resources	OMB	Provides comprehensive policy for IT governance, cybersecurity, privacy, and records management across federal agencies.
2021	Executive Order 14028 – Improving the Nation’s Cybersecurity	White House	Mandates Zero Trust adoption, MFA, encryption, and continuous monitoring across all federal agencies. Sets the foundation for modern cybersecurity architecture.
2022	OMB Memorandum M-22-09 – Moving the U.S. Government Toward Zero Trust Cybersecurity Principles	OMB	Establishes a governmentwide Zero Trust strategy with five pillars (Identity, Devices, Networks, Applications, Data). Requires agencies to meet ZT goals by FY 2024.
2023	OMB Circular A-94 – Guidelines and Discount Rates for Benefit-Cost Analysis	OMB	Updated guidance for conducting cost-benefit and cost-effectiveness analyses for federal programs and IT investments.
2024	OMB Memorandum M-24-15 – FedRAMP Modernization & Cloud Security Alignment	OMB	Updates FedRAMP to align with Zero Trust principles, ensuring secure cloud adoption and continuous monitoring for all federal systems.
2025	Executive Order 14144 – Strengthening Cybersecurity	White House	Reinforces Zero Trust mandates with advanced requirements: microsegmentation, phishing-resistant MFA, endpoint detection & response (EDR), and encrypted internal traffic.
2025	NIST SP 1800-35 – Implementing Zero Trust Architecture	NIST	Provides practical, real-world examples for deploying Zero Trust in hybrid environments, including automation and orchestration for IT infrastructure.
2026	NSA Zero Trust Implementation Guidelines	NSA	Offers detailed steps for asset discovery, governance, and infrastructure hardening to operationalize Zero Trust across federal networks.

Do not confuse guidelines with the knowledge described under Factor 1 – Knowledge Required by the Position. Guidelines either provide reference data or impose certain constraints on applications. For example, there may be several generally accepted methods of accomplishing work, perhaps set forth in an agency operating manual; however, in a particular office, the policy may be to use only one of those methods, or the policy may state specifically under what conditions the office uses each method. The primary components of this factor are: Guidelines Used and Judgment Needed.

Level 3‑3 — 275 Points

Guidelines Used – The employee uses a wide variety of reference materials and manuals; however, they are not always directly applicable to issues and problems or have gaps in specificity. Precedents are available outlining the preferred approach to more general problems or issues.

Judgment Needed – The employee uses judgment in researching, choosing, interpreting, modifying, and applying available guidelines for adaptation to specific problems or issues.

Level 3‑4 — 450 Points

Guidelines Used – The employee uses guidelines and precedents that are very general regarding agency policy statements and objectives. Guidelines specific to assignments are often scarce, inapplicable or have gaps in specificity that require considerable interpretation and/or adaptation for application to issues and problems.

Judgment Needed – The employee uses judgment, initiative, and resourcefulness in deviating from established methods to:

Modify, adapt, and/or refine broader guidelines to resolve specific complex and/or intricate issues and problems.
Treat specific issues or problems.
Research trends and patterns.
Develop new methods and criteria.
Propose new policies and practices.

Level 3‑5 — 650 Points

Guidelines Used – The employee uses guidelines that are often ambiguous and express conflicting or incompatible goals and objectives, requiring extensive interpretation.

Judgment Needed – The employee uses judgment and ingenuity and exercises broad latitude to:

Determine the intent of applicable guidelines.
Develop policy and guidelines for specific areas of work.
Formulate interpretations that may take the form of policy statements and guidelines.

Top agency management officials and senior staff recognize the employee as a technical expert.

Factor 4, Complexity

This factor covers the nature, number, variety, and intricacy of tasks, steps, processes, or methods in the work performed; the difficulty in identifying what needs to be done; and the difficulty and originality involved in performing the work. The primary components of this factor are: Nature of Assignment, What Needs to Be Done, and Difficulty and Originality Involved.

Level 4‑3 — 150 Points

Illustration(s)

Level 4‑3 — 150 Points

Cluster 1 – IT Operations and Security

Nature of Assignment

Work involves applying different and unrelated IT processes, procedures, and methods in areas such as system administration, network operations, customer support, and cybersecurity compliance.

What Needs to Be Done

The employee analyzes technical issues related to system performance, user support, and security compliance. They select appropriate resolutions from a range of acceptable alternatives, such as applying patches, escalating incidents, or configuring systems to meet operational needs.

Difficulty and Originality Involved

The employee identifies and analyzes important factors such as system interdependencies, user requirements, and security risks. They apply an understanding of how these factors interact across IT functions to ensure reliable and secure operations.

Level 4‑3 — 150 Points

Cluster 2 – Development and Analysis

Nature of Assignment

Work involves applying different and unrelated IT processes, procedures, and methods in software development, database management, and web services.

What Needs to Be Done

The employee analyzes technical issues related to application functionality, data integrity, and web usability. They select appropriate tools and methods to develop, maintain, or troubleshoot systems and services.

Difficulty and Originality Involved

The employee identifies and analyzes important factors such as user requirements, data structures, and interface design. They apply an understanding of how these elements interact to ensure functional, secure, and user-friendly applications and websites.

Level 4‑3 — 150 Points

Cluster 3 – IT Strategy and Planning

Nature of Assignment

Work involves applying different and unrelated IT processes, procedures, and methods in strategic planning, policy development, and enterprise architecture.

What Needs to Be Done

The employee analyzes technical and organizational issues related to IT alignment, governance, and compliance. They select appropriate frameworks and tools to support planning, documentation, and policy implementation.

Difficulty and Originality Involved

The employee identifies and analyzes important factors such as mission alignment, system capabilities, and policy gaps. They apply an understanding of interrelationships among IT functions to support enterprise-wide planning and decision-making.

Level 4‑3 — 150 Points

Nature of Assignment – Work consists of various duties that involve applying a series of different and unrelated IT processes, procedures, and methods

What Needs to Be Done

The employee:

Decides what needs to be done based on analyses of the subjects and technical issues, were related to the assignment.
Selects appropriate resolutions and courses of action from many acceptable alternatives.

Difficulty and Originality Involved – The employee identifies and analyzes important factors and conditions in order to recognize and apply an understanding of interrelationships among different IT functions and activities.

Level 4‑4 — 225 Points

Cluster 1 – IT Operations and Security

Nature of Assignment

Work consists of a variety of duties involving many different, diverse, and unrelated IT processes and methodologies—such as multi-cloud ecosystems, zero-trust architecture, and intelligent automation—applied across systems administration, cybersecurity, and customer support functions.

What Needs to Be Done

The employee decides what needs to be done by:

Evaluating unusual circumstances such as decentralized data environments, hybrid infrastructure, or edge computing.
Considering different approaches, including adaptive automation, layered defense strategies, or low-code/no-code tools for service delivery.
Dealing with incomplete or conflicting data from monitoring systems, user reports, or security logs.

Difficulty and Originality Involved

The employee uses judgment and originality by:

Interpreting structured and unstructured data from logs, diagnostics, and user feedback.
Planning and prioritizing work across multiple systems and platforms.
Refining methods and techniques to optimize system reliability, cybersecurity resilience, and service delivery.

Level 4‑4 — 225 Points

Cluster 2 – IT Development and Analysis

Nature of Assignment

Work consists of a variety of duties involving many different, diverse, and unrelated IT processes and methodologies, such as modular application frameworks, API-driven architectures, and intelligent automation, across application development, data management, and web services. Assignments often require integrating tools and technologies across platforms and disciplines, including low-code/no-code environments, open-source libraries, and cloud-native services.

What Needs to Be Done

The employee decides what needs to be done by:

Evaluating unusual circumstances such as decentralized data environments, cross-platform application dependencies, or real-time data streaming.
Considering different approaches, including adaptive algorithms, machine learning outputs, or containerized deployment strategies.
Dealing with incomplete, conflicting, or evolving requirements from stakeholders, users, or system constraints.

Difficulty and Originality Involved

The employee uses judgment and originality by:

Interpreting structured and unstructured data from diverse sources to inform design and development decisions.
Planning and sequencing development, testing, and deployment activities across multiple systems and environments.
Refining methods and techniques to optimize application performance, data integrity, and user experience, while ensuring cybersecurity and accessibility compliance.

Level 4‑4 — 225 Points

Cluster 3 – IT Strategy and Planning

Nature of Assignment

Work consists of a variety of duties involving many different, diverse, and unrelated IT processes and methodologies—such as enterprise architecture frameworks, zero-trust principles, multi-cloud governance, and intelligent automation applied to strategic planning, policy development, and enterprise IT alignment.

What Needs to Be Done

The employee decides what needs to be done by:

Evaluating unusual circumstances such as decentralized data environments, evolving enterprise architecture maturity, or conflicting stakeholder priorities.
Considering different approaches, including modular platforms, adaptive governance models, and low-code/no-code tools for planning and documentation.
Dealing with incomplete, ambiguous, or conflicting data from business units, technical teams, or external partners.

Difficulty and Originality Involved

The employee uses judgment and originality by:

Interpreting structured and unstructured data from architectural artifacts, policy documents, and system assessments.
Planning and sequencing work across interdependent IT governance, architecture, and compliance activities.
Refining methods and techniques to optimize strategic alignment, cybersecurity resilience, and enterprise service delivery.

Level 4‑5 — 325 Points

Illustration(s)

Level 4‑5 — 325 Points

Cluster 1 – IT Operations and Security

Nature of Assignment

Work consists of a variety of duties requiring the application of many different, diverse, and unrelated processes and methods to a broad range of IT activities or functions—such as digital infrastructure, systems integration, and enterprise-wide technologies. Assignments often involve in-depth analysis of IT issues related to interoperability, cybersecurity, and performance optimization across hybrid and multi-cloud environments.

What Needs to Be Done

The employee makes decisions that involve significant uncertainties regarding the most effective approach or methodology to apply, such as selecting a digital strategy, enterprise architecture model, or technical methodology. These decisions are shaped by:

Ongoing evaluation of stakeholder and customer business requirements.
Rapidly evolving and emerging technologies, such as zero-trust architecture, AI-driven automation, or edge computing.

Difficulty and Originality Involved

The employee:

Develops new IT standards, methods, and techniques for operations, support, and security.
Evaluates the impact of technological change across IT infrastructure domains, including legacy modernization and system life-cycle management.
Conceives solutions to highly complex technical issues involving governance, resilience, user experience, or cross-functional integration.

The work frequently involves integrating the activities of multiple IT functional areas, such as cybersecurity, systems administration, and network engineering.

Level 4‑5 — 325 Points

Cluster 2 – IT Development and Analysis

Nature of Assignment

Work consists of a variety of duties requiring the application of many different, diverse, and unrelated processes and methods to a broad range of IT activities or functions, such as full-stack development, data architecture, and enterprise-wide web services. Assignments often involve in-depth analysis of IT issues related to system interoperability, data integrity, and performance optimization across distributed platforms.

What Needs to Be Done

The employee makes decisions that involve significant uncertainties regarding the most effective approach or methodology to apply, such as selecting a development framework, data architecture model, or integration strategy. These decisions are shaped by:

Ongoing evaluation of stakeholder and customer business requirements.
Rapidly evolving and emerging technologies, such as AI-assisted development, low-code/no-code platforms, and real-time analytics.

Difficulty and Originality Involved

The employee:

Develops new standards, methods, and techniques for application development, data management, and web services.
Evaluates the impact of technological change across application and data ecosystems, including cloud migration and platform modernization.
Conceives solutions to highly complex technical issues involving user experience, data governance, and cross-functional integration.

The work frequently involves integrating the activities of multiple IT functional areas, including development, data engineering, and cybersecurity.

Level 4‑5 — 325 Points

Cluster 3 – IT Strategy and Planning

Nature of Assignment

Work consists of a variety of duties requiring the application of many different, diverse, and unrelated processes and methods to a broad range of IT activities or functions, such as digital strategy, enterprise architecture, and IT governance. Assignments often involve in-depth analysis of IT issues related to interoperability, security, and performance optimization across enterprise-wide systems and platforms.

What Needs to Be Done

The employee makes decisions that involve significant uncertainties regarding the most effective approach or methodology to apply, such as selecting an enterprise architecture model, modernization roadmap, or governance framework. These decisions are shaped by:

Ongoing evaluation of stakeholder and customer business requirements.
Rapidly evolving and emerging technologies, such as multi-cloud environments, AI integration, and zero-trust security models.

Difficulty and Originality Involved

The employee:

Develops new IT standards, methods, and techniques for strategic planning, architecture, and policy.
Evaluates the impact of technological change across IT strategy and infrastructure domains, including legacy modernization and digital transformation.
Conceives solutions to highly complex technical issues involving governance, resilience, and cross-functional integration.

The work frequently involves integrating the activities of multiple IT functional areas, including architecture, cybersecurity, operations, and policy.

Level 4‑5 — 325 Points

Nature of Assignment

Work consists of a variety of duties requiring the application of many different, diverse, and unrelated processes and methods to a broad range of IT activities or functions (e.g., digital infrastructure, systems integration, and enterprise-wide technologies). Often involve in-depth analysis of IT issues (e.g., related to interoperability, security, and performance optimization).

What Needs to Be Done

The employee makes decisions that involve significant uncertainties with regard to the most effective approach or methodology to be applied e.g., digital strategy, enterprise architecture model, or technical methodology). These changes typically result from:

Ongoing evaluation of stakeholder and/or customer business requirements; or
Rapidly evolving and/or emerging technology (e.g.,

Difficulty and Originality Involved

The employee:

Develops new IT standards, methods, and techniques.
Evaluates the impact of technological change across IT strategy and/or infrastructure domains (e.g., multi-cloud environments, legacy modernization efforts or system life-cycle management).
Conceives of solutions to highly complex technical issues (e.g. involving governance, resilience, user experience, or cross functional integration).

The work frequently involves integrating the activities of multiple IT functional areas.

Level 4‑6 — 450 Points

Cluster 1 – IT Operations and Security

Nature of Assignment

Work consists of broad functions and processes such as:

Planning and leading efforts to address IT operations and cybersecurity challenges in areas where precedents do not exist, such as integrating AI-driven threat detection, implementing quantum-resilient architectures, or modernizing legacy infrastructure in zero-trust environments.
Establishing new operational concepts and governance structures to support evolving digital strategies, including enterprise-wide automation, cyber risk frameworks, and hybrid cloud orchestration.

Assignments are characterized by:

Exceptional breadth of scale and intensity, often involving concurrent or sequential initiatives across multiple domains (e.g., systems engineering, cybersecurity, and service delivery).
Engagement with internal and external stakeholders, including cross-functional teams, interagency partners, and vendors.
Ongoing innovation to formulate and implement new operational models, digital policy structures, and strategic security solutions.

What Needs to Be Done

The employee determines what needs to be done by conducting extensive investigation and comprehensive analysis of largely undefined, emerging, or cross-domain conditions. This includes:

Evaluating the impact of digital transformation on operational resilience.
Anticipating and mitigating risks associated with ethical AI use, supply chain vulnerabilities, and next-generation IT capabilities.

Difficulty and Originality Involved

The employee makes continuing efforts to:

Develop emergent operational frameworks, cybersecurity models, and adaptive service delivery strategies.
Solve persistent challenges such as legacy system integration, cyber threat evolution, and enterprise-wide performance optimization that have previously resisted resolution.

Level 4‑6 — 450 Points

Cluster 2 – IT Development and Analysis

Nature of Assignment

Work consists of broad functions and processes such as:

Planning and leading enterprise-scale initiatives to address application modernization, data integration, and digital service transformation in areas where precedents do not exist, such as synthetic data ecosystems, AI-assisted development, or decentralized data architectures.
Establishing new concepts and approaches for digital governance, user experience design, and agile delivery frameworks that align with evolving organizational strategies.

Assignments are characterized by:

Exceptional breadth and intensity, involving multiple concurrent or sequential activities across application, data, and web service domains.
Engagement with internal and external stakeholders, including developers, data scientists, policy teams, and interagency collaborators.
Ongoing innovation to implement new digital strategies, data governance models, and intelligent automation platforms.

What Needs to Be Done

The employee determines what needs to be done by conducting extensive investigation and comprehensive analysis of emerging technologies, user needs, and cross-domain dependencies. This includes:

Evaluating the implications of digital transformation on data ethics, accessibility, and system interoperability.
Designing solutions that anticipate future-state architectures and user expectations.

Difficulty and Originality Involved

The employee makes continuing efforts to:

Develop new frameworks for secure, scalable, and user-centric digital platforms.
Solve persistent challenges in data integration, application performance, and digital equity that have resisted traditional solutions.

Level 4‑6 — 450 Points

Cluster 3 – IT Strategy and Planning

Nature of Assignment

Work consists of broad functions and processes such as:

Planning and leading strategic initiatives to address enterprise IT governance, architecture, and modernization in areas where precedents do not exist, such as integrating AI governance, quantum-resilient systems, or federated data strategies.
Establishing new concepts and approaches for digital policy, investment prioritization, and interagency collaboration that support evolving organizational and national strategies.

Assignments are characterized by:

Exceptional breadth and intensity, often involving concurrent or sequential efforts across architecture, policy, and strategic planning domains.
Engagement with internal and external stakeholders, including senior executives, interagency councils, and industry partners.
Ongoing innovation to formulate and implement new digital governance structures, strategic frameworks, and enterprise transformation models.

What Needs to Be Done

The employee determines what needs to be done by conducting extensive investigation and comprehensive analysis of undefined, emerging, or cross-domain factors. This includes:

Evaluating the strategic impact of digital transformation, ethical AI deployment, and next-generation IT capabilities on agency mission and policy.

Difficulty and Originality Involved

The employee makes continuing efforts to:

Develop new theories, frameworks, and strategic models for enterprise IT governance and modernization.
Solve persistent challenges in interoperability, digital risk management, and strategic alignment that have resisted conventional approaches.

Level 4‑6 — 450 Points

Nature of Assignment

Work consists of broad functions and processes such as:

Planning and leading efforts to address IT issues in areas where precedents do not exist (e.g. integration of AI systems, quantum-resilient architectures, etc.).
Establishing new concepts and approaches, (e.g. innovative organizational methodologies, governance structures, or digital strategies in support of evolving organizational strategies).

Assignments are characterized by:

Exceptional breadth of scale and intensity of effort.
Often involving several activities being pursued concurrently or sequentially with engagement with internal and external stakeholders (e.g. cross-functional teams involved in hybrid computing environments, zero-trust architecture development or synthetic data modeling).
Ongoing innovation to formulate and implement new concepts, digital policy structures, and strategic solutions.

What Needs to Be Done

The employee decides what needs to be done by conducting extensive investigation and comprehensive analysis of largely undefined, emerging, or cross domain factors and conditions to determine the nature and scope of problems and to devise solutions (e.g. evaluating digital transformation impacts, ethical AI use, and next-generation IT capabilities).

Difficulty and Originality Involved

The employee makes continuing efforts to develop emergent concepts, frameworks, theories, or programmatic solutions (e.g. adaptive IT classification structures, ethical AI deployment models, predictive analytics environments), or to solve persistent challenges that have previously resisted solution.

Factor 5, Scope and Effect

This factor covers the relationships between the nature of work (i.e., the purpose, breadth, and depth of the assignment) and the effect of work products or services both within and outside the organization. Effect measures such things as whether the work output facilitates the work of others, provides timely services of a personal nature, or impacts on the adequacy of research conclusions. The concept of effect alone does not provide sufficient information to properly understand and evaluate the impact of the position. The scope of the work completes the picture to allow consistent evaluations. Consider only the effect of properly performed work. The primary components of this factor are: Scope of the Work and Effect of the Work.

Level 5‑3 — 150 Points

Cluster 1 – IT Operations and Security

Scope of the Work

Work involves addressing a variety of recurring technical issues related to system performance, user support, and IT infrastructure. Assignments require applying established IT operations, system administration, and security procedures to ensure continuity of service and compliance with organizational standards.

Effect of the Work

Work affects:

The installation, configuration, and maintenance of IT systems and network components across platforms.
The quality, integrity, and reliability of IT services delivered to internal and external users, including the confidentiality and availability of systems and data.

Level 5‑3 — 150 Points

Cluster 2 – Applications, Data, and Web Services

Scope of the Work

Work involves resolving a variety of common issues in application development, data management, and web services. Tasks are performed using established programming, database, and web development practices to ensure functionality, usability, and compliance with standards.

Effect of the Work

Work affects:

The design, testing, and implementation of applications, databases, and websites that support mission-critical operations.
The quality, integrity, and reliability of digital services and data-driven solutions provided to users and stakeholders.

Level 5‑3 — 150 Points

Cluster 3: IT Strategy and Planning

Scope of the Work

Work involves supporting strategic planning, policy development, and enterprise architecture activities by applying established frameworks and analytical methods. Assignments include gathering data, drafting documentation, and assisting in aligning IT initiatives with organizational goals.

Effect of the Work

Work affects:

The planning and documentation of IT systems and enterprise architecture across platforms.
The quality, integrity, and reliability of IT governance, compliance, and strategic alignment efforts throughout the organization.

Level 5‑3 — 150 Points

Scope of the Work

Work involves a variety of common problems, questions, or situations that are dealt with in accordance with established IT criteria.

Effect of the Work

Work affects:

The design, testing, implementation, operation, or support of IT systems across platform(s); or the quality, integrity, and reliability of IT services.

Level 5‑4 — 225 Points

Cluster 1 – IT Operations and Security

Scope of the Work

Work involves:

Establishing operational and security criteria aligned with IT frameworks (e.g., NIST, ITIL, Zero Trust).
Formulating and leading projects involving systems integration, infrastructure modernization, and automation of operational workflows.
Assessing the effectiveness of IT operations and cybersecurity programs using performance metrics, compliance audits, and service-level analytics.
Investigating and analyzing a variety of unfamiliar IT conditions, such as emerging threats, hybrid cloud configurations, or complex incident response scenarios.

Effect of the Work

Work affects a wide range of agency activities or the activities of other organizations by:

Enabling secure and resilient information system integration across platforms.
Influencing enterprise-wide risk management processes and business continuity planning.
Enhancing the reliability and performance of IT service delivery across the organization.

Level 5‑4 — 225 Points

Cluster 2 – IT Development and Analysis

Scope of the Work

Work involves:

Establishing development, data, and web service criteria aligned with IT frameworks (e.g., DevSecOps, Agile, data governance models).
Formulating projects involving application modernization, process automation, and digital service transformation.
Assessing program effectiveness through analytics dashboards, user experience metrics, and compliance with accessibility and security standards.
Investigating and analyzing unfamiliar IT conditions, such as cross-platform integration challenges, real-time data streaming, or AI-assisted development environments.

Effect of the Work

Work affects a wide range of agency activities or the activities of other organizations by:

Driving enterprise-wide application and data integration strategies.
Improving the quality, accessibility, and performance of digital services.
Supporting mission-critical decision-making through reliable and secure data systems.

Level 5‑4 — 225 Points

Cluster 3 – IT Strategy and Planning

Scope of the Work

Work involves:

Establishing strategic and architectural criteria aligned with enterprise IT frameworks (e.g., TOGAF, COBIT, Federal Enterprise Architecture).
Formulating projects involving enterprise architecture, digital transformation, and IT governance modernization.
Assessing program effectiveness through maturity models, performance scorecards, and strategic alignment reviews.
Investigating and analyzing unfamiliar IT conditions, such as evolving stakeholder needs, emerging technologies, or conflicting policy requirements.

Effect of the Work

Work affects a wide range of agency activities or the activities of other organizations by:

Shaping enterprise-wide IT strategy and investment decisions.
Influencing cross-agency collaboration, system interoperability, and digital service delivery.
Advancing the organization’s ability to adapt to technological change and policy mandates.

Level 5‑4 — 225 Points

Scope of the Work

Work involves:

Establishing criteria aligned with IT frameworks.
Formulating projects (e.g., involving system architecture, process automation, or digital transformation).
Assessing program effectiveness (e.g., though data analytics, performance metrics, and IT governance standards).
Investigating/analyzing a variety of unfamiliar IT conditions, problems, or issues.

Effect of the Work

Work affects a wide range of agency activities or the activities of other organizations (e.g., information system integration, risk management process, or enterprise-wide service delivery).

Level 5‑5 — 325 Points

Cluster 1 – IT Operations and Security

Scope of the Work

Work involves:

Isolating and defining unprecedented technological conditions, such as emergent threats from adversarial AI models or systemic vulnerabilities in legacy cloud infrastructures.
Resolving critical, cross-domain problems that span cybersecurity, systems administration, and enterprise operations.
Developing, testing, and implementing new technologies—such as intelligent automation platforms, cryptographic agility frameworks, or zero-trust orchestration—within mission-critical IT environments.

Effect of the Work

Work affects technical decision-making by senior subject matter experts and contributes to the development and strategic implementation of major aspects of agency-wide IT programs. This includes:

Influencing enterprise architecture modernization strategies.
Shaping risk management frameworks and operational resilience policies.
Enabling secure, scalable service delivery across the organization.

Level 5‑5 — 325 Points

Cluster 2 – IT Development and Analysis

Scope of the Work

Work involves:

Isolating and defining unprecedented technological conditions, such as synthetic data generation for AI training, or integration challenges across federated data ecosystems.
Resolving critical problems across application development, data architecture, and web service domains.
Designing, testing, and deploying new technologies—such as intelligent automation platforms, adaptive user interfaces, or secure API gateways—within enterprise-scale digital environments.

Effect of the Work

Work affects technical decision-making by senior IT and data leaders and contributes to the strategic implementation of major agency-wide initiatives, including:

Federated data governance strategies.
Enterprise-wide application modernization.
Digital service transformation and user experience optimization.

Level 5‑5 — 325 Points

Cluster 3 – IT Strategy and Planning

Scope of the Work

Work involves:

Isolating and defining unprecedented technological and strategic conditions, such as systemic interoperability gaps, adversarial AI risks, or legacy system constraints in cloud-native transitions.
Resolving critical problems that span enterprise architecture, IT governance, and digital transformation.
Developing, testing, and implementing new technologies and frameworks—such as synthetic data ecosystems, cryptographic agility models, or AI governance protocols—within mission-aligned IT strategies.

Effect of the Work

Work affects high-level technical and policy decisions by senior executives and contributes to the development and strategic implementation of major agency-wide IT programs, including:

Enterprise architecture modernization.
Strategic IT investment planning.
Cross-agency digital risk and governance frameworks.

Level 5‑5 — 325 Points

Scope of the Work

Work involves:

Isolating and defining unprecedented technological conditions (e.g. emergent threats for adversarial AI models or systemic vulnerabilities with legacy cloud infrastructures).
Resolving critical problems across domains.
Developing, testing, and implementing new technologies (e.g. synthetic data ecosystems, intelligent automation platforms, cryptographic agility framework, etc.) within mission-oriented IT environments.

Effect of the Work

Work affects technical decision making by senior subject matter experts or contribute to the development and strategic implementation of major aspects of agencywide IT programs (e.g. enterprise architect moderation, federate data governance strategies, etc.).

Level 5‑6 — 450 Points

Cluster 1 – IT Operations and Security

Scope of the Work

Work involves planning, developing, and executing broad, strategically integrated assignments of significant public and governmental interest. These include:

Leading cross-agency digital modernization initiatives focused on secure infrastructure, operational resilience, and cyber defense.
Managing projects that span multiple domains such as cloud service orchestration, cybersecurity compliance, and AI-enabled threat detection.
Driving innovation in operational models and security frameworks that influence federal IT operations and policy.

Effect of the Work

Work:

Often leads to recommendations for realigning IT responsibilities among agencies or restructuring government-wide operational functions, such as zero trust implementation, post-quantum readiness, or AI-enabled digital support systems.
Impacts large population segments over sustained periods through modernization of public-facing platforms, secure high-value data environments, and scalable infrastructure supporting long-term service delivery.

Level 5‑6 — 450 Points

Cluster 2 – IT Development and Analysis

Scope of the Work

Work involves planning, developing, and executing broad, strategically integrated assignments that are of significant public and governmental interest. These include:

Leading cross-agency initiatives to modernize digital services, integrate enterprise data, and deploy intelligent applications.
Managing projects that span multiple domains such as cloud-native development, secure data sharing, and AI governance.
Establishing innovative digital strategies and governance models that shape the future of public service delivery.

Effect of the Work

Work:

Often results in recommendations for restructuring how agencies manage application platforms, data governance, and digital services, such as federated data strategies, AI-assisted service delivery, or adaptive user experience frameworks.
Impacts large population segments over sustained periods by enabling modernization of public platforms, secure data ecosystems, and scalable digital infrastructure.

Level 5‑6 — 450 Points

Cluster 3 – IT Strategy and Planning

Scope of the Work

Work involves planning, developing, and executing broad, strategically integrated assignments that are of significant public and governmental interest. These include:

Leading cross-agency digital transformation efforts that align IT strategy with national priorities and mission outcomes.
Managing projects that span multiple domains such as enterprise architecture modernization, AI governance, and cloud policy development.
Establishing new digital policy structures and strategic frameworks that influence the direction of federal IT governance.

Effect of the Work

Work:

Often leads to recommendations for realigning IT responsibilities across agencies or restructuring government-wide strategic functions, such as enterprise architecture reform, post-quantum readiness, or AI governance integration.
Impacts large population segments over sustained periods by enabling long-term modernization of public services, secure digital ecosystems, and resilient infrastructure for mission-critical operations.

Level 5‑6 — 450 Points

Scope of the Work

Work involves planning, developing, and executing broad, strategically integrated assignments (e.g. cross agency digital modernization initiatives) and of significant public and the governmental interest. Projects typically span across multiple domains (e.g. cloud service orchestration, cybersecurity compliance, and AI governance) and exert strong influence across federal agencies.

Effect of the Work

Work:

Often leads to recommendations for realigning IT responsibilities among agencies or restructuring government-wide functions (e.g. zero trust implementation, post quantum readiness, AI-enable digital support systems, etc.) or other equally significant changes in the future direction of IT programs.
Impacts large population segments over sustained periods (e.g. modernization of public platforms, high-value data sharing environments, scalable infrastructure supporting long-term service delivery.)

Factor 6, Personal Contacts

These factors include face-to-face and remote dialogue (e.g., telephone, email, and video conferences) with people not in the supervisory chain. (Personal contacts with supervisors are under Factor 2 – Supervisory Controls.) Levels described under these factors consider what is required to make the initial contact, the difficulty of communicating with those contacted, the setting in which the contact takes place, and the nature of the discourse. The setting describes how well the employee and those contacted recognize their relative roles and authorities. The nature of the discourse defines the reason for the communication and the context or environment in which the communication takes place. For example, the reason for communicating may be to exchange factual information or to negotiate. The communication may take place in an environment of significant controversy and/or with people of differing viewpoints, goals, and objectives.

Only credit points under Factors 6 and 7 for contacts essential for successfully performing the work and with a demonstrable impact on its difficulty and responsibility. Factors 6 and 7 are interdependent, so use the same personal contacts to evaluate both factors.

Determine the appropriate level for Personal Contacts and the corresponding level for Purpose of Contacts. Obtain the point value for these factors from the intersection of the two levels as shown on the Point Assignment Chart at the end of this section.

Personal Contacts

Level 6−1 ⎯ 10 points

The personal contacts are with employees within the immediate office or related offices. Limited contacts with the public.

Level 6−2 ⎯ 25 points

The personal contacts are with employees and managers in the agency, both inside and outside the immediate office or related units, as well as employees, representatives of private concerns, and/or the general public, in moderately structured settings. Contact with employees and managers may be from various levels in the agency, such as:

Headquarters
Regions
Districts
Field offices
Other operating offices at the same location.

Level 6−3 ⎯ 60 points

Individuals or groups from outside the agency, including consultants, contractors, vendors, or representatives of professional associations, the media, or public interest groups, in moderately unstructured settings. This level may also include contacts with agency officials who are several managerial levels removed from the employee when such contacts occur on an ad hoc basis. Must recognize or learn the role and authority of each party during the course of the meeting.

Level 6−4 ⎯ 110 points

High-ranking officials from outside the agency at national or international levels, in highly unstructured situations. Typical contacts at this level include:

Heads of other agencies and Presidential advisors
Members of Congress
State governors or mayors of major cities
Leading representatives of foreign governments
Executives of comparable private sector organizations
Leaders of national stakeholder and/or interest groups
Nationally recognized representatives of the news media on IT matters of national importance.

Factor 7, Purpose of Contacts

Level 7−1 ⎯ 20 points

To acquire, clarify, or exchange information needed to complete the assignments, regardless of the nature of the information. The information may range from easily understood to highly technical.

Level 7−2 ⎯ 50 points

To plan, coordinate, or advise on work efforts, or to resolve issues or operating problems by influencing or persuading people who are working toward mutual goals and have basically cooperative attitudes. Contacts typically involve identifying options for resolving problems.

Level 7−3 ⎯ 120 points

To influence and persuade employees and managers to accept and implement findings and recommendations. May encounter resistance as a result of issues, such as organizational conflict, competing objectives, or resource problems. Must be skillful in approaching contacts to obtain the desired effect; e.g., gaining compliance with established policies and regulations by persuasion or negotiation.

Level 7−4 ⎯ 220 points

To present, justify, defend, negotiate, or settle matters involving significant or controversial issues; e.g., recommendations changing the nature and scope of programs or dealing with substantial expenditures. The work usually involves active participation in conferences, meetings, hearings, or presentations involving problems or issues of considerable consequence or importance. People contacted typically have diverse viewpoints, goals, or objectives requiring the employee to achieve a common understanding of the problem and a satisfactory solution by convincing them, arriving at a compromise, or developing suitable alternatives.

Factor 8, Physical Demands

This factor covers the requirements and physical demands placed on the employee by the work assignment. This includes physical characteristics and abilities (e.g., agility or dexterity requirements) and the physical exertion involved in the work (e.g., climbing, lifting, pushing, balancing, stooping, kneeling, crouching, crawling or reaching). The frequency or intensity of physical exertion must also be considered.

Note: Laws and regulations governing pay for irregular or intermittent duty involving unusual physical hardship or hazard are in section 5545(d), of title 5, United States Code, and Subpart I of part 550 of title 5, Code of Federal Regulations.

Level 8−1 ⎯ 5 points

The work is sedentary. Some work may require walking and standing in conjunction with travel and to attendance at meetings and conferences away from the work site. Some employees may carry light items, such as papers, books, or small parts, or drive a motor vehicle. The work does not require any special physical effort.

Factor 9, Work Environment

This factor considers the discomfort and risk of danger in the employee’s physical surroundings and the safety precautions required. Although safety regulations and techniques can reduce or eliminate some discomfort and dangers, they typically place additional demands upon the employee.

Level 9−1 ⎯ 5 points

The work area is adequately lighted, heated, and ventilated. The work environment involves everyday risks or discomforts that require normal safety precautions. Some employees may occasionally be exposed to uncomfortable conditions in such places as research and production facilities.

Factor Illustrations

Illustrations are provided in this part as a tool to give insight into the meaning of the FLDs for Factors 1, 4, and 5. Consider each illustration in its entirety and in conjunction with the FLDs. Do not rely solely on these illustrations in evaluating positions.

For additional information about the proper use of illustrations, see the How To Use This Grading Information section of this PCS.

Factor 1 Illustrations

Level 1-7 Illustrations

Cluster 1 – IT Operations and Security

Knowledge of cybersecurity principles and enterprise infrastructure is sufficient to lead the implementation of a zero trust architecture across a hybrid cloud environment, ensuring secure access, continuous monitoring, and compliance with federal mandates.
Knowledge of performance monitoring tools and systems administration is sufficient to diagnose and resolve latency issues in a multi-site server environment by implementing automated patching and load balancing strategies.
Knowledge of incident response protocols and analytical methods is sufficient to investigate a multi-vector cyber intrusion, coordinate containment and recovery, and document lessons learned for future mitigation.
Knowledge of cloud migration strategies and IT infrastructure is sufficient to plan and execute the transition of legacy systems to a secure cloud platform, ensuring minimal disruption to mission-critical operations.
Knowledge of project management principles and cross-functional IT operations is sufficient to lead a team integrating customer support platforms with backend systems, coordinating efforts across helpdesk, network, and cybersecurity teams.

Level 1-7 Illustrations

Cluster 2 – IT Development and Analysis

Knowledge of secure coding practices and web development frameworks is sufficient to design and implement a responsive, accessible web application, ensuring compliance with Section 508 and agency cybersecurity standards.
Knowledge of data governance and metadata standards is sufficient to establish tagging and retention policies for an enterprise data warehouse, improving discoverability and compliance with federal data strategy.
Knowledge of microservices architecture and containerization tools is sufficient to refactor a legacy application into a modular, cloud-native solution, enhancing scalability and maintainability.
Knowledge of system integration testing and user acceptance protocols is sufficient to coordinate testing for a new analytics platform, ensuring seamless integration with existing databases and tools.
Knowledge of acquisition policies and cost-benefit analysis is sufficient to evaluate and recommend a commercial data visualization tool, lead its implementation, and train end users.

Level 1-7 Illustrations

Cluster 3 – IT Strategy and Planning

Knowledge of enterprise architecture frameworks and strategic planning is sufficient to develop a multi-year roadmap that aligns cloud adoption, cybersecurity modernization, and digital service delivery with agency mission goals.
Knowledge of IT investment planning and cost-benefit analysis is sufficient to evaluate proposed IT initiatives, prepare executive briefings, and advise leadership on prioritization and alignment with strategic objectives.
Knowledge of IT governance models and policy development is sufficient to establish an IT governance board, define project intake processes, and implement performance measurement standards.
Knowledge of risk management and emerging technologies is sufficient to analyze the impact of AI and blockchain on agency operations, and develop mitigation strategies for integration into the digital transformation plan.
Knowledge of interagency collaboration and digital policy frameworks is sufficient to represent the agency in a federal working group, contribute to shared digital identity standards, and ensure internal alignment with enterprise architecture.

Level 1-7 Illustrations

Knowledge of, and skill in applying:

Systems analysis concepts and methods
Customer business requirements
Life-cycle management concepts, cost benefit analysis
Policy and planning formulation process
Requirements analysis methods, and COTS products and components
Applications software design concepts and methods
Requirements for certification and accreditation
Network architecture principles and concepts
Network optimization techniques
Internet and cloud protocols
Database management concepts and principles
The organization’s data assets, storage, and project management
Installed operating systems, network systems, applications, protocols, and equipment
Applications software development, methods for integrating and optimizing components, and infrastructure requirements, customer support principles, concepts, and methods
Analytical reasoning

sufficient to:

Develop technical requirements for new or modified applications.
Evaluate the feasibility of proposed new system development.
Evaluate the impact of changes in business needs on current policy.
Translate functional requirements into design specifications.
Determine and properly configurate systems components.
Plan and conduct security accreditation review for installed systems and networks.
Establish connectivity between remote sites.
Perform network diagnostics, analyzing network traffic patterns.
Develop data models, produce database design schema for integrating source data into data management systems.
Troubleshoot database problems, maintain version control of database entities; and advise customers on new database features.
Establish network access protocols to enable customers to gain local or remote access.
Provide technical guidance in designing, coding, testing, debugging, and maintaining programs.
Apply computer assisted software engineering (CASE) tools to the design and development process.
Test, install, implement, document, and maintain software.
Analyze and determine optimal hardware and software configurations.
Provide technical guidance in the design, coding, testing, and debugging process.
Assist customers in installing applications.
Troubleshoot post-installation problems.
Coordinate the technical support of deployed applications.

Level 1-8 Illustrations

Cluster 1 – IT Operations and Security

Mastery of cybersecurity frameworks (e.g., NIST, FISMA) and enterprise infrastructure is sufficient to develop and implement a zero-trust architecture strategy across a multi-cloud environment, ensuring secure access, continuous monitoring, and alignment with federal mandates.
Mastery of hybrid cloud orchestration and systems administration is sufficient to lead the modernization of legacy infrastructure, integrating AI-driven automation and software-defined networking to improve operational resilience and reduce downtime.
Mastery of IT governance and risk management principles is sufficient to advise senior executives on cyber risk posture, including the development of enterprise-wide incident response strategies and investment in post-quantum cryptographic readiness.
Mastery of cross-domain IT operations and technical communication is sufficient to brief agency leadership on the implications of emerging technologies, such as AI-enabled threat detection, and recommend strategic shifts in IT service delivery models.
Mastery of project management and enterprise architecture is sufficient to lead a cross-agency initiative to consolidate data centers, improving service efficiency, reducing costs, and enhancing cybersecurity compliance.

Level 1-8 Illustrations

Cluster 2 – IT Development and Analysis

Mastery of application architecture and secure coding standards is sufficient to design and lead the implementation of a low-code/no-code platform, enabling rapid development of secure, scalable applications across business units.
Mastery of data governance and analytics frameworks is sufficient to develop and institutionalize a federated data strategy, enabling secure, real-time data sharing across agencies while ensuring compliance with privacy and ethical AI standards.
Mastery of AI/ML integration and agile development practices is sufficient to lead the deployment of intelligent automation tools that streamline business processes and improve decision-making across mission-critical systems.
Mastery of digital service design and user experience principles is sufficient to advise senior leadership on modernizing public-facing platforms, ensuring accessibility, performance, and alignment with digital government goals.
Mastery of enterprise IT architecture and technical communication is sufficient to present a comprehensive digital transformation roadmap to executive stakeholders, aligning application modernization with long-term strategic objectives.

Level 1-8 Illustrations

Cluster 3 – IT Strategy and Planning

Mastery of enterprise architecture frameworks and strategic planning is sufficient to develop a multi-year IT modernization strategy, integrating cloud-native platforms, AI governance, and cybersecurity resilience into the agency’s digital transformation agenda.
Mastery of IT investment analysis and governance models is sufficient to advise senior executives on prioritizing technology portfolios, balancing innovation with risk and aligning IT initiatives with mission and policy objectives.
Mastery of interagency collaboration and digital policy development is sufficient to lead the creation of a government-wide framework for ethical AI use, ensuring interoperability, transparency, and accountability across federal systems.
Mastery of risk management and emerging technology evaluation is sufficient to conduct strategic assessments of post-quantum readiness, advising leadership on necessary shifts in cryptographic infrastructure and procurement planning.
Mastery of strategic communication and IT governance is sufficient to brief executive and interagency audiences on digital risk posture, influencing national IT policy and shaping the agency’s role in cross-government digital initiatives.

Level 1-8 Illustrations

Mastery of, and skill in applying:

Interrelationships of multiple IT disciplines
System analysis principles and techniques
Enterprise IT architecture and, policies and planning concepts and principles
Performance management and measurement methods and tools, implements business requirements of customer organizations
Operating system theories and concepts, internet, cloud technologies
System’s security principles and concepts
Internet services architecture
Data mining, storage, and warehousing methods systems development principles and approaches
Information systems security principles and concepts
Applications software design concepts and methods
Network management methods including advanced network technologies
Customer support principles, methods, and practices
Project management methods

sufficient to:

Lead IT systems development projects from design to support.
Evaluate the impact of the design policies and assess new system design methodologies to improve software quality.
Establish priorities for IT investments and metrics and associated performance measurement tools.
Upgrade from hubs to switches, consolidate regional network, and redesign network infrastructure.
Identify internet policy needs and priorities.
Lead, plan, coordinate the development of data structures and access.
Evaluate impact of new and proposed applications on the operating environment.
Evaluate the effectiveness of installed systems and services.
Provide advice on and devise solutions to a wide range of IT issues.

Factor 4 Illustrations

Level 4-4 Illustrations

Nature of Assignment

Work may consist of any and/or all but not limited to:

Conducting audits of IT systems development, operations, and management to ensure agency compliance with all applicable laws and regulations.
Resolving difficult customer support requests, e.g., those involving integration or configuration-related issues.
Analyzing, evaluating full and/or portion of the enterprise IT, and recommending solutions to meet architectural requirement.
Implementing and maintaining IT security system.
Performing end-to-end development of design specifications to include new applications.
Providing full range of application development for major software projects.
Install, test, and implement operating system modifications according to vendor’s specifications.
Serving as local area network (LAN) administrator.
Implementing new database, structure and format, converting legacy data to new format.
Managing and optimize Internet protocol (IP) servers to ensure high availability and optimal performance of the organization’s website.
Developing standard operating procedures and user guides with detailed instructions for implementing IT systems security policies.
Implementing and maintaining IT security systems that are applied to a variety of applications.

What Needs to Be Done

Performs the following duties:

Defines client requirements for new and modified systems and services based on analysis of business needs and practices.
Identifies and breaks down problems using structured problem resolution approaches.
Identifies system objectives, functions, and customer requirements, and evaluate hardware and software alternatives and systems design strategies.
Analyzes existing systems capabilities, compatibility, and interoperability, and prepare technical specifications.
Evaluates current IT systems, including performance, security, capacity, scalability, cost, and other relevant factors.
Applies widely used architecture reference models to describe systems components, functions, and interrelationships.
Selects and applies load-balancing tools to provide faster throughput increase server link resiliency and enhance reliability.
Reviews system documentation including IT project implementation plans, security policies and procedures, hardware, software, and network diagrams and configuration management controls, database administration controls, and contractual agreements for technical support for compliance with applicable standards.
Coordinates, installs, maintains, troubleshoots, and fine-tunes the LAN including all hardware, software, telecommunications, and networking components.
Ensures confidentiality, integrity, and availability of systems and data accessible on the LAN.
Tests and validates the operating environment.
Designs input and output forms and documents.
Monitors, evaluates, and reports on the status and condition of IT security programs.
Describes the organization, format, and database content; and determines physical storage requirements based on analysis of volume, size of records and files, expected growth, access methods, and available data compression methods.
Assists in planning and coordinating systems design, acquisition, testing, installation, and support.
Serves as primary liaison with clients on all matters related to systems operations and support.
Assists in planning and coordinating systems design, acquisition, testing, installation, and support.
Serves as primary liaison with clients on all matters related to systems operations and support.

Difficulty and Originality Involved

Exercises judgment to:

Evaluate and determine optimal systems development approaches.
Integrate a variety of systems development activities.
Determine when to reconfigure and upgrade IP servers.
Analyze missions, plans, organization structure, current and planned infrastructures, and other related factors affecting enterprise network requirement.
Independently determine the feasibility of installing vendor-supplied modifications.
Solve a wide range of operational and support problems and issues.
Ensure that changes in client requirements are addressed.

Level 4-5 Illustrations

Cluster 1 – IT Operations and Security

Nature of Assignment

Work consists of a variety of duties requiring the application of many different, diverse, and unrelated processes and methods to a broad range of IT activities or functions, such as digital infrastructure, systems integration, and enterprise-wide technologies. Assignments often involve in-depth analysis of IT issues related to interoperability, cybersecurity, and performance optimization across hybrid and multi-cloud environments.

What Needs to Be Done

Ongoing evaluation of stakeholder and customer business requirements.
Rapidly evolving and emerging technologies, such as zero-trust architecture, AI-driven automation, or edge computing.

Difficulty and Originality Involved

The employee:

Develops new IT standards, methods, and techniques for operations, support, and security.
Evaluates the impact of technological change across IT infrastructure domains, including legacy modernization and system life-cycle management.
Conceives solutions to highly complex technical issues involving governance, resilience, user experience, or cross-functional integration.

The work frequently involves integrating the activities of multiple IT functional areas, such as cybersecurity, systems administration, and network engineering.

Level 4-5 Illustrations

Cluster 2 – IT Development and Analysis

Nature of Assignment

What Needs to Be Done

Ongoing evaluation of stakeholder and customer business requirements.
Rapidly evolving and emerging technologies, such as AI-assisted development, low-code/no-code platforms, and real-time analytics.

Difficulty and Originality Involved

The employee:

Develops new standards, methods, and techniques for application development, data management, and web services.
Evaluates the impact of technological change across application and data ecosystems, including cloud migration and platform modernization.
Conceives solutions to highly complex technical issues involving user experience, data governance, and cross-functional integration.

The work frequently involves integrating the activities of multiple IT functional areas, including development, data engineering, and cybersecurity.

Level 4-5 Illustrations

Cluster 3 – IT Strategy and Planning

Nature of Assignment

Work consists of a variety of duties requiring the application of many different, diverse, and unrelated processes and methods to a broad range of IT activities or functions, such as digital strategy, enterprise architecture, and IT governance. Assignments often involve in-depth analysis of IT issues related to interoperability, security, and performance optimization across enterprise-wide systems and platforms.

What Needs to Be Done

Ongoing evaluation of stakeholder and customer business requirements.
Rapidly evolving and emerging technologies, such as multi-cloud environments, AI integration, and zero-trust security models.

Difficulty and Originality Involved

The employee:

Develops new IT standards, methods, and techniques for strategic planning, architecture, and policy.
Evaluates the impact of technological change across IT strategy and infrastructure domains, including legacy modernization and digital transformation.
Conceives solutions to highly complex technical issues involving governance, resilience, and cross-functional integration.

The work frequently involves integrating the activities of multiple IT functional areas, including architecture, cybersecurity, operations, and policy.

Level 4-5 Illustrations

Nature of Assignment

Work may consist of any and /or all the assignments below but not limited to:

Plan and coordinate multilayer projects that involve multiple stages in the systems development life cycle management process (e.g. system analysis, software development, data administration and customer support).
Lead agency-wide IT policy development efforts, and/or agency-wide development of enterprise architecture development that includes future plans.
Establish, interpret and implement all requirements for agency infrastructure compliance.
Plan and coordinate agencywide implementation of process improvement methods.
Develop and standardize system designs methods to improve the quality of software products.
Manage major changes to the systems environment (e.g., implementation of major new applications or conversion to new operating systems).
Coordinate work for a multidisciplinary team in diagnosing sources of system interruption, develop and implement corrective actions.
Develop and translate data models into workable databases, and/or design enterprise database strategies for various functions such as backup, migration and correction of complex operational and performance problems.
Plan, design, develop, test, implement, and manage internal and external websites to optimize communication with relevant clientele.
Develop agencywide procedures that respond to threats to the systems confidentiality, integrity, and availability, e.g., checking key files for problems and reviewing running operations to ensure that only authorized processes are running, and/or exercise overall responsibility for continued functionality of all servers in the enterprise LAN.
Serve as client manager and advocate in all aspects, e.g. ensuring customers services are customized to meet specific customers requirement, to include but not limited during the system development process and from translation functional requirement through system testing.

What Needs to Be Done

Performs the following duties:

Defines overall project requirements.
Plans and coordinates systems design, development, and implementation.
Oversees support of installed systems and services.
Resolves a wide range of technical and management issues to include reviewing and evaluating agency infrastructure protection programs, policies, guidelines, tools, methods, and technologies.
Identify current and potential problem areas and update and/ or establish new requirements.
Develops plans for transitioning from current environment to target environment.
Conference with IT managers to discuss progress, attainment of goals and timeframe.
Reviews agency strategic plans to ensure plans for the target infrastructure environment continue to be integrated with agency strategic goals.
Reviews and refines final products prior to final submission.
Serves as agency’s principal advocate for the application of process improvement consulting with appropriate agency authority or authorities.
Identifies and evaluates an effective system design methodologies and benchmark best practices.
Develops, tests, and evaluates prototypes and the result, and selects methods most appropriate with high customer satisfaction.
Develops project plans after review and approval of the technical requirements.
Serves as the expert technical advisor to team members, and as the primary point of contact (POC) between the customers, vendors, and IT management throughout the process.
Plans and coordinates operating system changes and/or activities with applications developers, telecommunications specialists, facilities managers, vendors, and customers.
Carefully manages the implementation and deployment.
Quickly and accurately isolates, identifies and implements corrective action or actions involving network service problems.
Generates models capable of accommodating new and unanticipated business requirement.
Selects appropriate modeling methodologies and tools (e.g., CASE data modeling products).
Maps the overall Web design, structure, functionality, integrity and security.
Analyzes website statistics and direct on-going maintenance and enhancement efforts.
Makes recommendations for a fully compliant infrastructure protection program to be implemented throughout the agency.

Difficulty and Originality Involved

Exercises considerable judgment, originality, and resourcefulness in developing, defining plans and implementation strategies to:

Ensure that systems and services are developed and delivered in accordance with customer requirements and current technology.
Evaluate the effectiveness of current enterprise architecture framework and ensure recommendations are aligned with agency’s mission and goals.
Monitor agency’s compliance with infrastructure protection requirements and adjust program guidelines in response to changing technologies.
Champion the implementation of standardized methods throughout the agency, and advocate the benefits of implementing business-driven quality and process improvement.
Ensure applications are thoroughly tested, results documented; and security certifications are obtained prior to deployment.
Resolve all operating system technical and management problems/issues.
Recommend actions to management to avert future Network challenges to the integrity and availability of the network.
Ensure selected data models are adaptable, and capable of responding to changing requirements.
Lead a multi-disciplinary website team, serving as technical consultant in developing web-based applications to include Web-based database management.
Develop performance standards that can be applied uniformly throughout the LAN, and identify actions necessary to correct performance deficiencies.
Provide authoritative technical advice and guidance to any and/or the following areas but not limited to system administrators, evaluating new internet, designing and implementing agency-wide software application, database management, diagnosing sources of service interruptions, and /or establishing, implementing, and interpreting the requirements for agency compliance directives and Executive Orders, updating agency’s strategic plans for IT programs.
Maintain regular contact with all customers and stakeholders and initiate appropriate service modification to meet customer changing requirements.

Factor 5 Illustrations

Level 5-3 Illustrations

Scope of the Work

Work involves configuring systems, developing standard procedures, troubleshooting recurring problems, updating documentation, or implementing routine enhancements. The work is carried out under established guidelines and precedents, and supports the operation, maintenance, or improvement of organizational IT systems or services.

Effect of the Work

Work ensures accuracy, reliability, and acceptability of the services or products provided by the IT office or program. It directly impacts the efficiency and effectiveness of IT systems used by customers or other functional areas within the organization. While the work does not typically affect major activities of large organizations or outside agencies, it ensures that users have dependable access to required systems and data, and that minor to moderate problems are addressed promptly to maintain productivity and operational continuity.

Level 5-4 Illustrations

Cluster 1 – IT Operations and Security

Scope of the Work

Work involves the design, development, and implementation of new or significantly enhanced operational systems and security frameworks. The employee:

Establishes operational and security criteria aligned with frameworks such as NIST, ITIL, and Zero Trust.
Leads major segments of IT modernization efforts, including infrastructure upgrades, systems integration, and automation of operational workflows.
Conducts in-depth analyses of hybrid cloud environments, emerging cyber threats, and complex incident response scenarios.
Coordinates with cybersecurity, network, and operations teams to ensure alignment with enterprise risk management and compliance requirements.

Effect of the Work

Work can lead to:

Cost savings through automation and improved infrastructure efficiency.
Enhanced information assurance by implementing enterprise-level security controls.
Improved business processes and service reliability across the organization.
Better alignment of IT operations with mission and business objectives.

Level 5-4 Illustrations

Cluster 2 – IT Development and Analysis

Scope of the Work

Work involves the design, development, and implementation of new or significantly enhanced applications, data platforms, and digital services. The employee:

Establishes development, data, and web service criteria aligned with frameworks such as DevSecOps, Agile, and data governance models.
Leads projects involving application modernization, process automation, and digital transformation.
Conducts in-depth evaluations of cross-platform integration, real-time data streaming, and AI-assisted development environments.
Coordinates with developers, data engineers, and user experience teams to ensure interoperability and compliance with accessibility and security standards.

Effect of the Work

Work can lead to:

Cost savings through streamlined development and deployment processes.
Improved digital service quality, accessibility, and performance.
Enhanced decision-making through secure, reliable, and integrated data systems.
Stronger alignment of application and data strategies with mission needs.

Level 5-4 Illustrations

Cluster 3 – IT Strategy and Planning

Scope of the Work

Work involves the design, development, and implementation of new or significantly enhanced IT strategies, governance models, and enterprise architectures. The employee:

Establishes strategic and architectural criteria aligned with frameworks such as TOGAF, COBIT, and the Federal Enterprise Architecture.
Leads projects involving digital transformation, IT governance modernization, and enterprise architecture development.
Conducts in-depth analysis of evolving stakeholder needs, emerging technologies, and conflicting policy requirements.
Coordinates with business units, technical teams, and policy stakeholders to ensure strategic alignment and compliance.

Effect of the Work

Work can lead to:

Cost savings through optimized IT investments and streamlined governance.
Improved business processes and strategic alignment across the enterprise.
Enhanced adaptability to technological change and policy mandates.
Stronger cross-agency collaboration and system interoperability.

Level 5-4 Illustrations

Scope of the Work

Work involves the design, development, and implementation of new or significantly enhanced information systems, policies, or security frameworks. The employee conducts in-depth analyses, evaluates alternative approaches, and applies a broad understanding of emerging IT trends and technologies. The work requires coordination with multiple stakeholders and consideration of interrelated technical and administrative requirements.

Projects may involve leading major segments of IT modernization efforts, establishing enterprise-level security controls, developing strategic IT plans, or implementing new platforms and services that require integration with existing systems and procedures.

Effect of the Work

Work can lead to cost savings, improved business processes, enhanced information assurance, and better alignment of IT with mission and business objectives.

Level 5-5 Illustrations

Cluster 1 – IT Operations and Security

Scope of the Work

Work involves:

Isolating and defining unprecedented technological conditions, such as emergent threats from adversarial AI models or systemic vulnerabilities in legacy cloud infrastructures.
Resolving critical, cross-domain problems that span cybersecurity, systems administration, and enterprise operations.
Developing, testing, and implementing new technologies—such as intelligent automation platforms, cryptographic agility frameworks, or zero-trust orchestration—within mission-critical IT environments.
Leading enterprise-wide initiatives that require coordination with senior leadership, law enforcement, and oversight bodies (e.g., OIG) to investigate and mitigate serious IT security violations.
Providing authoritative guidance on the application of advanced technologies to support secure, scalable, and resilient service delivery.

Effect of the Work

Work affects technical decision-making by senior subject matter experts and contributes to the development and strategic implementation of major aspects of agency-wide IT programs. This includes:

Influencing enterprise architecture modernization strategies.
Shaping risk management frameworks and operational resilience policies.
Enabling secure, scalable service delivery across the organization.
Contributing directly to the protection of critical infrastructure and the agency’s ability to respond to major cybersecurity incidents.

Level 5-5 Illustrations

Cluster 2 – IT Development and Analysis

Scope of the Work

Work involves:

Isolating and defining unprecedented technological conditions, such as synthetic data generation for AI training or integration challenges across federated data ecosystems.
Resolving critical problems across application development, data architecture, and web service domains.
Designing, testing, and deploying new technologies, such as intelligent automation platforms, adaptive user interfaces, or secure API gateways within enterprise-scale digital environments.
Leading the development of enterprise data models and metadata strategies that support evolving business needs and regulatory requirements.
Overseeing the implementation of e-Government platforms and digital services that require integration of diverse technologies and compliance with security and accessibility standards.

Effect of the Work

Work affects technical decision-making by senior IT and data leaders and contributes to the strategic implementation of major agency-wide initiatives, including:

Federated data governance strategies.
Enterprise-wide application modernization.
Digital service transformation and user experience optimization.
Improved ability to manage, discover, and apply data assets in support of mission-critical operations.

Level 5-5 Illustrations

Cluster 3 – IT Strategy and Planning

Scope of the Work

Work involves:

Isolating and defining unprecedented technological and strategic conditions, such as systemic interoperability gaps, adversarial AI risks, or legacy system constraints in cloud-native transitions.
Resolving critical problems that span enterprise architecture, IT governance, and digital transformation.
Developing, testing, and implementing new technologies and frameworks—such as synthetic data ecosystems, cryptographic agility models, or AI governance protocols—within mission-aligned IT strategies.
Leading cross-agency planning efforts and serving as the principal point of contact for external coordination on enterprise IT initiatives.
Advising senior executives on the strategic implications of emerging technologies and policy shifts and integrating performance metrics into enterprise planning and investment decisions.

Effect of the Work

Work affects high-level technical and policy decisions by senior executives and contributes to the development and strategic implementation of major agency-wide IT programs, including:

Enterprise architecture modernization.
Strategic IT investment planning.
Cross-agency digital risk and governance frameworks.
The agency’s ability to adapt to technological changes and meet evolving mission and policy requirements.

Level 5-5 Illustrations

Scope of the Work

Work may include the following but not limited to:

Planning, developing, coordinating and delivering systems and services that are responsive to customer’s needs.
Providing authoritative technical advice and guidance to senior management and stakeholders concerning emerging IT issues and impact of the issues and the appropriate application of technology in support of agency missions and programs.
Representing agency in all investigations of serious IT security violations, such as integrity of the organization’s infrastructure (e.g., unauthorized access to financial systems).
Cooperating, and coordinating with all internal investigation including OIG initiated and all law enforcement organizations.
Identifying significant real or potential cybersecurity issues, problems, trends, and weaknesses.
Proposing specific recommendations based on findings and developing strategies for corrective actions to include prevention of futures IT security challenges.
Evaluating the feasibility of new systems design methodologies that meets agency system design requirements.
Leading all phases of multiple design teams in the development of system specifications for new major applications.
Developing and implementing plans, new applications development methods and models that incorporate new technologies, such as object-oriented design and analysis and software architecture.
Conducting research on emerging technologies.
Planning, developing, and organizing pilot tests in controlled environments.
Recommending adoption of new methodologies based on favorable feasibility analyses.
Leading an enterprise-level network project, such as establishing connectivity for new mission requirements or new customer organizations or accommodating changes in legislation.
Implementing the full range of project management functions from project planning through evaluation and reporting of project accomplishments.
Developing and maintaining enterprise data models that define the agency’s information needs and business processes.
Updating models to reflect major changes in business requirements.
Establishing and providing guidance in the application of standards and guidelines for the creation of metadata that address current and future.
Identifying and evaluating both the tools for creating metadata, and designing metadata model format and templates.
Participating, planning, developing, and implementing an e-Government site used to deliver services to the public.
Coordinating the acquisition, installation, and configuration of the end-to-end infrastructure supporting the site.
Ensuring the availability and security of applications installed on the site.
Integrating diverse server platforms into the existing architecture.
Serving as the principal point-of-contact with external planning groups.
Developing policies and procedures for system administration that facilitate cross-agency system interoperability.
Researching and evaluating new customer service management systems.
Providing recommendation based on cost benefit analysis.
Overseeing implementation of new systems and services.
Integrating metrics within existing performance measurement systems.
Monitoring and overseeing the implementation of the new system, developing training guides, and monitoring customer support supervisors and managers in their application.

Effect of the Work

Ensures the agency’s ability to respond to major changes and meet mission requirements through the optimal application of IT systems and services.
Responds to major business and technical changes which enable agency to make informed decisions on focus and directions.
Affects agency’s ability to develop, implement and integrates its comprehensive EA program, and expand its advance technological initiatives.
Contributes directly to the successful investigation of serious IT security violations and effectively protecting the systems infrastructure.
Results enable continuous assessment and evaluation of new technologies, agency’s system design and development, and systems that support accomplishment of strategic business requirements.
Enhances the design and development of software applications.
Results ensure agency’s ability to leverage all advances in network technologies enabling improvement in delivery of services that support agency’s mission requirements.
Results in agency ability to effectively identify, describe, locate and manage data in a manner that contributes towards the accomplishment of agency mission, while informing customers of the value, attributes and application of data maintained.
Results provide agency the optimum advantage and opportunity through leveraging Internet technologies in accomplishing its mission and availing customer organizations the ability to deliver mission critical services to a broader and wider population efficiently and effectively.
Integration of diverse server platform within existing architecture enhances agency ability to effectively and efficiently accomplish its vital business processes.
Serves as the principal point-of-contact with external groups in the planning and coordination of efforts to enhance the agency’s potential to interoperate across agency lines.
Researches and evaluates new customer service management systems and integrates metrics within existing performance measurement systems which enhances the quality and responsiveness of customer support services.
Develops and institutes performance metrics to evaluate effectiveness, efficiency and economy that supports agency mission, goal and increased productivity.

Additional Information Technology Resources

This resource list contains federal information technology (IT) sources. This list is by no means exhaustive and will be updated periodically to reflect changes in the IT field.

Cyber Career Pathways Tool – An interactive way to explore the updated Work Roles within the NICE Framework. The Tool depicts the cyber workforce according to distinct, yet complementary skill communities.
Department Of Defense: DoD Cyber Workforce Framework – Workforce Elements
Guidance For Assigning New Cybersecurity Codes To Positions With Information Technology, Cybersecurity, and Cyber-Related Functions
Interpretive Guidance for Cybersecurity Positions (New Issuance FY 26)
National Initiative for Cybersecurity Careers and Studies (NICCS) NICE Workforce Framework For Cybersecurity (NICE Framework) – A nationally focused resource to help employers develop their cybersecurity workforce. It establishes a common lexicon that describes cybersecurity work and workers regardless of where or for whom the work is performed.
National Institute of Standards and Technology (NIST) Cybersecurity Framework – A guide for industry, government, and organizations to reduce cybersecurity risks.
O*Net Online – The nation's primary source of occupational information, maintained by the Bureau of Labor Statistics. Central to the project is the O*NET database, containing hundreds of standardized and occupation-specific descriptors on almost 1,000 occupations covering the entire U.S. economy.
Skills-Based Hiring Guidance and Competency Model for Artificial Intelligence Work

Historical Record and Explanatory Material

This section describes the development of this Position Classification Standard for the Information Technology Management Series. This section will highlight some key dates and milestones and provide information about the development of the series and addresses concerns expressed by reviewing agencies.

Background, Key Dates, and Milestones

The U.S. Office of Personnel Management (OPM) has updated this standard for alignment with skills-based hiring initiatives.

This new framework integrates general, technical, and emerging competencies directly into Federal classification standards. Competencies help identify the paramount knowledge requirements for positions, reinforce consistent grade‑level determinations, and support the shift to skills‑based hiring and assessment across Government.

Competency‑Based Classification Standards for White Collar Work

This competency‑driven framework integrates general, technical, and emerging competencies directly into Federal classification standards. Competencies help identify the paramount knowledge requirements for positions, reinforce consistent grade‑level determinations, and support the Governmentwide transition to skills‑based hiring and assessment.

Purpose and scope of competency‑based classification

Competency‑based classification modernizes how agencies describe and evaluate Federal work by focusing on the actual capabilities required for successful job performance. This framework embeds up‑to‑date competencies into occupational structures to reflect evolving mission needs, technologies, and work environments. It provides a clearer, more consistent way to define work, differentiate levels of responsibility, and support fair and transparent classification decisions.

Relationship between classification, qualifications, and assessment policy

Competencies function as the shared foundation that connects classification, qualifications, and assessment.

In classification, competencies define the level and nature of knowledge required, helping agencies determine the proper series and grade.
In qualification policy, they establish minimum proficiency expectations for applicants.
In assessment, they form the basis for evaluating candidates’ demonstrated behaviors, skills, and abilities through valid and job‑related tools.

This integration creates a unified talent management framework that is consistent with merit system principles and ensures agencies can identify, hire, and develop employees based on demonstrated capability rather than credentials alone.

Alignment between competencies, knowledge, skills, and abilities (KSAs) and the relationship to classification

Competencies translate the underlying knowledge, skills, and abilities (KSAs) needed for a job into observable, measurable indicators of performance. This alignment ensures that classification decisions reflect not only the technical subject‑matter knowledge required but also the behavioral expectations, problem‑solving demands, and interaction patterns inherent in the work.

By integrating competency models into classification—particularly in evaluating Factor 1 (Knowledge Required)—agencies can more accurately describe the nature of work, differentiate grade levels, and distinguish between related occupations. This results in classification standards that are more consistent, current, and reflective of real‑world job performance requirements.

How competency‑based standards support workforce agility, modernization, and mission alignment

Competency‑based standards strengthen the Federal workforce’s ability to adapt and evolve. Because competencies can be updated more rapidly than traditional classification narratives, they allow agencies to keep pace with new technologies, shifting mission priorities, and emerging skill sets.

This framework:

Promotes workforce agility, enabling agencies to realign roles as mission needs change.
Supports modernization, including digital transformation and data‑driven operations.
Enhances mission alignment, ensuring employees possess the competencies needed to meet strategic objectives and deliver high‑quality public service.

Overall, competency‑based classification enables a more resilient, capable, and future‑ready workforce.

Timeline: Evolution of the Information Technology Management Series (GS‑2210)

Today – Competency‑Based Classification Era

OPM has modernized the 2210 series by integrating competencies directly into the classification standard. The updated approach embeds general, technical, and emerging competencies to improve grade distinctions, strengthen alignment with qualifications and assessment policy, and support skills‑based hiring. This shift creates a more agile, mission‑aligned, and future‑ready Federal IT workforce.

2018 – Major Revision and Expansion

A significant update added an expanded IT glossary, refined guidance on specialties, and clarified expectations for applying factor‑level descriptions. The revision reinforced the need for ongoing updates due to rapid evolution in IT work.

2011 – Policy and Structural Enhancements

Updates focused on strengthening consistency in grading criteria, updating specialty definitions, and refining occupational information to reflect changes in IT roles.

2008 – Additional Clarifications and Updates

OPM refined factor‑level descriptions, provided additional illustrations, and clarified the use of parenthetical specialty titles to help ensure uniform application across agencies.

2003 – Early Post‑Issuance Revisions

OPM reviewed agency feedback and released updates to strengthen clarity, enhance factor guidance, and resolve inconsistencies identified during early implementation.

May 2001 – Official Establishment of the GS‑2210 Series

OPM formally issued the Information Technology Management Series, 2210, replacing the outdated 0334 Computer Specialist Series. This was the first installment of the new Information Technology Group, 2200, and it set the foundation for a modern IT occupational structure across Government.

March 2001 – Final Agency Review Before Issuance

Agencies participated in a final 30‑day “quick review” of the near‑final draft, leading to additional refinements based on comments.

July 2000 – Draft Released for Governmentwide Testing

OPM released the draft IT Job Family Standard for a 90‑day review and test application period. More than 35 agencies submitted comments that shaped the final standard.

March–May 2000 – Intensive Fact‑Finding

OPM conducted extensive research through focus groups, position descriptions, organization charts, and other sources to develop the first full draft of the IT standard.

March 2000 – Introduction of 11 New IT Specialty Titles

Based on feedback from focus groups, OPM proposed eleven specialty titles to better reflect the evolving nature of IT work.

Summer 1999 – Large‑Scale Workforce Engagement

OPM held over 45 focus groups with more than 500 employees across major agencies to assess IT specializations and gather input for creating a new job family standard.

April 1999 – Launch of the IT Job Family Study

OPM announced the beginning of a comprehensive occupational study to replace the outdated 0334 series and formally recognize the rapidly expanding role of information technology in Federal operations.

Competency-Based Classification Standard for the Information Technology Management Series, 2210

Resources For

Introduction

Coverage

Establishing the Occupational Series and Standard

General Series Determination Guidelines

Distinguishing Between IT Workers and IT Users

Distinguishing Between Administrative Work and Professional Work

Understanding the Distinction between Professional and Administrative IT Work

General Series, Titling, and Occupational Guidance

Official Titling Provisions

Series Definition

Titling

General Occupational Information

The Role of Competencies

Important General Competencies

Impact of Automation

Additional Occupational Considerations

Crosswalk to the Standard Occupational Classification

Grading Information

Position Evaluation Summary Worksheet

Factor Level Descriptions (FLDs)

Factor 1, Knowledge Required by the Position

Factor 2, Supervisory Controls

Factor 3, Guidelines

Factor 4, Complexity

Factor 5, Scope and Effect

Factor 6, Personal Contacts

Factor 7, Purpose of Contacts

Factor 8, Physical Demands

Factor 9, Work Environment

Factor Illustrations

Factor 1 Illustrations

Factor 4 Illustrations

Factor 5 Illustrations

Additional Information Technology Resources

Historical Record and Explanatory Material