This page provides an introduction to global skill frameworks and provides a structured approach to help individuals and employers identify, develop, and assess the skills needed to comply with global skill regulations, especially when assessing a companies cybersecurity posture.
Each mapping illustrates how CompTIA's certifications and training programs empower learners and employers to meet and exceed the expectations of global skills directives.
The Cyber Resilience Act (CRA) is an EU regulation designed to strengthen the cybersecurity and resilience of digital products and services.
CRA entered into force on 10th December 2024, and requires manufacturers, software developers, importers and distributors to ensure that their products and software are able to withstand, respond to and recover from cyber threats and vulnerabilities throughout their entire lifecycle – this includes taking action against incidents such as cyber attacks, vulnerabilities, or system failures.
The main obligations introduced by the act will apply from 11th December 2027.
The Digital Operational Resilience Act (DORA) is an EU regulation aimed at enhancing the digital resilience of financial organisations.
DORA ensures that banks, insurance providers, investment firms, and other financial institutions are capable of withstanding, responding to, and recovering from disruptions to their ICT (Information and Communication Technology) systems, including incidents such as cyberattacks or system failures.
The European Cybersecurity Skills Framework (ECSF) is a tool to support the identification and articulation of tasks, competences, skills and knowledge associated with the roles of European cybersecurity professionals.
The ECSF summarises all cybersecurity-related roles into 12 profiles. It provides a common understanding of the relevant roles, competencies, skills and knowledge required, facilitates recognition of cybersecurity skills, and supports the design of cybersecurity-related training programmes.
The EU’s cybersecurity directive requires essential service operators and digital providers to strengthen security measures, manage network risks, and minimise incident impacts. Entities must implement risk analysis, cyber hygiene practices, and cybersecurity training.
Employees should be trained to identify risks and assess cyber risk management, ensuring a proactive approach to safeguarding critical systems and services.
The SFIA Foundation is an international non-profit organization dedicated to uniting the global tech community in the creation and ongoing enhancement of the SFIA Framework—an invaluable resource for all.
SFIA is recognized worldwide as the standard framework and common language for digital skills and competencies. It defines many of today’s most critical roles, including those in information and communications technology (ICT), data science and analytics, and information and cybersecurity, supporting professionals and organizations as they navigate the evolving technology landscape.