The global skills and competency framework for the digital world
SFIA Monthly News - February 2026

SFIA Monthly News - February 2026

Chief Technology Officer shares their SFIA journey | New interactive tools | NIST CSF 2.0 to SFIA mapping | Capability development with NIST CSF and SFIA | Guidance and professional standard for SFIA-based skills profiles | AI governance and assurance

Topics

  1. Chief Technology Officer shares their SFIA journey — webinar recording now available
  2. Interactive tools for finding skills and building position descriptions
  3. Building SFIA-based skills profiles
  4. Professional standards for role-skills profiling using SFIA
  5. NIST Cybersecurity Framework (CSF) 2.0 to SFIA 9 skills mapping
  6. Maturity modelling, NIST CSF and SFIA
  7. AI governance and AI assurance

Chief Technology Officer shares their SFIA journey — webinar recording now available

This session shares a candid, practitioner-led account presented by Davie Gow, Chief Technology Officer at Arnold Clark. It focuses on what worked, what didn’t, and what had to change, with a clear aim of helping other organisations apply SFIA in a realistic way.

  • Learn how SFIA is being used to define role requirements, support recruitment, structure career pathways, and create a common language for digital skills.
  • The recording offers practical insight into implementing SFIA at scale in a large commercial organisation, relevant to organisations at any stage of their SFIA journey.  → Webinar recording and slides are now available
  • Our thanks to Davie Gow for sharing this story.

Interactive tools for finding skills and building position descriptions

Two new interactive tools are now available to help users apply SFIA more directly in their day-to-day work:

  • Interactive search: filter SFIA skills by levels, categories, subcategories, and roles.
  • Position description builder: create and export SFIA skills-based position descriptions, including role purpose, responsibilities, skills, behaviours, knowledge, qualifications, and key relationships.
  • The tools support practitioners and HR professionals in applying SFIA in practice, translating the framework into clear and usable job and role definitions.
  • We welcome feedback as we continue to refine and improve the tools.  → Explore the interactive tools

Building SFIA-based skills profiles

New guidance and resources are available to support the development of SFIA-based skills profiles, a core application of the framework.

  • Skills profiles map the skills required for a role or position to specific SFIA skills and levels, supporting recruitment, assessment, development, and career planning.
  • The guidance covers practical approaches, key decisions, and how to keep profiles aligned to organisational needs.
  • These resources support both those new to skills profiling and those reviewing existing approaches. 
  • This builds on the SFIA Foundation's ongoing commitment to supporting the community with practical, actionable guidance for applying the framework. → Explore the skills profiles guidance

Professional standards for role-skills profiling using SFIA

The skills profiling guidance is accompanied by new professional standards for those mapping roles to SFIA skills, including practitioners, consultants and tool providers.

  • It sets out the expected knowledge and competence for SFIA-based profiling and supports organisations in selecting qualified practitioners. It also includes guidance and cautions on the use of AI tools in support of this work.
  • Organisations commissioning SFIA-based profiling should ensure work is carried out by appropriately experienced people.
  • We encourage the community to engage with these standards and to use them as a basis for building confidence and consistency in how SFIA is applied. → Read the professional standards guidance

NIST Cybersecurity Framework (CSF) 2.0 to SFIA 9 skills mapping

A new mapping between NIST Cybersecurity Framework (CSF) 2.0 and SFIA 9 has been published, aligning the latest versions of these two widely used frameworks.

  • The mapping helps organisations identify the skills and levels of responsibility needed to implement and sustain cybersecurity practices. It supports workforce planning, skills gap analysis and targeted learning and development.
  • Organisations using NIST CSF can use this mapping to add a clear skills dimension to cybersecurity governance and risk management.
  • This adds to the SFIA Foundation’s set of alignments with recognised frameworks and standards. → View the NIST CSF 2.0 to SFIA 9 mapping

Maturity modelling, NIST CSF and SFIA

New guidance explains how SFIA can support maturity modelling and organisational capability development alongside the NIST CSF.

  • In practice, used together, NIST CSF describes what needs to be done, while SFIA describes the skills required and the level of responsibility involved.
  • This guidance is aimed at cybersecurity leaders, capability managers, and those responsible for building and benchmarking workforce capability. → Read the maturity modelling guidance

AI governance and AI assurance

SFIA’s new guidance on AI assurance and governance shows how its well-established skills framework can be used to describe and align roles that manage AI risk responsibly.

  • Rather than creating new job titles and new SFIA skills, SFIA connects existing professional skills and its seven levels of responsibility to the range of tasks needed in AI engineering, governance, change enablement and independent oversight.
  • The material also illustrates how familiar SFIA skills such as Governance (GOVN), Risk management (BURM) and Quality assurance (QUAS) play out in real-world AI assurance practice, offering organisations a common language to design roles, clarify accountability and integrate AI risk controls into existing skills strategies.
  • Read the AI governance and assurance guidelines

Thank you for your continued support of SFIA and the SFIA Foundation.