To respond to increasing demand for skilled professionals, there is rapid, but unfocused, expansion in cybersecurity educational programs – without broad, universal expectations for graduates.  Broad skills based on the entire cyber domain are needed, and those skills need to be taught in the context of a well-understood disciplinary foundation.  Over the past decade, several universities have stepped up to deliver undergraduate programs in cybersecurity, but the growth in such programs has been slow due to little consensus on program name, objectives and scope.

Building on prior work by the NSA/DHS Centers of Academic Excellence, the NICE Cybersecurity Workforce Framework[1] and the Cyber Education Project initiative, ABET  has released proposed accreditation criteria for engineering programs for public review and comment. The program criteria for cybersecurity engineering will complement existing ABET Engineering Accreditation Commission (EAC) criteria for engineering programs and focus on fundamental knowledge and principles of cybersecurity cast into engineering discipline.

For those interested the path taken to this point in time, please see The History and Development of a “Cyber security” Program Criteria.

The recently approved cybersecurity engineering program criteria apply to engineering programs that include “security”, “cybersecurity”, “computer security”, “cyber operations”, “information assurance”, “information security”, or similar modifiers in their titles.*

  1. Curriculum

The structure of the curriculum must provide both breadth and depth across the range of engineering topics implied by the title of the program.

The curriculum must:

  • Include probability, statistics, and cryptographic topics including applications appropriate to the program.
  • Include discrete math and specialized math appropriate to the program, such as, abstract algebra, information theory, number theory, complexity theory, finite fields.
  • Include engineering topics necessary to analyze and design complex devices, software, and systems containing hardware, software and human components.

Provide both breadth and depth across the range of engineering and computer science topics necessary for the:

  • application of security principles and practices to the design, implementation, and operations of the physical, software, and human components of the system as appropriate to the program
  • application of protective technologies and forensic techniques
  • analyzing and evaluation of components and systems with respect to security and to maintaining operations in the presence of risks and threats
  • consideration of legal, regulatory, privacy, ethics, and human behavior topics as appropriate to the program
  1. Faculty

The program must demonstrate that faculty members teaching core engineering topics understand methods of engineering design, engineering problem solving, and engineering practice with specific relevance to security.

These program criteria provide a foundation for lifelong learning in a dynamic field. They provide a uniform set of sound principles to help students, employers and programs.

(Note: ABET is also releasing cybersecurity criteria to join other computing disciplines such as computer science, information systems and information technology.

You are encouraged to participate in the review and development of this criterion.

Please provide comments here:


[1] National Initiative for Cybersecurity Education, on the Internet at, accessed: August 31, 2017.

About ABET

ABET is a nonprofit, non-governmental organization recognized by the International Organization for Standardization (ISO). We accredit college and university programs in the disciplines of applied and natural science, computing, engineering and engineering technology at the associate, bachelor and master degree levels.

With ABET accreditation, students, employers, and the society we serve can be confident that a program meets the quality standards that produce graduates prepared to enter a global workforce. For more information visit