CPPJ

Abstract: The growing demand for rigorous, standardized cybersecurity education has made the NSA’s National Centers of Academic Excellence in Cybersecurity (NCAE-C) program a cornerstone in ensuring quality and consistency across institutions. The NCAE-C program for Cyber Defense utilizes the fundamental element Knowledge Unit (KU) to bundle learning outcomes and topics. Institutions designated a Center of Academic Excellence (CAE) under the NCAE-C program must validate at least one program of study (PoS) by mapping PoS courses to a specified number and set of KUs. This ensures that the CAE’s PoS includes foundational cybersecurity content and provides sufficient breadth and depth. A simplifying NCAE-C program guideline treats all KUs as equivalent for mapping and validation purposes, regardless of the number or difficulty of learning outcomes and topics. In this paper, we suggest that a more granular approach may be appropriate when comparing KUs. Using systematic counts of learning outcomes and topics, combined with Bloom’s Taxonomy weighting of cognitive verbs, we calculate curricular load scores for all 73 KUs in the CAE-CD program. These findings suggest that uniform treatment of KUs may unintentionally introduce inequities into CAE-CD program design, review, and evaluation. Recommendations include standardizing verb usage across KU documents and considering KU complexity when developing or revising program criteria. A more granular understanding of KU demands can enhance curriculum planning and strengthen both academic rigor and alignment with evolving cybersecurity needs.

Download this article: CPPJ - V5 N1 Page 17.pdf

Recommended Citation: Miller, K., Matthews, K., Clark, U.Y., Stoker, G., (2026). Excessive Equating: An Exploration of Knowledge Unit (KU) Curricular Load for CAE-CD Program Design and Evaluation. Cybersecurity Pedagogy and Practice Journal 5(1) pp 17-40. https://doi.org/10.62273/SYPT8785