US Cyber Open
Call for CTFs

If selected, each CTF developer will be responsible for submitting a total of six (6) challenges.

• Five (5) beginner/intermediate-level challenges in a single category
• One (1) difficult-level challenge that spans 2+ categories.

Challenge developers will also be required to submit documentation/video on how to successfully complete the challenges.

*We are unable to accept applications from organizations or individuals who are on sanctions lists, or who are in countries (including but not limited to Cuba, Iran, Lebanon, Libya, North Korea, Russia, Sudan, Syria and Somalia) on sanctions lists, or from countries in violation of business relationships held by US Cyber Games sponsors. Based on where you live there may be additional restrictions on our ability to accept an application. The decision as to whether or not to include your application is entirely at our discretion.

• Cryptography
• Forensics
• Networking
• Reconnaissance 
• Binary Exploitation/Reverse Engineering
• Web 

When applying, you will be asked to rank the categories in order of your preference.

Categories will be assigned on a first-come, first-served basis.

Challenge assignments confirmed and communicated: Friday, April 22nd,  5:00 PM EDT.

Challenge Submission Deadline: 

• Beginner/Intermediate Challenge Deadline: Friday, May 20th
• Difficult Challenge Deadline: Friday, June 3rd

Challenge Testing Window: Friday, June 10th - Friday, June 24th

CTF challenge developers have the option to create hosted and/or non-hosted challenges.

All challenges will be delivered through the U.S. Cyber Range of Virginia Tech.

For hosted challenges, developers will need to submit the following: 

• Challenge title/name
• Challenge description
• Challenge category 
• Point value -  standard point values range from 5 points (entry-level challenge) to 200 points (very difficult challenge). 
• Flag - this can be a string or regular expression. Multiple flags can be specified in a challenge. Regular expressions are preferred for flags.

Additionally,  developers will need to either:

a.) commit to submitting challenges in accordance with CTF-d development requirements, or

b.) host the challenges internally with the ability to provide unique URLs to each challenge.

For non-hosted challenges, developers will need to submit the following:

• Challenge title/name
• Challenge description
• Challenge category 
• Point value -  standard point values range from 5 points (entry-level challenge) to 200 points (very difficult challenge). 
• Flag - this can be a string or regular expression. Multiple flags can be specified in a challenge. Regular expressions are preferred for flags.

The Workforce Framework for Cybersecurity (NICE Framework), provides a set of building blocks for describing the tasks, knowledge, and skills that are needed to perform cybersecurity work by individuals as well as teams.

In part, the NICE Framework is comprised of 52 Work Roles, each comprised of one or more Task statements.

US Cyber Open CTF challenge developers are required to map their challenges to the NICE Framework in one of two ways: 

1. Minimum Alignment: NICE Work Role(s) 
2. Preferred Alignment: Minimum Alignment + NICE Task Statements

A listing of Work Roles and their related Task statements can be found in the NICE Framework Reference Spreadsheet (Click here to download the Excel file).

If you need help with mapping your CTF to the NICE Framework, please contact us at info@uscybergames.com. 

You can also contact the NICE Framework team at NICEFramework@nist.gov with any questions or concerns, or for support in mapping challenges to the NICE Framework.

Learn more about the NICE Framework at www.nist.gov/nice/framework.