TheHomeland Security Exercise and Evaluation Program (HSEEP)is built on aCapability-basedplanning philosophy. This approach shifts the focus from preparing for specific scenarios (like "Hurricane Katrina") to building a set ofCore Capabilitiesthat are applicable across any disaster type. This ensures that a community is prepared for "all hazards" by possessing the essential tools, skills, and resources needed to respond to any event.
Under theNational Preparedness Goal, FEMA identifies 32 Core Capabilities, such as "Operational Communications," "Mass Care Services," and "Public Information and Warning." The HSEEP philosophy mandates that exercises are designed to test these specific capabilities. For example, rather than just running a
"fire drill," a capability-based exercise would specifically evaluate the "Search and Rescue" and "Fire Management" capabilities. If an exercise identifies a gap in "On-Scene Security," the jurisdiction then knows exactly where to direct its funding and training.
This differs from a "Function" philosophy (Option A), which is more about the internal organizational structure (like the ICS sections), and a "Response" philosophy (Option B), which is purely reactive.
Capability-based planning is proactive and measurable. For theCEDPprofessional, HSEEP provides the standardized methodology to "measure" readiness. By using Capability-based planning, emergency managers can justify grant requests by demonstrating that they are building a specific, federally recognized capability that is currently missing or deficient in their community.

Under the Occupational Safety and Health Administration (OSHA) standard29 CFR 1910.120(q)(6)(ii), individuals who respond to releases or potential releases of hazardous substances as part of the initial response for the purpose of protecting nearby persons, property, or the environment are classified asFirst Responder Operations (FRO) Level. For these individuals, including those tasked with decontaminating disaster victims, OSHA mandates a minimum of8 hoursof initial training or sufficient experience to objectively demonstrate competency.
The First Responder Operations level is distinct from the Awareness level (which has no hourly minimum) and the Technician level (which requires 24 hours). FRO-level responders are trained to respond in a defensive fashion without actually trying to stop the release. Their primary functions include containing the release from a safe distance, keeping it from spreading, and preventing exposures. This includes the setup and operation of decontamination corridors. The training must cover the implementation of the employer's emergency response plan, knowledge of basic hazard and risk assessment techniques, and the ability to select and use proper personal protective equipment (PPE) provided to the first responder operations level.
Furthermore, according to theIBFCSM CEDPguidelines, maintaining safety during the decontamination process is paramount to prevent secondary contamination of medical facilities and personnel. This 8-hour training ensures that responders understand the physical and health hazards associated with various chemical classes and the technical procedures for "gross decontamination" versus "technical decontamination." Once the initial 8-hour requirement is met, OSHA also requires annual refresher training of sufficient content and duration to maintain that level of competency. Failure to provide this minimum level of training for personnel involved in victim decontamination is a significant regulatory violation and poses a direct threat to the safety of the emergency response team.

Under theNational Preparedness Goal, FEMA identifies 32 Core Capabilities.7Most of these capabilities are specific to one or two mission areas (Prevention, Protection, Mitigation, Response, or Recovery). However, there are three "cross-cutting" capabilities that are common to all five mission areas:Planning,Public Information and Warning(Option A), andOperational Coordination(Option B).Intelligence(specifically
"Intelligence and Information Sharing"), however, is not a cross-cutting capability; it is primarily focused on thePreventionandProtectionmission areas.
The logic behind this distinction is that every phase of a disaster requires a plan, every phase requires the coordination of agencies, and every phase requires the dissemination of information to the public. However,
"Intelligence" in the homeland security context refers specifically to the collection and analysis of information related toadversarial threats(terrorism). While "information sharing" is important in all areas, the specific
"Intelligence" core capability involves law enforcement and intelligence community protocols designed to
"stop" an attack before it happens (Prevention) or "harden" a target against a known threat (Protection).
For aCEDPprofessional, understanding which capabilities are "cross-cutting" is essential forIntegrated Planning. For example, if you are writing a Mitigation Plan, youmustinclude Public Information and Operational Coordination elements because they are foundational to the mission.8However, you would not typically include "Intelligence" protocols in a long-term flood mitigation plan. This classification ensures that resources are allocated efficiently and that the "intelligence" community can focus its specialized tools on adversarial threats while the broader emergency management community focuses on the functional coordination required for all hazards.

According to theNational Preparedness Goaland theNational Protection Framework, the goal of theProtectionmission area is tosecure the homeland against terrorism or natural disasters.5This mission area focuses on the capabilities necessary to secure the nation against acts of terrorism and man-made or natural disasters. It is one of the five mission areas (Prevention, Protection, Mitigation, Response, and Recovery) that comprise the whole-community approach to emergency management.
The distinction between "Prevention" and "Protection" is a common point of testing in theCEDPcurriculum.
Prevention(Option A) refers specifically to the capabilities necessary to avoid, prevent, or stop athreatened or actual act of terrorism.6Protection, however, is broader and more defensive. It involves "steady-state" activities such as cybersecurity, infrastructure protection, and border security. While Prevention is focused on theadversary, Protection is focused on theassetsand the systems that keep a community safe from all hazards.
Option B describes a hybrid of Mitigation and Response. The formal definition of the Protection goal emphasizes "securing" and "guarding." Key core capabilities within the Protection mission area include Physical Protective Measures, Cybersecurity, and Access Control/Identity Verification.7By achieving the goal of Protection, emergency managers reduce the vulnerability of critical infrastructure (such as power grids and water systems), thereby increasing the community's overall resilience. This ensures that even if a threat manifests, the "hardened" nature of the community's systems prevents a minor incident from cascading into a national disaster.

TheTiered Responseis the fundamental organizational concept of theNational Response Framework (NRF). It is based on the principle that all incidents begin and end locally. When local resources are overwhelmed, they request assistance from the state, and when state resources are overwhelmed, they request federal assistance.
If an emergency response attempted to operate outside the content parameters of the NRF, theTiered Responsestructure would fail, leading to jurisdictional chaos and the misallocation of life-saving resources.
Without the standardized "rules of engagement" provided by the NRF, federal agencies might attempt to take control of a local scene without invitation (violating the principle of state sovereignty), or local agencies might wait for federal help that hasn't been officially requested. The NRF provides the legal and operational
"bridge" that allows these different layers of government to stack on top of each other seamlessly.
For aCEDPcandidate, understanding the Tiered Response is essential for managing expectations and resource timelines. You cannot jump directly to "Federal" support without following the tiered protocols. Concepts like
"Readiness to act" (Option C) and "Coalition planning" (Option A) are important, but they can exist independently of the NRF's specific national structure. However, theintegratedTiered Response is unique to the NRF/NIMS doctrine. If the NRF parameters are ignored, the "Bottom-Up" approach-which ensures that the people closest to the incident maintain command-is replaced by an inefficient "Top-Down" approach that historically fails during complex, large-scale disasters.