HR 2952 ENR: Cybersecurity Workforce Assessment Act
U.S. House of Representatives
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.
1.This Act may be cited as the Cybersecurity Workforce Assessment Act
.
2.In this Act—
(1)the term Cybersecurity Category means a position’s or incumbent’s primary work function involving cybersecurity, which is further defined by Specialty Area;
(2)the term Department means the Department of Homeland Security;
(3)the term Secretary means the Secretary of Homeland Security; and
(4)the term Specialty Area means any of the common types of cybersecurity work as recognized by the National Initiative for Cybersecurity Education’s National Cybersecurity Workforce Framework report.
3.Cybersecurity workforce assessment and strategy
(a)
(1)Not later than 180 days after the date of enactment of this Act, and annually thereafter for 3 years, the Secretary shall assess the cybersecurity workforce of the Department.
(2)The assessment required under paragraph (1) shall include, at a minimum—
(A)an assessment of the readiness and capacity of the workforce of the Department to meet its cybersecurity mission;
(B)information on where cybersecurity workforce positions are located within the Department;
(C)information on which cybersecurity workforce positions are—
(i)performed by—
(I)permanent full-time equivalent employees of the Department, including, to the greatest extent practicable, demographic information about such employees;
(II)independent contractors; and
(III)individuals employed by other Federal agencies, including the National Security Agency; or
(ii)vacant; and
(D)information on—
(i)the percentage of individuals within each Cybersecurity Category and Specialty Area who received essential training to perform their jobs; and
(ii)in cases in which such essential training was not received, what challenges, if any, were encountered with respect to the provision of such essential training.
(b)
(1)The Secretary shall—
(A)not later than 1 year after the date of enactment of this Act, develop a comprehensive workforce strategy to enhance the readiness, capacity, training, recruitment, and retention of the cybersecurity workforce of the Department; and
(B)maintain and, as necessary, update the comprehensive workforce strategy developed under subparagraph (A).
(2)The comprehensive workforce strategy developed under paragraph (1) shall include a description of—
(A)a multi-phased recruitment plan, including with respect to experienced professionals, members of disadvantaged or underserved communities, the unemployed, and veterans;
(B)a 5-year implementation plan;
(C)a 10-year projection of the cybersecurity workforce needs of the Department;
(D)any obstacle impeding the hiring and development of a cybersecurity workforce in the Department; and
(E)any gap in the existing cybersecurity workforce of the Department and a plan to fill any such gap.
(c)The Secretary submit to the appropriate congressional committees annual updates on—
(1)the cybersecurity workforce assessment required under subsection (a); and
(2)the progress of the Secretary in carrying out the comprehensive workforce strategy required to be developed under subsection (b).
4.Cybersecurity Fellowship ProgramNot later than 120 days after the date of enactment of this Act, the Secretary shall submit to the appropriate congressional committees a report on the feasibility, cost, and benefits of establishing a Cybersecurity Fellowship Program to offer a tuition payment plan for individuals pursuing undergraduate and doctoral degrees who agree to work for the Department for an agreed-upon period of time.
Speaker of the House of Representatives.Vice President of the United States and President of the Senate.