Public Law 113–246: To require the Secretary of Homeland Security to assess the cybersecurity workforce of the Department of Homeland Security and develop a comprehensive workforce strategy, and for other purposes. Public Law246 Public Law 113–246128 Stat. 2880 2014-12-18 2014-12-18 United States Government Publishing OfficeNational Archives and Records AdministrationOffice of the Federal Registertext/xmlENPursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain. GPO Locator to USLM Converter 4.15.31;Stage2.202507022026-01-03 113public ?2879PUBLIC LAW 113–246—DEC. 18, 2014 CYBERSECURITY WORKFORCE ASSESSMENT ACT 128 STAT. 2880 Public Law113–246 113th Congress
An Act To require the Secretary of Homeland Security to assess the cybersecurity workforce of the Department of Homeland Security and develop a comprehensive workforce strategy, and for other purposes.

Dec. 18, 2014

[H.R. 2952]

   Be it enacted by the Senate and House of Representa­tives of the United States of America in Congress assembled,

Cybersecurity Workforce Assessment Act.
SECTION 1.

6 USC 101 note.

SHORT TITLE.  This Act may be cited as the “Cybersecurity Workforce Assessment Act”.
SEC. 2.

6 USC 146 note.

DEFINITIONS.  In this Act—(1) the term “Cybersecurity Category” means a position’s or incumbent’s primary work function involving cybersecurity, which is further defined by Specialty Area; (2) the term “Department” means the Department of Homeland Security; (3) the term “Secretary” means the Secretary of Homeland Security; and (4) the term “Specialty Area” means any of the common types of cybersecurity work as recognized by the National Initiative for Cybersecurity Education’s National Cybersecurity Workforce Framework report.
SEC. 3. CYBERSECURITY WORKFORCE ASSESSMENT AND STRATEGY.(a)

Deadlines.

6 USC 146.

Workforce Assessment.(1) In general.—Not later than 180 days after the date of enactment of this Act, and annually thereafter for 3 years, the Secretary shall assess the cybersecurity workforce of the Department. (2) Contents.—The assessment required under paragraph (1) shall include, at a minimum—(A) an assessment of the readiness and capacity of the workforce of the Department to meet its cybersecurity mission; (B) information on where cybersecurity workforce positions are located within the Department; (C) information on which cybersecurity workforce positions are—(i) performed by—(I) permanent full-time equivalent employees of the Department, including, to the greatest extent practicable, demographic information about such employees;128 STAT. 2881 (II) independent contractors; and (III) individuals employed by other Federal agencies, including the National Security Agency; or (ii) vacant; and (D) information on—(i) the percentage of individuals within each Cybersecurity Category and Specialty Area who received essential training to perform their jobs; and (ii) in cases in which such essential training was not received, what challenges, if any, were encountered with respect to the provision of such essential training. (b) Workforce Strategy.—(1) In general.—The Secretary shall—(A) not later than 1 year after the date of enactment of this Act, develop a comprehensive workforce strategy to enhance the readiness, capacity, training, recruitment, and retention of the cybersecurity workforce of the Department; and (B) maintain and, as necessary, update the comprehensive workforce strategy developed under subparagraph (A). (2) Contents.—The comprehensive workforce strategy developed under paragraph (1) shall include a description of—(A) a multi-phased recruitment plan, including with respect to experienced professionals, members of disadvantaged or underserved communities, the unemployed, and veterans; (B) a 5-year implementation plan; (C) a 10-year projection of the cybersecurity workforce needs of the Department; (D) any obstacle impeding the hiring and development of a cybersecurity workforce in the Department; and (E) any gap in the existing cybersecurity workforce of the Department and a plan to fill any such gap. (c) Updates.—The Secretary submit to the appropriate congressional committees annual updates on—(1) the cybersecurity workforce assessment required under subsection (a); and (2) the progress of the Secretary in carrying out the comprehensive workforce strategy required to be developed under subsection (b).
SEC. 4. CYBERSECURITY FELLOWSHIP PROGRAM.  

Deadline.

Reports.

Not later than 120 days after the date of enactment of this Act, the Secretary shall submit to the appropriate congressional committees a report on the feasibility, cost, and benefits of establishing a Cybersecurity Fellowship Program to offer a tuition payment plan for individuals pursuing undergraduate and doctoral 128 STAT. 2882 degrees who agree to work for the Department for an agreed-upon period of time.
Approved December 18, 2014.
LEGISLATIVE HISTORYH.R. 2952: HOUSE REPORTS: ┐No. 113–324 (Comm. on Homeland Security). CONGRESSIONAL RECORD, Vol. 160 (2014):

July 28, considered and passed House.

Dec. 10, considered and passed Senate, amended.

Dec. 11, House concurred in Senate amendments.