[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[H.R. 2952 Enrolled Bill (ENR)]

        H.R.2952

                     One Hundred Thirteenth Congress

                                 of the

                        United States of America


                          AT THE SECOND SESSION

           Begun and held at the City of Washington on Friday,
           the third day of January, two thousand and fourteen


                                 An Act


 
      To require the Secretary of Homeland Security to assess the 
   cybersecurity workforce of the Department of Homeland Security and 
   develop a comprehensive workforce strategy, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
    This Act may be cited as the ``Cybersecurity Workforce Assessment 
Act''.
SEC. 2. DEFINITIONS.
    In this Act--
        (1) the term ``Cybersecurity Category'' means a position's or 
    incumbent's primary work function involving cybersecurity, which is 
    further defined by Specialty Area;
        (2) the term ``Department'' means the Department of Homeland 
    Security;
        (3) the term ``Secretary'' means the Secretary of Homeland 
    Security; and
        (4) the term ``Specialty Area'' means any of the common types 
    of cybersecurity work as recognized by the National Initiative for 
    Cybersecurity Education's National Cybersecurity Workforce 
    Framework report.
SEC. 3. CYBERSECURITY WORKFORCE ASSESSMENT AND STRATEGY.
    (a) Workforce Assessment.--
        (1) In general.--Not later than 180 days after the date of 
    enactment of this Act, and annually thereafter for 3 years, the 
    Secretary shall assess the cybersecurity workforce of the 
    Department.
        (2) Contents.--The assessment required under paragraph (1) 
    shall include, at a minimum--
            (A) an assessment of the readiness and capacity of the 
        workforce of the Department to meet its cybersecurity mission;
            (B) information on where cybersecurity workforce positions 
        are located within the Department;
            (C) information on which cybersecurity workforce positions 
        are--
                (i) performed by--

                    (I) permanent full-time equivalent employees of the 
                Department, including, to the greatest extent 
                practicable, demographic information about such 
                employees;
                    (II) independent contractors; and
                    (III) individuals employed by other Federal 
                agencies, including the National Security Agency; or

                (ii) vacant; and
            (D) information on--
                (i) the percentage of individuals within each 
            Cybersecurity Category and Specialty Area who received 
            essential training to perform their jobs; and
                (ii) in cases in which such essential training was not 
            received, what challenges, if any, were encountered with 
            respect to the provision of such essential training.
    (b) Workforce Strategy.--
        (1) In general.--The Secretary shall--
            (A) not later than 1 year after the date of enactment of 
        this Act, develop a comprehensive workforce strategy to enhance 
        the readiness, capacity, training, recruitment, and retention 
        of the cybersecurity workforce of the Department; and
            (B) maintain and, as necessary, update the comprehensive 
        workforce strategy developed under subparagraph (A).
        (2) Contents.--The comprehensive workforce strategy developed 
    under paragraph (1) shall include a description of--
            (A) a multi-phased recruitment plan, including with respect 
        to experienced professionals, members of disadvantaged or 
        underserved communities, the unemployed, and veterans;
            (B) a 5-year implementation plan;
            (C) a 10-year projection of the cybersecurity workforce 
        needs of the Department;
            (D) any obstacle impeding the hiring and development of a 
        cybersecurity workforce in the Department; and
            (E) any gap in the existing cybersecurity workforce of the 
        Department and a plan to fill any such gap.
    (c) Updates.--The Secretary submit to the appropriate congressional 
committees annual updates on--
        (1) the cybersecurity workforce assessment required under 
    subsection (a); and
        (2) the progress of the Secretary in carrying out the 
    comprehensive workforce strategy required to be developed under 
    subsection (b).
SEC. 4. CYBERSECURITY FELLOWSHIP PROGRAM.
    Not later than 120 days after the date of enactment of this Act, 
the Secretary shall submit to the appropriate congressional committees 
a report on the feasibility, cost, and benefits of establishing a 
Cybersecurity Fellowship Program to offer a tuition payment plan for 
individuals pursuing undergraduate and doctoral degrees who agree to 
work for the Department for an agreed-upon period of time.

                               Speaker of the House of Representatives.

                            Vice President of the United States and    
                                               President of the Senate.