[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 2007 Introduced in Senate (IS)]

114th CONGRESS
  1st Session
                                S. 2007

To create a consistent framework to expedite the recruitment of highly 
qualified personnel who perform information technology, cybersecurity, 
and cyber-related functions to enhance cybersecurity across the Federal 
                              Government.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             August 6, 2015

Mr. Bennet (for himself and Mr. Portman) introduced the following bill; 
which was read twice and referred to the Committee on Homeland Security 
                        and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
To create a consistent framework to expedite the recruitment of highly 
qualified personnel who perform information technology, cybersecurity, 
and cyber-related functions to enhance cybersecurity across the Federal 
                              Government.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Federal Cybersecurity Workforce 
Assessment Act''.

SEC. 2. DEFINITIONS.

    In this Act:
            (1) Appropriate congressional committees.--The term 
        ``appropriate congressional committees'' means--
                    (A) the Committee on Armed Services of the Senate;
                    (B) the Committee on Homeland Security and 
                Governmental Affairs of the Senate;
                    (C) the Committee on Armed Services in the House of 
                Representatives;
                    (D) the Committee on Homeland Security of the House 
                of Representatives; and
                    (E) the Committee on Oversight and Government 
                Reform of House of Representatives.
            (2) Director.--The term ``Director'' means the Director of 
        the Office of Personnel Management.
            (3) Roles.--The term ``roles'' has the meaning given the 
        term in the National Initiative for Cybersecurity Education's 
        Cybersecurity Workforce Framework.

SEC. 3. NATIONAL CYBERSECURITY WORKFORCE MEASUREMENT INITIATIVE.

    (a) In General.--The head of each Federal agency shall--
            (1) identify all positions within the agency that require 
        the performance of information technology, cybersecurity, or 
        other cyber-related functions; and
            (2) assign the corresponding employment code, which shall 
        be added to the National Initiative for Cybersecurity 
        Education's National Cybersecurity Workforce Framework, in 
        accordance with subsection (b).
    (b) Employment Codes.--
            (1) Procedures.--
                    (A) Coding structure.--Not later than 180 days 
                after the date of the enactment of this Act, the 
                Secretary of Commerce, acting through the National 
                Institute of Standards and Technology, shall update the 
                National Initiative for Cybersecurity Education's 
                Cybersecurity Workforce Framework to include a 
                corresponding coding structure.
                    (B) Identification of civilian cyber personnel.--
                Not later than 9 months after the date of enactment of 
                this Act, the Director, in coordination with the 
                Director of National Intelligence, shall establish 
                procedures to implement the National Initiative for 
                Cybersecurity Education's coding structure to identify 
                all Federal civilian positions that require the 
                performance of information technology, cybersecurity, 
                or other cyber-related functions.
                    (C) Identification of non-civilian cyber 
                personnel.--Not later than 18 months after the date of 
                enactment of this Act, the Secretary of Defense shall 
                establish procedures to implement the National 
                Initiative for Cybersecurity Education's coding 
                structure to identify all Federal non-civilian 
                positions that require the performance of information 
                technology, cybersecurity or other cyber-related 
                functions.
                    (D) Baseline assessment of existing cybersecurity 
                workforce.--Not later than 3 months after the date on 
                which the procedures are developed under subparagraphs 
                (B) and (C), respectively, the head of each Federal 
                agency shall submit to the appropriate congressional 
                committees of jurisdiction a report that identifies--
                            (i) the percentage of personnel with 
                        information technology, cybersecurity, or other 
                        cyber-related job functions who currently hold 
                        the appropriate industry-recognized 
                        certifications as identified in the National 
                        Initiative for Cybersecurity Education's 
                        Cybersecurity Workforce Framework;
                            (ii) the level of preparedness of other 
                        civilian and non-civilian cyber personnel 
                        without existing credentials to pass 
                        certification exams; and
                            (iii) a strategy for mitigating any gaps 
                        identified in clause (i) or (ii) with the 
                        appropriate training and certification for 
                        existing personnel.
                    (E) Procedures for assigning codes.--Not later than 
                3 months after the date on which the procedures are 
                developed under subparagraphs (B) and (C), 
                respectively, the head of each Federal agency shall 
                establish procedures--
                            (i) to identify all encumbered and vacant 
                        positions with information technology, 
                        cybersecurity, or other cyber-related functions 
                        (as defined in the National Initiative for 
                        Cybersecurity Education's coding structure); 
                        and
                            (ii) to assign the appropriate employment 
                        code to each such position, using agreed 
                        standards and definitions.
            (2) Code assignments.--Not later than 1 year after the date 
        after the procedures are established under paragraph (1)(E), 
        the head of each Federal agency shall complete assignment of 
        the appropriate employment code to each position within the 
        agency with information technology, cybersecurity, or other 
        cyber-related functions.
    (c) Progress Report.--Not later than 180 days after the date of 
enactment of this Act, the Director shall submit a progress report on 
the implementation of this section to the appropriate congressional 
committees.

SEC. 4. IDENTIFICATION OF CYBER-RELATED ROLES OF CRITICAL NEED.

    (a) In General.--Beginning not later than 1 year after the date on 
which the employment codes are assigned to employees pursuant to 
section 3(b)(2), and annually through 2022, the head of each Federal 
agency, in consultation with the Director and the Secretary of Homeland 
Security, shall--
            (1) identify information technology, cybersecurity, or 
        other cyber-related roles of critical need in the agency's 
        workforce; and
            (2) submit a report to the Director that--
                    (A) describes the information technology, 
                cybersecurity, or other cyber-related roles identified 
                under paragraph (1); and
                    (B) substantiates the critical need designations.
    (b) Guidance.--The Director shall provide Federal agencies with 
timely guidance for identifying information technology, cybersecurity, 
or other cyber-related roles of critical need, including--
            (1) current information technology, cybersecurity, and 
        other cyber-related roles with acute skill shortages; and
            (2) information technology, cybersecurity, or other cyber-
        related roles with emerging skill shortages.
    (c) Cybersecurity Needs Report.--Not later than 2 years after the 
date of the enactment of this Act, the Director, in consultation with 
the Secretary of Homeland Security, shall--
            (1) identify critical needs for information technology, 
        cybersecurity, or other cyber-related workforce across all 
        Federal agencies; and
            (2) submit a progress report on the implementation of this 
        section to the appropriate congressional committees.

SEC. 5. GOVERNMENT ACCOUNTABILITY OFFICE STATUS REPORTS.

    The Comptroller General of the United States shall--
            (1) analyze and monitor the implementation of sections 3 
        and 4; and
            (2) not later than 3 years after the date of the enactment 
        of this Act, submit a report to the appropriate congressional 
        committees that describes the status of such implementation.
                                 <all>