

114 S2007 IS: Federal Cybersecurity Workforce Assessment Act
U.S. Senate
2015-08-06
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



II114th CONGRESS1st SessionS. 2007IN THE SENATE OF THE UNITED STATESAugust 6, 2015Mr. Bennet (for himself and Mr. Portman) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental AffairsA BILLTo create a consistent framework to expedite the recruitment of highly qualified personnel who
			 perform information technology, cybersecurity, and cyber-related functions
			 to enhance cybersecurity across the Federal Government.
	
		1.Short
 titleThis Act may be cited as the Federal Cybersecurity Workforce Assessment Act.
 2.DefinitionsIn this Act: (1)Appropriate congressional committeesThe term appropriate congressional committees means—
 (A)the Committee on Armed Services of the Senate; (B)the Committee on Homeland Security and Governmental Affairs of the Senate;
 (C)the Committee on Armed Services in the House of Representatives; (D)the Committee on Homeland Security of the House of Representatives; and
 (E)the Committee on Oversight and Government Reform of House of Representatives. (2)DirectorThe term Director means the Director of the Office of Personnel Management.
 (3)RolesThe term roles has the meaning given the term in the National Initiative for Cybersecurity Education's Cybersecurity Workforce Framework.
			3.National Cybersecurity Workforce Measurement Initiative
 (a)In generalThe head of each Federal agency shall— (1)identify all positions within the agency that require the performance of information technology, cybersecurity, or other cyber-related functions; and
 (2)assign the corresponding employment code, which shall be added to the National Initiative for Cybersecurity Education’s National Cybersecurity Workforce Framework, in accordance with subsection (b).
				(b)Employment codes
				(1)Procedures
 (A)Coding structureNot later than 180 days after the date of the enactment of this Act, the Secretary of Commerce, acting through the National Institute of Standards and Technology, shall update the National Initiative for Cybersecurity Education's Cybersecurity Workforce Framework to include a corresponding coding structure.
 (B)Identification of civilian cyber personnelNot later than 9 months after the date of enactment of this Act, the Director, in coordination with the Director of National Intelligence, shall establish procedures to implement the National Initiative for Cybersecurity Education’s coding structure to identify all Federal civilian positions that require the performance of information technology, cybersecurity, or other cyber-related functions.
 (C)Identification of non-civilian cyber personnelNot later than 18 months after the date of enactment of this Act, the Secretary of Defense shall establish procedures to implement the National Initiative for Cybersecurity Education’s coding structure to identify all Federal non-civilian positions that require the performance of information technology, cybersecurity or other cyber-related functions.
 (D)Baseline assessment of existing cybersecurity workforceNot later than 3 months after the date on which the procedures are developed under subparagraphs (B) and (C), respectively, the head of each Federal agency shall submit to the appropriate congressional committees of jurisdiction a report that identifies—
 (i)the percentage of personnel with information technology, cybersecurity, or other cyber-related job functions who currently hold the appropriate industry-recognized certifications as identified in the National Initiative for Cybersecurity Education’s Cybersecurity Workforce Framework;
 (ii)the level of preparedness of other civilian and non-civilian cyber personnel without existing credentials to pass certification exams; and
 (iii)a strategy for mitigating any gaps identified in clause (i) or (ii) with the appropriate training and certification for existing personnel.
 (E)Procedures for assigning codesNot later than 3 months after the date on which the procedures are developed under subparagraphs (B) and (C), respectively, the head of each Federal agency shall establish procedures—
 (i)to identify all encumbered and vacant positions with information technology, cybersecurity, or other cyber-related functions (as defined in the National Initiative for Cybersecurity Education's coding structure); and
 (ii)to assign the appropriate employment code to each such position, using agreed standards and definitions.
 (2)Code assignmentsNot later than 1 year after the date after the procedures are established under paragraph (1)(E), the head of each Federal agency shall complete assignment of the appropriate employment code to each position within the agency with information technology, cybersecurity, or other cyber-related functions.
 (c)Progress reportNot later than 180 days after the date of enactment of this Act, the Director shall submit a progress report on the implementation of this section to the appropriate congressional committees.
			4.Identification of cyber-related roles of critical need
 (a)In generalBeginning not later than 1 year after the date on which the employment codes are assigned to employees pursuant to section 3(b)(2), and annually through 2022, the head of each Federal agency, in consultation with the Director and the Secretary of Homeland Security, shall—
 (1)identify information technology, cybersecurity, or other cyber-related roles of critical need in the agency’s workforce; and
 (2)submit a report to the Director that— (A)describes the information technology, cybersecurity, or other cyber-related roles identified under paragraph (1); and
 (B)substantiates the critical need designations. (b)GuidanceThe Director shall provide Federal agencies with timely guidance for identifying information technology, cybersecurity, or other cyber-related roles of critical need, including—
 (1)current information technology, cybersecurity, and other cyber-related roles with acute skill shortages; and
 (2)information technology, cybersecurity, or other cyber-related roles with emerging skill shortages.
 (c)Cybersecurity needs reportNot later than 2 years after the date of the enactment of this Act, the Director, in consultation with the Secretary of Homeland Security, shall—
 (1)identify critical needs for information technology, cybersecurity, or other cyber-related workforce across all Federal agencies; and
 (2)submit a progress report on the implementation of this section to the appropriate congressional committees.
				5.Government
 Accountability Office status reportsThe Comptroller General of the United States shall—
 (1)analyze and monitor the implementation of sections 3 and 4; and (2)not later than 3 years after the date of the enactment of this Act, submit a report to the appropriate congressional committees that describes the status of such implementation.