[Senate Report 116-254]
[From the U.S. Government Publishing Office]


                                                      Calendar No. 515
116th Congress      }                                   {       Report
                                 SENATE
 2d Session         }                                   {      116-254
_______________________________________________________________________

                                     


 HARVESTING AMERICAN CYBERSECURITY KNOWLEDGE THROUGH EDUCATION ACT OF 
                                  2019

                               __________

                              R E P O R T

                                 of the

           COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                                   on

                                S. 2775









[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]








                August 12, 2020.--Ordered to be printed 
                
                
                              ________
                              
                              
                  U.S. GOVERNMENT PUBLISHING OFFICE
                  
99-010                 WASHINGTON : 2020                 
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
                
       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION
                     one hundred sixteenth congress
                             second session

                 ROGER F. WICKER, Mississippi, Chairman
JOHN THUNE, South Dakota             MARIA CANTWELL, Washington
ROY BLUNT, Missouri                  AMY KLOBUCHAR, Minnesota
TED CRUZ, Texas                      RICHARD BLUMENTHAL, Connecticut
DEB FISCHER, Nebraska                BRIAN SCHATZ, Hawaii
JERRY MORAN, Kansas                  EDWARD J. MARKEY, Massachusetts
DAN SULLIVAN, Alaska                 TOM UDALL, New Mexico
CORY GARDNER, Colorado               GARY C. PETERS, Michigan
MARSHA BLACKBURN, Tennessee          TAMMY BALDWIN, Wisconsin
SHELLEY MOORE CAPITO, West Virginia  TAMMY DUCKWORTH, Illinois
MIKE LEE, Utah                       JON TESTER, Montana
RON JOHNSON, Wisconsin               KYRSTEN SINEMA, Arizona
TODD C. YOUNG, Indiana               JACKY ROSEN, Nevada
RICK SCOTT, Florida
                       John Keast, Staff Director
               David Strickland, Minority Staff Director 
               
               
               
               
               
               
               
               
               
               
               
               
               
               
               
               
               
               
               
               
                                                      Calendar No. 515
116th Congress      }                                   {       Report
                                 SENATE
 2d Session         }                                   {      116-254

======================================================================



 
 HARVESTING AMERICAN CYBERSECURITY KNOWLEDGE THROUGH EDUCATION ACT OF 
                                  2019

                                _______
                                

                August 12, 2020.--Ordered to be printed

                                _______
                                

       Mr. Wicker, from the Committee on Commerce, Science, and 
                Transportation, submitted the following

                              R E P O R T

                         [To accompany S. 2775]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Commerce, Science, and Transportation, to 
which was referred the bill (S. 2775) to improve the cyber 
workforce of the United States, and for other purposes, having 
considered the same, reports favorably thereon with amendments 
and recommends that the bill (as amended) do pass.

                          Purpose of the Bill

    The Harvesting American Cybersecurity Knowledge through 
Education (HACKED) Act of 2019 is intended to improve the 
cybersecurity workforce of public and private sectors.

                          Background and Needs

    Cybersecurity risks impact the United States' economic and 
national security. The cost of malicious cyber activity to the 
U.S. economy in 2016 is estimated at $57 billion to $109 
billion.\1\ In addition, the U.S. Government Accountability 
Office declared cybersecurity as a ``high risk issue'' given 
the threats to Federal networks, the Nation's critical 
infrastructure, and personal information of individuals.\2\ 
Despite the growing cybersecurity risks facing the United 
States, the government and private sector are facing a shortage 
of cybersecurity workers. According to CyberSeek, a project 
supported by the National Initiative for Cybersecurity 
Education (NICE), as of 2018, there are more than 300,000 
unfilled cybersecurity jobs in the United States. It is 
projected there will be 500,000 total unfilled positions by 
2021.\3\\4\ In addition, a recent survey by the International 
Information Security Certification Consortium (ISC)\2\, a 
cybersecurity professionals organization, found that 63 percent 
of industry faces a shortage of cybersecurity employees.\5\
---------------------------------------------------------------------------
    \1\The Council of Economic Advisers, ``The Cost of Malicious Cyber 
Activity to the U.S. Economy,'' February 2018 (https://
www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-Malicious-
Cyber-Activity-to-the-U.S.-Economy.pdf) (accessed Apr. 17, 2020).
    \2\U.S. Government Accountability Office, ``Cybersecurity 
Challenges Facing the Nation--High Risk Issue'' (https://www.gao.gov/
key_issues/ensuring_security_federal_information_systems/
issue_summary#t=0) (accessed Apr. 17, 2020).
    \3\CyberSeek, ``Cybersecurity Supply/Demand Heat Map'' (https://
www.cyberseek.org/heatmap.html).
    \4\U.S. Bureau of Labor Statistics, ``Employment by Detailed 
Occupation'' (https://www.bls.gov/emp/tables/emp-by-detailed-
occupation.htm) (accessed Apr. 17, 2020).
    \5\(ISC)\2\, ``Cybersecurity Professionals Focus on Developing New 
Skills as Workforce Gap Widens,'' 2018 (www.isc2.org/-/media/ISC2/
Research/2018-ISC2-Cybersecurity-Workforce-
Study.ashx?la=en&hash=4E09681D 0FB51698D9BA6BF13EEABFA48BD17DB0) 
(accessed Apr. 17, 2020).
---------------------------------------------------------------------------
    In response to the 2017 Presidential Executive Order on 
Strengthening the Cybersecurity of Federal Networks and 
Critical Infrastructure,\6\ the Department of Commerce (DOC) 
and Department of Homeland Security (DHS) issued a report\7\ 
with recommendations to improve the cybersecurity workforce in 
the public and private sectors. The report issued a number of 
findings, including the following:

    \6\Executive Order 13800, 82 FR 22391 (2017).
    \7\U.S. Department of Commerce and U.S. Department of Homeland 
Security, ``A Report to the President on Supporting the Growth and 
Sustainment of the Nation's Cybersecurity Workforce: Building the 
Foundation for a More Secure American Future,'' May 10, 2018. p. 2 
(https://csrc.nist.gov/publications/detail/white-paper/2018/05/30/
supporting-growth-and-sustainment-of-the-cybersecurity-workforce/final) 
(accessed Apr. 17, 2020).

   The United States needs immediate and sustained improvements 
        in its cybersecurity workforce situation.
   Employers increasingly are concerned about the relevance of 
        cybersecurity-related education programs in meeting the needs 
        of their organizations.
   Expanding the pool of cybersecurity candidates by retraining 
        those employed in non-cybersecurity fields and by increasing 
        the participation of women, minorities, and veterans as well as 
        students in primary through secondary school is needed and 
        represents significant opportunities.
   There is an apparent shortage of knowledgeable and skilled 
        cybersecurity teachers at the primary and secondary levels, 
        faculty in higher education, and training instructors.
   Hiring considerations--including lengthy security clearance 
        delays and onboarding processes--severely affect the 
        sufficiency of the cybersecurity workforce.
   Comprehensive and reliable data about cybersecurity 
        workforce position needs and education and training programs is 
        lacking--even though the general context and urgency of the 
        situation are obvious.

    The report also included a number of recommended actions, 
many of which are required by the May 2019 Executive Order on 
America's Cybersecurity Workforce.\8\ Several recommendations, 
including improvements to align education and training with 
employers' cybersecurity workforce needs by applying the NICE 
Workforce Framework, developing cybersecurity career model 
paths, and authorizing Multistakeholder Regional Alliances are 
included in this legislation.
---------------------------------------------------------------------------
    \8\Executive Order 13870, 84 FR 20523 (2019).
---------------------------------------------------------------------------
    NICE, led by the National Institute of Standards and 
Technology (NIST), serves as the lead for working with the 
government and public sectors on issues pertaining to 
cybersecurity education, training, and workforce development. 
NICE developed the NICE Cybersecurity Workforce Framework (NIST 
Special Publication 800-181), ``a national focused resource 
that categorizes and describes cybersecurity work''.\9\ Similar 
to the well-known Framework for Improving Critical 
Infrastructure Cybersecurity, the NICE Framework establishes 
common taxonomy and definitions for cybersecurity work, which 
is intended to be used by public, private, and academic 
sectors. NIST also convenes Federal agencies, through the NICE 
Interagency Coordinating Council, to coordinate Federal 
programs related to cybersecurity workforce,\10\ which would be 
enhanced under this legislation. The May 2019 Executive Order 
on America's Cybersecurity Workforce encouraged the adoption of 
the NICE Framework by both the private and public sectors.
---------------------------------------------------------------------------
    \9\National Institute of Standards and Technology, ``NICE 
Cybersecurity Workforce Framework'' (https://www.nist.gov/itl/applied-
cybersecurity/nice/resources/nice-cybersecurity-
workforce-framework) (accessed Apr. 17, 2020).
    \10\National Institute of Standards and Technology, ``NICE 
Interagency Coordinating Council'' (ICC) (https://www.nist.gov/itl/
applied-cybersecurity/nice/about/interagency-coordinating-council) 
(accessed Apr. 17, 2020).
---------------------------------------------------------------------------
    In October, the Office of Science and Technology Policy 
(OSTP) reported that there are more than 100 Federal programs 
for STEM education with a budget of over $3.2 billion.\11\ 
These programs focus broadly on STEM education, but only a few 
focus on cybersecurity. The National Security Agency and the 
Department of Homeland Security designate 2-year, 4-year, and 
graduate-level schools as Centers of Academic Excellence (CAE) 
with three types of cyber designations (cyber defense 
education, cyber defense research, and cyber operations). There 
are currently over 270 CAEs across 48 States, 9 of which hold 
all 3 designations.\12\ The National Science Foundation (NSF) 
CyberCorps Scholarship-for-Service program provides 
scholarships to students in exchange for service after 
graduation in a Federal, State, local, or Tribal government 
organization for a period equal to the length of the 
scholarship. Over 3,000 students have entered the CyberCorps 
program since it began in 2011, and have been placed in more 
than 140 Federal agencies and departments.\13\ The program was 
last amended by the National Defense Authorization Act for 
Fiscal Year 2018,\14\ which directed a pilot program to expand 
the scholarships to community colleges. Despite the growing 
need for cybersecurity professionals, there is a shortage of 
skilled cybersecurity educators. The Computing Research 
Association estimates that in 2018 only 14 of the approximately 
100 Ph.D. graduates secured tenure-track jobs in academia.\15\ 
Further, half of 2-year CAE designated schools have current 
vacancies for cybersecurity faculty.\16\
---------------------------------------------------------------------------
    \11\Office of Science and Technology Policy, ``Progress Report on 
the Federal Implementation of the STEM Education Strategic Plan,'' 
October 2019 (https://www.whitehouse.gov/wp-
content/uploads/2019/10/Progress-Report-on-the-Federal-Implementation-
of-the-STEM-
Education-Strategic-Plan.pdf) (accessed Apr. 17, 2020).
    \12\CAE in Cybersecurity Community, ``CAE Institution Map'' 
(https://www.caecommunity.org/content/cae-institution-map) (accessed 
Apr. 17, 2020).
    \13\CyberCorps Scholarship for Service, ``History/Overview'' 
(https://www.sfs.opm.gov/
Overview-History.aspx) (accessed Apr. 17, 2020).
    \14\Pub. L. 115-91.
    \15\Stuart Zweben and Betsy Bizot, ``2018 Taulbee Survey, Undergrad 
Enrollment Continues Upward; Doctoral Degree Production Declines but 
Doctoral Enrollment Rises'' (https://cra.org/wp-content/uploads/2019/
05/2018_Taulbee_Survey.pdf) (accessed Apr. 17, 2020).
    \16\Alicia Modestino and Walter McHugh, Educator Shortage Problem 
Found in the 2017 CAE Cybersecurity Survey (https://
aliciasassermodestino.com/wp-content/uploads/2019/04/2018-NAS-
Cybersecurity-Survey-Report-1.pdf) (accessed May 5, 2020).
---------------------------------------------------------------------------

                         Summary of Provisions

    The legislation would amend science education and 
cybersecurity programs at NIST, NSF, the National Aeronautics 
and Space Administration (NASA), and the U.S. Department of 
Transportation (DOT). Specifically, it would do the following:
   Incentivize recruitment of cybersecurity teachers by 
        expanding the NSF CyberCorps Scholarship-for-Service to 
        allow for students to fulfill their service obligation 
        as teachers. Currently the program requires government 
        employment. It would also support cybersecurity camps 
        for K-12 students and teachers.
   Align education and training with cybersecurity 
        workforce needs by authorizing Regional Alliances and 
        Multistakeholder Partnerships to fund partnerships 
        between local employers with educational institutions 
        to fill local cybersecurity workforce needs and 
        directing the improvement of metrics to track and 
        measure cybersecurity workforce needs across the 
        Nation. It would also amend NSF, NASA, and DOT 
        education programs to include cybersecurity as an 
        explicit component.
   Design clear paths in the cybersecurity workforce 
        and educate Federal employees by identifying model 
        career paths for various cybersecurity work roles; 
        identifying tools for assessing skills and capabilities 
        of workers; conducting research on the integration of 
        computer science and cybersecurity; and developing 
        standards on cybersecurity awareness for Federal 
        agencies.
   Increase coordination in Federal cyber workforce 
        programs by directing an existing OSTP interagency 
        working group to coordinate Federal cyber workforce 
        programs and codify NIST as the agency responsible for 
        leading interagency efforts on such coordination.

                          Legislative History

    S. 2775 was introduced on November 5, 2019, by Senator 
Wicker (for himself and Senators Cantwell, Thune, and Rosen) 
and was referred to the Committee on Commerce, Science, and 
Transportation of the Senate. On November 13, 2019, the 
Committee met in open Executive Session and, by voice vote, 
ordered S. 2775 reported favorably with an amendment. The 
Committee approved an amendment from Senators Thune, Klobuchar, 
and Rosen which would require the Director of NIST to establish 
a voluntary cybersecurity exchange program.

                            Estimated Costs

    In accordance with paragraph 11(a) of rule XXVI of the 
Standing Rules of the Senate and section 403 of the 
Congressional Budget Act of 1974, the Committee provides the 
following cost estimate, prepared by the Congressional Budget 
Office:




    S. 2775 would require the National Institute of Standards 
and Technology (NIST) to expand its efforts under the National 
Initiative for Cybersecurity Education. The bill would require 
the agency to coordinate federal research on the skills 
cybersecurity workers need in critical infrastructure sectors 
and to measure the effectiveness of federal programs directed 
at expanding and advancing the cybersecurity workforce. The 
bill also would require NIST to identify career pathways for 
cybersecurity professionals in government and private industry. 
Under S. 2775, NIST would award grants each year to entities to 
form public-private partnerships to expand and advance the 
cybersecurity workforce at the local level.
    CBO estimates that implementing S. 2775 would cost $57 
million over the 2020-2025 period, assuming appropriation of 
the estimated amounts. The costs of the bill, detailed in Table 
1, fall within budget function 370 (commerce and housing 
credit).
    For this estimate, CBO assumes that the bill will be 
enacted in fiscal year 2020. Under that assumption, the agency 
could incur some costs in 2020, but CBO expects that most of 
the costs would be incurred in 2021 and later.

                TABLE 1.--ESTIMATED INCREASES IN SPENDING SUBJECT TO APPROPRIATION UNDER S. 2775
----------------------------------------------------------------------------------------------------------------
                                                          By fiscal year, millions of dollars--
                                        ------------------------------------------------------------------------
                                           2020      2021      2022      2023      2024      2025     2020-2025
----------------------------------------------------------------------------------------------------------------
Total Changes
Estimated Authorization................         *        15        13        14        14        15           71
Estimated Outlays......................         *         6        10        13        14        14           57
----------------------------------------------------------------------------------------------------------------
* = between zero and $500,000.

    Using information from NIST, CBO estimates the agency would 
obligate about $10 million in grants each year beginning in 
2021 (the equivalent of a $200,000 grant in each state) and 
that related administrative costs would be about $2 million a 
year. CBO expects that the grants would outlay within a few 
years of obligation. In total, CBO estimates that providing 
grants and administering the new program would cost about $50 
million over the 2020-2025 period. In addition, CBO estimates 
that it would cost NIST about $7 million over the 2020-2025 
period to hire scientists, engineers, and contractors to 
fulfill other requirements under the bill related to improving 
the cybersecurity workforce.
    The bill would direct several other federal agencies to 
advance cybersecurity research, education, and workforce 
development efforts. CBO estimates that any additional costs 
incurred by those agencies to fulfill the bill's requirements 
would be insignificant.
    The CBO staff contact for this estimate is David Hughes. 
The estimate was reviewed by H. Samuel Papenfuss, Deputy 
Director of Budget Analysis.

                      Regulatory Impact Statement

    In accordance with paragraph 11(b) of rule XXVI of the 
Standing Rules of the Senate, the Committee provides the 
following evaluation of the regulatory impact of the 
legislation, as reported:

                       number of persons covered

    S. 2775 would amend a number of existing programs at NIST, 
NSF, NASA, and DOT, which involve grants and cooperative 
agreements with academia and industry. However, the bill would 
not authorize any new regulations and therefore would not 
subject any individuals or organizations to new regulations.

                            economic impact

    S. 2775 is not expected to have an adverse impact on the 
Nation's economy as it is expected to improve cybersecurity 
workforce-related jobs in the public and private sectors.

                                privacy

    S. 2775 is not expected to have an impact on the personal 
privacy of individuals.

                               paperwork

    S. 2775 would require NICE to submit a report to Congress 
on the scope and sufficiency of efforts to measure 
cybersecurity learners capabilities to perform specific 
cybersecurity tasks at all proficiency levels. The bill would 
also require participants in the regional multistakeholder 
alliance cooperative agreements to submit reports on efforts 
under the program.

                   Congressionally Directed Spending

    In compliance with paragraph 4(b) of rule XLIV of the 
Standing Rules of the Senate, the Committee provides that no 
provisions contained in the bill, as reported, meet the 
definition of congressionally directed spending items under the 
rule.

                      Section-by-Section Analysis


Section 1. Short title

    This section would provide that the bill may be cited as 
the ``Harvesting American Cybersecurity Knowledge through 
Education Act of 2019'' or ``HACKED Act of 2019''.

Section 2. Improving national initiative for cybersecurity education

    This section would make a series of amendments to NICE 
within NIST. The section would direct NIST to coordinate 
interagency efforts to identify cybersecurity workforce skill 
gaps in public and private sectors, coordinate existing Federal 
cybersecurity workforce programs, promote the National Security 
Agency and DHS designated National Centers of Academic 
Excellence in Cybersecurity, consider needs for cybersecurity 
workforce in critical infrastructure, and develop metrics for 
measuring the effectiveness of current cybersecurity workforce 
programs and initiatives. This section would also establish a 
voluntary talent exchange of cybersecurity employees between 
NIST and private sector or research institutions, as the 
Director considers feasible. In carrying out the NICE effort, 
this section would direct a report identifying multiple 
cybersecurity career pathways in private and public sectors, 
including noncompetitive hiring pathways in the Federal 
Government and evaluation of efforts to measure proficiency to 
perform cybersecurity tasks.
    The section would further authorize Regional Alliances and 
Multistakeholder Partnerships to address the workforce needs of 
local communities in order to support job driven education and 
training programs. The section would define the requirements 
for the cooperative agreements including outlining eligible 
regional alliances, which must include at least one institution 
of higher education or nonprofit training organization and at 
least one local employer or owner or operator of critical 
infrastructure. It would also cap each regional alliance award 
at $200,000 and require awardees to provide a non-Federal 
contribution. The section would require that the regional 
alliances leverage the objectives of the NICE program and 
encourage programs that seek to include women, minorities, or 
veterans.

Section 3. Development of standards and guidelines for improving 
        cybersecurity workforce of Federal agencies

    This section would direct NIST to identify, develop, and 
publish standards for improving the cybersecurity workforce for 
Federal agencies as part of the NICE Cybersecurity Workforce 
Framework. It would also direct NIST to issue cybersecurity 
awareness standards and guidelines for use by Federal agencies.

Section 4. Modifications to Federal Cyber Scholarship-for-Service 
        program

    This section would amend the NSF Scholarship-for-Service 
program (also called ``CyberCorps scholarships'') to grow the 
number of cybersecurity educators. It would allow up to 10 
percent of the scholarship recipients to fulfill their service 
obligation as an educator in a Cybercorps school. Currently, 
the program requires that scholarship recipients agree to work 
after graduation for a government agency for a period equal to 
the length of their scholarship. The section would direct that 
cybersecurity summer camps, including teacher training, be 
carried out as part of the scholarship program.

Section 5. Cybersecurity in programs of the National Science Foundation

    This section would ensure cybersecurity is addressed in 
existing NSF STEM programs, including computer science 
education research, the Advanced Technological Education 
program, Low-income Scholarship Program, and the Graduate 
Research Fellowship Program. It would also direct research on 
the integration of cybersecurity into computer science 
education and ensure that educators and mentors in fields 
relating to cybersecurity be considered for Presidential Awards 
for Excellence in Mathematics and Science Teaching and for 
Excellence in STEM.

Section 6. Cybersecurity in STEM programs of the National Aeronautics 
        and Space Administration

    This section would encourage cybersecurity education 
opportunities in existing STEM programs at NASA.

Section 7. Cybersecurity in Department of Transportation programs

    This section would amend the DOT University Transportation 
Centers program to conduct research on transportation 
cybersecurity, including research on cybersecurity implications 
associated with autonomous vehicles, connected vehicles, and 
critical infrastructure. It would also require the Secretary of 
Transportation to include reducing transportation cybersecurity 
risks as part of the 5-year strategic research and development 
plan.

Section 8. Coordination of Federal cybersecurity workforce

    This section would improve coordination of Federal 
cybersecurity workforce programs by establishing or designating 
a subcommittee on cybersecurity workforce within the existing 
Committee on Science, Technology, Engineering, and Math 
Education (otherwise referred to as the CoSTEM Committee). The 
section would designate the directors of OSTP and NIST as the 
co-chairs of the subcommittee.

                        Changes in Existing Law

    In compliance with paragraph 12 of rule XXVI of the 
Standing Rules of the Senate, changes in existing law made by 
the bill, as reported, are shown as follows (existing law 
proposed to be omitted is enclosed in black brackets, new 
material is printed in italic, existing law in which no change 
is proposed is shown in roman):

UNITED STATES CODE

           *       *       *       *       *       *       *


                        TITLE 49--TRANSPORTATION

             Subtitle III--General and Intermodal Programs

                 CHAPTER 55--INTERMODAL TRANSPORTATION

Subchapter I--General

           *       *       *       *       *       *       *


Sec. 5505. University transportation centers program

  (a) University Transportation Centers Program.--
          (1) Establishment and operation.--The Secretary shall 
        make grants under this section to eligible nonprofit 
        institutions of higher education to establish and 
        operate university transportation centers.
          (2) Role of centers.--The role of each university 
        transportation center referred to in paragraph (1) 
        shall be--
                  (A) to advance transportation expertise and 
                technology in the varied disciplines that 
                comprise the field of transportation through 
                education, research, and technology transfer 
                activities;
                  (B) to provide for a critical transportation 
                knowledge base outside of the Department of 
                Transportation; and
                  (C) to address critical workforce needs and 
                educate the next generation of transportation 
                leaders in the matters described in 
                subparagraphs (A) through (G) of section 
                6503(c)(1).
  (b) * * *
  (c) Grants.--
          (1) * * *
          (2) * * *
          (3) Regional university transportation centers.--
                  (A) * * *
                  (B) * * *
                  (C) * * *
                  (D) * * *
                  (E) Focused research.--[The Secretary]
                          (i) In general.--A regional 
                        university transportation center 
                        receiving a grant under this paragraph 
                        shall carry out research focusing on 1 
                        or more of the matters described in 
                        subparagraphs (A) through (G) of 
                        section 6503(c)(1).
                          (ii) Focused objectives.--The 
                        Secretary shall make a grant to 1 of 
                        the 10 regional university 
                        transportation centers established 
                        under this paragraph for the purpose of 
                        furthering the objectives described in 
                        subsection (a)(2) in the field of 
                        comprehensive transportation safety, 
                        congestion, connected vehicles, 
                        connected infrastructure, and 
                        autonomous vehicles, including the 
                        cybersecurity implications of 
                        technologies relating to connected 
                        vehicles, connected infrastructure, and 
                        autonomous vehicles.

           *       *       *       *       *       *       *


CHAPTER 65--RESEARCH PLANNING

           *       *       *       *       *       *       *


Sec. 6503. Transportation research and development 5-year strategic 
                    plan

  (a) * * *
  (b) * * *
  (c) Contents.--The strategic plan developed under subsection 
(a) shall--
          (1) describe how the plan furthers the primary 
        purposes of the transportation research and development 
        program, which shall include--
                  (A) improving mobility of people and goods;
                  (B) reducing congestion;
                  (C) promoting safety;
                  (D) improving the durability and extending 
                the life of transportation infrastructure;
                  (E) preserving the environment; [and]
                  (F) preserving the existing transportation 
                system; and
                  (G) reducing transportation cybersecurity 
                risks;

           *       *       *       *       *       *       *


              AMERICA COMPETES REAUTHORIZATION ACT OF 2010

          [42 U.S.C. 6621; as amended through Pub. L. 114-329]

SEC. 101. COORDINATION OF FEDERAL STEM EDUCATION.

  (a) Establishment.--The Director shall establish a committee 
under the National Science and Technology Council, including 
the Office of Management and Budget, with the responsibility to 
coordinate Federal programs and activities in support of STEM 
education, including at the National Science Foundation, the 
Department of Energy, the National Aeronautics and Space 
Administration, the National Institute of Standards and 
Technology, the National Oceanic and Atmospheric 
Administration, the Department of Education, and all other 
Federal agencies that have programs and activities in support 
of STEM education.
  (b) Responsibilities.--The committee established under 
subsection (a) shall--
          (1) coordinate the STEM education activities and 
        programs of the Federal agencies;
          (2) coordinate STEM education activities and programs 
        with the Office of Management and Budget;
          (3) encourage the teaching of innovation and 
        entrepreneurship as part of STEM education activities;
          (4) review STEM education activities and programs to 
        ensure they are not duplicative of similar efforts 
        within the Federal government;
          (5) develop, implement through the participating 
        agencies, and update once every 5 years a 5-year STEM 
        education strategic plan, which shall--
                  (A) specify and prioritize annual and long-
                term objectives;
                  (B) specify the common metrics that will be 
                used to assess progress toward achieving the 
                objectives;
                  (C) describe the approaches that will be 
                taken by each participating agency to assess 
                the effectiveness of its STEM education 
                programs and activities; and
                  (D) with respect to subparagraph (A), 
                describe the role of each agency in supporting 
                programs and activities designed to achieve the 
                objectives;
          (6) establish, periodically update, and maintain an 
        inventory of federally sponsored STEM education 
        programs and activities, including documentation of 
        assessments of the effectiveness of such programs and 
        activities and rates of participation by women, 
        underrepresented minorities, and persons in rural areas 
        in such programs and activities;
          (7) collaborate with the STEM Education Advisory 
        Panel established under section 303 of the American 
        Innovation and Competitiveness Act and other outside 
        stakeholders to ensure the engagement of the STEM 
        education community;
          (8) review the measures used by a Federal agency to 
        evaluate its STEM education activities and programs;
          (9) request and review feedback from States on how 
        the States are utilizing Federal STEM education 
        programs and activities; and
          (10) recommend the reform, termination, or 
        consolidation of Federal STEM education activities and 
        programs, taking into consideration the recommendations 
        of the STEM Education Advisory Panel.
  (c) Responsibilities of OSTP.--The Director shall encourage 
and monitor the efforts of the participating agencies to ensure 
that the strategic plan under subsection (b)(5) is developed 
and executed effectively and that the objectives of the 
strategic plan are met.
  (d) Subcommittees and Working Groups.--
          (1) Subcommittees and working groups authorized.--
                  (A) In general.--The committee established 
                under subsection (a) may establish 1 or more 
                subcommittees or working groups to address 
                specific issues in STEM education, as the 
                committee considers appropriate.
                  (B) Composition.--A member of the committee 
                established under subsection (a) may serve on a 
                subcommittee or working group established under 
                subparagraph (A).
          (2) Subcommittee on cybersecurity workforce 
        required.--
                  (A) In general.--The committee established 
                under subsection (a) shall establish or 
                designate a subcommittee to coordinate 
                cybersecurity education and workforce 
                activities and programs of the Federal 
                agencies.
                  (B) Chairpersons.--The chairpersons of the 
                subcommittee established or designated under 
                subsection (a) shall be--
                          (i) the Director;
                          (ii) the Director of the National 
                        Institute of Standards and Technology; 
                        and
                          (iii) the head of any Federal agency, 
                        as the Director and the Director of the 
                        National Institute of Standards and 
                        Technology consider appropriate.
  [(d)] (e) Reports.--The Director shall transmit a report 
annually to Congress at the time of the President's budget 
request describing the plan required under subsection (b)(5). 
The annual report shall include--
          (1) a description of the STEM education programs and 
        activities for the previous and current fiscal years, 
        and the proposed programs and activities under the 
        President's budget request, of each participating 
        Federal agency;
          (2) the levels of funding for each participating 
        Federal agency for the programs and activities 
        described under paragraph (1) for the previous fiscal 
        year and under the President's budget request;
          (3) an evaluation of the levels of duplication and 
        fragmentation of the programs and activities described 
        under paragraph (1);
          (4) except for the initial annual report, a 
        description of the progress made in carrying out the 
        implementation plan, including a description of the 
        outcome of any program assessments completed in the 
        previous year, and any changes made to that plan since 
        the previous annual report;
          (5) a description of how the participating Federal 
        agencies will disseminate information about federally 
        supported resources for STEM education practitioners, 
        including teacher professional development programs, to 
        States and to STEM education practitioners, including 
        to teachers and administrators in schools that meet the 
        criteria described in subsection (c)(1)(A) and (B) of 
        section 7381j of this title;
          (6) a description of all consolidations and 
        terminations of Federal STEM education programs and 
        activities implemented in the previous fiscal year, 
        including an explanation for the consolidations and 
        terminations;
          (7) recommendations for reforms, consolidations, and 
        terminations of STEM education programs or activities 
        in the upcoming fiscal year; and
          (8) a description of any significant new STEM 
        education public-private partnerships.
  (f) STEM Education Defined.--For purposes of this section, 
the term ``STEM education'' includes cybersecurity education.

           *       *       *       *       *       *       *


     AMERICAN COMPETITIVENESS AND WORKFORCE IMPROVEMENT ACT OF 1998

                           [42 U.S.C. 1869c]

SEC. 414. * * *

  (a) * * *
  (b) * * *
  (c) * * *
  (d) Low-income scholarship program.--
          (1) Establishment.--The Director of the National 
        Science Foundation (referred to in this section as the 
        ``Director'') shall award scholarships to low-income 
        individuals to enable such individuals to pursue 
        associate, undergraduate, or graduate level degrees in 
        mathematics, engineering, [or computer science] 
        computer science, or cybersecurity.
          (2) Eligibility.--
                  (A) In general.--To be eligible to receive a 
                scholarship under this section, an individual--
                          (i) * * *
                          (ii) * * *
                          (iii) shall certify to the Director 
                        that the individual intends to use 
                        amounts received under the scholarship 
                        to enroll or continue enrollment at an 
                        institution of higher education (as 
                        defined in section 101(a) of the Higher 
                        Education Act of 1965) in order to 
                        pursue an associate, undergraduate, or 
                        graduate level degree in mathematics, 
                        engineering, computer science, 
                        cybersecurity, or other technology and 
                        science programs designated by the 
                        Director.

           *       *       *       *       *       *       *


              AMERICAN INNOVATION AND COMPETITIVENESS ACT

                  [42 U.S.C. 1862s-7; Pub. L. 114-329]

SEC. 310. COMPUTER SCIENCE EDUCATION RESEARCH.

  (a) Findings.--Congress finds that as the lead Federal agency 
for building the research knowledge base for computer science 
education, the Foundation is well positioned to make 
investments that will accelerate ongoing efforts to enable 
rigorous and engaging computer science throughout the Nation as 
an integral part of STEM education.
  (b) Grant Program.--
          (1) In general.--The Director of the Foundation shall 
        award grants to eligible entities to research computer 
        science and cybersecurity education and computational 
        thinking.
          (2) Research.--The research described in paragraph 
        (1) may include the development or adaptation, piloting 
        or full implementation, and testing of--
                  (A) models of preservice preparation for 
                teachers who will teach computer science and 
                computational thinking;
                  (B) scalable and sustainable models of 
                professional development and ongoing support 
                for the teachers described in subparagraph (A);
                  (C) tools and models for teaching and 
                learning aimed at supporting student success 
                and inclusion in computing within and across 
                diverse populations, particularly poor, rural, 
                and tribal populations and other populations 
                that have been historically underrepresented in 
                computer science and STEM fields[; and];
                  (D) high-quality learning opportunities for 
                teaching computer science and, especially in 
                poor, rural, or tribal schools at the 
                elementary school and middle school levels, for 
                integrating computational thinking into STEM 
                teaching and learning[.]; and
                  (E) tools and models for the integration of 
                cybersecurity and other interdisciplinary 
                efforts into computer science education and 
                computational thinking at secondary and 
                postsecondary levels of education.
  (c) Collaborations.--In carrying out the grants established 
in subsection (b), eligible entities may collaborate and 
partner with local or remote schools to support the integration 
of computing , cybersecurity, and computational thinking within 
pre-kindergarten through grade 12 STEM curricula and 
instruction.

           *       *       *       *       *       *       *


                 CYBERSECURITY ENHANCEMENT ACT OF 2014

                   [15 U.S.C. 7451; Pub. L. 113-274]

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

  (a) Short Title.--This Act may be cited as the 
``Cybersecurity Enhancement Act of 2014''.
  (b) Table of Contents.--The table of contents of this Act is 
as follows:

           *       *       *       *       *       *       *


              TITLE III--EDUCATION AND WORKFORCE DEVELOPMENT

Sec. 301. Cybersecurity competitions and challenges.
Sec. 302. Federal cyber scholarship-for-service program.
Sec. 303. National cybersecurity awareness and education program.

           [TITLE IV--CYBERSECURITY AWARENESS AND PREPAREDNESS]

[Sec. 401. National cybersecurity awareness and education program.]



           *       *       *       *       *       *       *
          [15 U.S.C. 7442; as amended through Pub. L. 115-91]

             TITLE III--EDUCATION AND WORKFORCE DEVELOPMENT

SEC. 301. * * *

SEC. 302. FEDERAL CYBER SCHOLARSHIP-FOR-SERVICE PROGRAM.

  (a) * * *
  (b) Program Description and Components.--The Federal Cyber 
Scholarship-for-Service Program shall--
          (1) provide scholarships through qualified 
        institutions of higher education, including community 
        colleges, to students who are enrolled in programs of 
        study at institutions of higher education leading to 
        degrees or specialized program certifications in the 
        cybersecurity field;
          (2) provide the scholarship recipients with summer 
        internship opportunities or other meaningful temporary 
        appointments in the Federal [information technology] 
        information technology and cybersecurity workforce;
          [(3) prioritize the employment placement of at least 
        80 percent of scholarship recipients in an executive 
        agency (as defined in section 105 of title 5, United 
        States Code); and]
          (3) prioritize the placement of scholarship 
        recipients fulfilling the post-award employment 
        obligation under this section to ensure that--
                  (A) not less than 70 percent of such 
                recipients are placed in an executive agency 
                (as defined in section 105 of title 5, United 
                States Code);
                  (B) not more than 10 percent of such 
                recipients are placed as educators in the field 
                of cybersecurity at qualified institutions of 
                higher education that provide scholarships 
                under this section; and
                  (C) not more than 20 percent of such 
                recipients are placed in positions described in 
                paragraphs (2) through (5) of subsection (d); 
                and
          (4) provide awards to improve cybersecurity education 
        , including by seeking to provide awards in 
        coordination with other relevant agencies for summer 
        cybersecurity camp or other experiences, including 
        teacher training, in each of the 50 States, at the 
        kindergarten through grade 12 level--
                  (A) to increase interest in cybersecurity 
                careers;
                  (B) to help students practice correct and 
                safe online behavior and understand the 
                foundational principles of cybersecurity;
                  (C) to improve teaching methods for 
                delivering cybersecurity content for 
                kindergarten through grade 12 computer science 
                curricula; and
                  (D) to promote teacher recruitment in the 
                field of cybersecurity.
  (d) Post-award Employment Obligations.--Each scholarship 
recipient, as a condition of receiving a scholarship under the 
program, shall enter into an agreement under which the 
recipient agrees to work for a period equal to the length of 
the scholarship, following receipt of the student's degree, in 
the cybersecurity mission of--
          (1) an executive agency (as defined in section 105 of 
        title 5, United States Code);
          (2) Congress, including any agency, entity, office, 
        or commission established in the legislative branch;
          (3) an interstate agency;
          (4) a State, local, or Tribal government; [or]
          (5) a State, local, or Tribal government-affiliated 
        nonprofit that is considered to be critical 
        infrastructure (as defined in section 1016(e) of the 
        USA Patriot Act (42 U.S.C. 5195c(e))[.]; or
          (6) as provided by subsection (b)(3)(B), a qualified 
        institution of higher education.
  (e) * * *
  (f) Eligibility.--To be eligible to receive a scholarship 
underthis section, an individual shall--
          (1) be a citizen or lawful permanent resident of the 
        United States;
          (2) demonstrate a commitment to a career in improving 
        the security of information technology;
          (3) have demonstrated a high level of competency in 
        relevant knowledge, skills, and abilities, as defined 
        by the national cybersecurity awareness and education 
        program [under section 401] under section 303;
          (4) be a full-time student in an eligible degree 
        program at a qualified institution of higher education, 
        as determined by the Director of the National Science 
        Foundation, except that in the case of a student who is 
        enrolled in a community college, be a student pursuing 
        a degree on a less than full-time basis, but not less 
        than half-time basis; and
          (5) accept the terms of a scholarship under this 
        section.
  (g) * * *
  (h) * * *
  (i) * * *
  (j) * * *
  (k) * * *
  (l) * * *
  (m) Public Information.--
          (1) Evaluation.--The Director of the National Science 
        Foundation, in coordination with the Director of the 
        Office of Personnel Management, shall periodically 
        evaluate and make public, in a manner that protects the 
        personally identifiable information of scholarship 
        recipients, information on the success of recruiting 
        individuals for scholarships under this section and on 
        hiring and retaining those individuals in the public 
        sector [cyber] cybersecurity workforce, including 
        information on--
                  (A) * * *
          (1) * * *
          (2) Reports.--The Director of the National Science 
        Foundation, in coordination with the Office of 
        Personnel Management, shall submit, not less frequently 
        than once every 3 years, to the Committee on Commerce, 
        Science, and Transportation of the Senate and the 
        Committee on Science, Space, and Technology of the 
        House of Representatives a report, including the 
        results of the evaluation under paragraph (1) and any 
        recent statistics regarding the size, composition, and 
        educational requirements of the Federal [cyber] 
        cybersecurity workforce.

           *       *       *       *       *       *       *


[Note: Title IV--Cybersecurity Awareness and Preparedness is repealed. 
  Section 401 is transferred to the end of title III of such Act and 
                     redesignated as section 303.]

SEC. [401.] 303. NATIONAL CYBERSECURITY AWARENESS AND EDUCATION 
                    PROGRAM.

  (a) National Cybersecurity Awareness and Education Program.--
The Director of the National Institute of Standards and 
Technology (referred to in this section as the ``Director''), 
in consultation with appropriate Federal agencies, industry, 
educational institutions, National Laboratories, the Networking 
and Information Technology Research and Development program, 
and other organizations shall continue to coordinate a national 
cybersecurity awareness and education program, that includes 
activities such as--
          (1) the widespread dissemination of cybersecurity 
        technical standards and best practices identified by 
        the Director;
          (2) efforts to make cybersecurity best practices 
        usable by individuals, small to medium-sized 
        businesses, educational institutions, and State, local, 
        and tribal governments;
          (3) increasing public awareness of cybersecurity, 
        cyber safety, and cyber ethics;
          (4) increasing the understanding of State, local, and 
        tribal governments, institutions of higher education, 
        and private sector entities of--
                  (A) the benefits of ensuring effective risk 
                management of information technology versus the 
                costs of failure to do so; and
                  (B) the methods to mitigate and remediate 
                vulnerabilities;
          (5) supporting formal cybersecurity education 
        programs at all education levels to prepare and improve 
        a skilled cybersecurity and computer science workforce 
        for the private sector and Federal, State, local, and 
        tribal government[; and];
          (6) identifying cybersecurity workforce skill gaps in 
        public and private sectors;
          (7) leading interagency efforts to facilitate 
        coordination of Federal programs to advance 
        cybersecurity education, training, and workforce, such 
        as--
                  (A) the Federal Cyber Scholarship for Service 
                program of the National Science Foundation;
                  (B) the National Centers of Academic 
                Excellence in Cybersecurity program of the 
                National Security Agency and the Department of 
                Homeland Security;
                  (C) the GenCyber Program of the National 
                Science Foundation and the National Security 
                Agency;
                  (D) the apprenticeship program of the 
                Department of Labor;
                  (E) the Cybersecurity Education and Training 
                Assistance Program of the Department of 
                Homeland Security;
                  (F) the Cyber Center of Excellence of the 
                Army;
                  (G) the Information Operations Command 
                program of the Navy; and
                  (H) such others as the Director considers 
                appropriate;
          (8) promoting higher education and expertise in 
        cybersecurity through designation by the National 
        Security Agency and the Department of Homeland Security 
        of institutions of higher education as National Centers 
        of Academic Excellence in Cybersecurity if such 
        institutions have robust degree programs that align to 
        specific cybersecurity-related knowledge units that are 
        aligned to the knowledge, skills, abilities, and tasks 
        from the National Initiative for Cybersecurity 
        Education (NICE) Cybersecurity Workforce Framework 
        (NIST Special Publication 800-181), or successor 
        framework;
          (9) consideration of any specific needs of the 
        cybersecurity workforce of critical infrastructure;
          (10) developing metrics to measure the effectiveness 
        and effect of programs and initiatives to advance the 
        cybersecurity workforce; and
          [(6)] (11) promoting initiatives to evaluate and 
        forecast future cybersecurity workforce needs of the 
        Federal Government and develop strategies for 
        recruitment, training, and retention.
  (b) * * *
  (c) Strategic Plan.--[The Director]
          (1) In general.--The Director, in cooperation with 
        relevant Federal agencies and other stakeholders, shall 
        build upon programs and plans in effect as of the date 
        of enactment of this Act to develop and implement a 
        strategic plan to guide Federal programs and activities 
        in support of the national cybersecurity awareness and 
        education program under subsection (a).
          (2) Requirement.--The strategic plan developed and 
        implemented under paragraph (1) shall include an 
        indication of how the Director will carry out this 
        section.
  (d) Report.--Not later than 1 year after the date of 
enactment of this Act, and every 5 years thereafter, the 
Director shall transmit the strategic plan under subsection (c) 
to the Committee on Commerce, Science, and Transportation of 
the Senate and the Committee on Science, Space, and Technology 
of the House of Representatives.
  (e) Cybersecurity Metrics.--In carrying out subsection (a), 
the Director, in coordination with such agencies as the 
Director considers relevant, shall develop repeatable measures 
and reliable metrics for measuring and evaluating Federally 
funded cybersecurity workforce programs and initiatives based 
on the outcomes of such programs and initiatives.
  (f) Regional Alliances and Multistakeholder Partnerships.--
          (1) In general.--Pursuant to section 2(b)(4) of the 
        National Institute of Standards and Technology Act (15 
        U.S.C. 272(b)(4)), the Director shall establish 
        cooperative agreements between the National Initiative 
        for Cybersecurity Education (NICE) of the Institute and 
        regional alliances or partnerships for cybersecurity 
        education and workforce.
          (2) Agreements.--The cooperative agreements 
        established under paragraph (1) shall advance the goals 
        of the National Initiative for Cybersecurity Education 
        Cybersecurity Workforce Framework (NIST Special 
        Publication 800-181), or successor framework, by 
        facilitating local and regional partnerships--
                  (A) to identify the workforce needs of the 
                local economy and classify such workforce in 
                accordance with such framework;
                  (B) to identify the education, training, 
                apprenticeship, and other opportunities 
                available in the local economy; and
                  (C) to support opportunities to meet the 
                needs of the local economy.
          (3) Financial assistance.--
                  (A) Financial assistance authorized.--The 
                Director may award financial assistance to a 
                regional alliance or partnership with whom the 
                Director enters into a cooperative agreement 
                under paragraph (1) in order to assist the 
                regional alliance or partnership in carrying 
                out the term of the cooperative agreement.
                  (B) Amount of assistance.--The aggregate 
                amount of financial assistance awarded under 
                subparagraph (A) per cooperative agreement 
                shall not exceed $200,000.
                  (C) Matching requirement.--The Director may 
                not award financial assistance to a regional 
                alliance or partnership under subparagraph (A) 
                unless the regional alliance or partnership 
                agrees that, with respect to the costs to be 
                incurred by the regional alliance or 
                partnership in carrying out the cooperative 
                agreement for which the assistance was awarded, 
                the regional alliance or partnership will make 
                available (directly or through donations from 
                public or private entities) non-Federal 
                contributions in an amount equal to 50 percent 
                of Federal funds provided under the award.
          (4) Application.--
                  (A) In general.--A regional alliance or 
                partnership seeking to enter into a cooperative 
                agreement under paragraph (1) and receive 
                financial assistance under paragraph (3) shall 
                submit to the Director an application therefor 
                at such time, in such manner, and containing 
                such information as the Director may require.
                  (B) Requirements.--Each application submitted 
                under subparagraph (A) shall include the 
                following:
                          (i)(I) A plan to establish (or 
                        identification of, if it already 
                        exists) a multistakeholder workforce 
                        partnership that includes--
                                  (aa) at least one institution 
                                of higher education or 
                                nonprofit training 
                                organization; and
                                  (bb) at least one local 
                                employer or owner or operator 
                                of critical infrastructure.
                          (II) Participation from Federal Cyber 
                        Scholarships for Service organizations, 
                        National Centers of Academic Excellence 
                        in Cybersecurity, advanced 
                        technological education programs, 
                        elementary and secondary schools, 
                        training and certification providers, 
                        State and local governments, economic 
                        development organizations, or other 
                        community organizations is encouraged.
                          (ii) A description of how the 
                        workforce partnership would identify 
                        the workforce needs of the local 
                        economy.
                          (iii) A description of how the 
                        multistakeholder workforce partnership 
                        would leverage the programs and 
                        objectives of the National Initiative 
                        for Cybersecurity Education, such as 
                        the Cybersecurity Workforce Framework 
                        and the strategic plan of such 
                        initiative.
                          (iv) A description of how employers 
                        in the community will be recruited to 
                        support internships, apprenticeships, 
                        or cooperative education programs in 
                        conjunction with providers of education 
                        and training. Inclusion of programs 
                        that seek to include women, minorities, 
                        or veterans is encouraged.
                          (v) A definition of the metrics that 
                        will be used to measure the success of 
                        the efforts of the regional alliance or 
                        partnership under the agreement.
                  (C) Priority consideration.--In awarding 
                financial assistance under paragraph (3)(A), 
                the Director shall give priority consideration 
                to a regional alliance or partnership that 
                includes an institution of higher education 
                that is designated as a National Center of 
                Academic Excellence in Cybersecurity or which 
                receives an award under the Federal Cyber 
                Scholarship for Service program located in the 
                State or region of the regional alliance or 
                partnership.
          (5) Audits.--Each cooperative agreement for which 
        financial assistance is awarded under paragraph (3) 
        shall be subject to audit requirements under part 200 
        of title 2, Code of Federal Regulations (relating to 
        uniform administrative requirements, cost principles, 
        and audit requirements for Federal awards), or 
        successor regulation.
          (6) Reports.--
                  (A) In general.--Upon completion of a 
                cooperative agreement under paragraph (1), the 
                regional alliance or partnership that 
                participated in the agreement shall submit to 
                the Director a report on the activities of the 
                regional alliance or partnership under the 
                agreement, which may include training and 
                education outcomes.
                  (B) Contents.--Each report submitted under 
                subparagraph (A) by a regional alliance or 
                partnership shall include the following:
                          (i) An assessment of efforts made by 
                        the regional alliance or partnership to 
                        carry out paragraph (2).
                          (ii) The metrics used by the regional 
                        alliance or partnership to measure the 
                        success of the efforts of the regional 
                        alliance or partnership under the 
                        cooperative agreement.

           *       *       *       *       *       *       *


         FEDERAL CYBERSECURITY WORKFORCE ASSESSMENT ACT OF 2015

                           [Pub. L. 114-113]

         TITLE III--FEDERAL CYBERSECURITY WORKFORCE ASSESSMENT

SEC. 301. SHORT TITLE.

    This title may be cited as the ``Federal Cybersecurity 
Workforce Assessment Act of 2015''.

SEC. 302. DEFINITIONS.

    In this title:
          (1) Appropriate congressional committees.--The term 
        ``appropriate congressional committees'' means--
                  (A) the Committee on Armed Services of the 
                Senate;
                  (B) the Committee on Homeland Security and 
                Governmental Affairs of the Senate;
                  (C) the Select Committee on Intelligence of 
                the Senate;
                  (D) the Committee on Commerce, Science, and 
                Transportation of the Senate;
                  (E) the Committee on Armed Services of the 
                House of Representatives;
                  (F) the Committee on Homeland Security of the 
                House of Representatives;
                  (G) the Committee on Oversight and Government 
                Reform of the House of Representatives; and
                  (H) the Permanent Select Committee on 
                Intelligence of the House of Representatives.
          (2) Director.--The term ``Director'' means the 
        Director of the Office of Personnel Management.
          (3) National Initiative for Cybersecurity 
        Education.--The term ``National Initiative for 
        Cybersecurity Education'' means the initiative under 
        the national cybersecurity awareness and education 
        program, as authorized [under section 401 of the 
        Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7451)] 
        under section 303 of the Cybersecurity Enhancement Act 
        of 2014 (Public Law 113-274).
          (4) Work Roles.--The term `` work roles'' means a 
        specialized set of tasks and functions requiring 
        specific knowledge, skills, and abilities.

           *       *       *       *       *       *       *


           NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY ACT

                         [15 U.S.C. 278g-3(a)]

  Sec. 20. (a) The Institute shall--
          (1) * * *
          (2) * * *
          (3) develop standards and guidelines, including 
        minimum requirements, for providing adequate 
        information security for all agency operations and 
        assets, but such standards and guidelines shall not 
        apply to national security systems[; and];
          (4) carry out the responsibilities described in 
        paragraph (3) through the Computer Security 
        Division[.]; and
          (5) identify and develop standards and guidelines for 
        improving the cybersecurity workforce for an agency as 
        part of the National Initiative for Cybersecurity 
        Education (NICE) Cybersecurity Workforce Framework 
        (NIST Special Publication 800-181), or successor 
        framework.

           *       *       *       *       *       *       *


                 NIST SMALL BUSINESS CYBERSECURITY ACT

                           [Pub. L. 115-236]

SEC. 2. IMPROVING CYBERSECURITY OF SMALL BUSINESSES.

  (a) * * *
  (b) * * *
  (c) Dissemination of Resources for Small Businesses.--
          (1) * * *
          (2) * * *
          (3) National Cybersecurity Awareness and Education 
        Program.--The Director shall ensure that the resources 
        disseminated under paragraph (1) are consistent with 
        the efforts of the Director [under section 401 of the 
        Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7451)] 
        under section 303 of the Cybersecurity Enhancement Act 
        of 2014 (Public Law 113-274).

           *       *       *       *       *       *       *


             SCIENTIFIC AND ADVANCED-TECHNOLOGY ACT OF 1992

                        [42 U.S.C. 1862i(j)(9)]

SEC. 3. SCIENTIFIC AND TECHNICAL EDUCATION.

  (a) * * *
  (b) * * *
  (c) * * *
  (d) * * *
  (e) * * *
  (f) * * *
  (g) * * *
  (h) * * *
  (i) * * *
  (j) Definitions.--As used in this section--
          (1) * * *
          (2) * * *
          (3) * * *
          (4) * * *
          (5) * * *
          (6) * * *
          (7) * * *
          (8) * * *
          (9) the terms ``mathematics, science, engineering, or 
        technology'' or ``STEM'' mean science, technology, 
        engineering, and mathematics, including computer 
        science and cybersecurity.

           *       *       *       *       *       *       *


                                  [all]