[113th Congress Public Law 246]
[From the U.S. Government Publishing Office]

[[Page 2879]]


[[Page 128 STAT. 2880]]

Public Law 113-246
113th Congress

                                 An Act

      To require the Secretary of Homeland Security to assess the 
   cybersecurity workforce of the Department of Homeland Security and 
       develop a comprehensive workforce strategy, and for other 
            purposes. <<NOTE: Dec. 18, 2014 -  [H.R. 2952]>> 

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled, <<NOTE: Cybersecurity 
Workforce Assessment Act.>> 
SECTION 1. <<NOTE: 6 USC 101 note.>> SHORT TITLE.

    This Act may be cited as the ``Cybersecurity Workforce Assessment 
SEC. 2. <<NOTE: 6 USC 146 note.>> DEFINITIONS.

    In this Act--
            (1) the term ``Cybersecurity Category'' means a position's 
        or incumbent's primary work function involving cybersecurity, 
        which is further defined by Specialty Area;
            (2) the term ``Department'' means the Department of Homeland 
            (3) the term ``Secretary'' means the Secretary of Homeland 
        Security; and
            (4) the term ``Specialty Area'' means any of the common 
        types of cybersecurity work as recognized by the National 
        Initiative for Cybersecurity Education's National Cybersecurity 
        Workforce Framework report.

     <<NOTE: Deadlines.6 USC 146.>> (a) Workforce Assessment.
            (1) In general.--Not later than 180 days after the date of 
        enactment of this Act, and annually thereafter for 3 years, the 
        Secretary shall assess the cybersecurity workforce of the 
            (2) Contents.--The assessment required under paragraph (1) 
        shall include, at a minimum--
                    (A) an assessment of the readiness and capacity of 
                the workforce of the Department to meet its 
                cybersecurity mission;
                    (B) information on where cybersecurity workforce 
                positions are located within the Department;
                    (C) information on which cybersecurity workforce 
                positions are--
                          (i) performed by--
                                    (I) permanent full-time equivalent 
                                employees of the Department, including, 
                                to the greatest extent practicable, 
                                demographic information about such 

[[Page 128 STAT. 2881]]

                                    (II) independent contractors; and
                                    (III) individuals employed by other 
                                Federal agencies, including the National 
                                Security Agency; or
                          (ii) vacant; and
                    (D) information on--
                          (i) the percentage of individuals within each 
                      Cybersecurity Category and Specialty Area who 
                      received essential training to perform their jobs; 
                          (ii) in cases in which such essential training 
                      was not received, what challenges, if any, were 
                      encountered with respect to the provision of such 
                      essential training.

    (b) Workforce Strategy.--
            (1) In general.--The Secretary shall--
                    (A) not later than 1 year after the date of 
                enactment of this Act, develop a comprehensive workforce 
                strategy to enhance the readiness, capacity, training, 
                recruitment, and retention of the cybersecurity 
                workforce of the Department; and
                    (B) maintain and, as necessary, update the 
                comprehensive workforce strategy developed under 
                subparagraph (A).
            (2) Contents.--The comprehensive workforce strategy 
        developed under paragraph (1) shall include a description of--
                    (A) a multi-phased recruitment plan, including with 
                respect to experienced professionals, members of 
                disadvantaged or underserved communities, the 
                unemployed, and veterans;
                    (B) a 5-year implementation plan;
                    (C) a 10-year projection of the cybersecurity 
                workforce needs of the Department;
                    (D) any obstacle impeding the hiring and development 
                of a cybersecurity workforce in the Department; and
                    (E) any gap in the existing cybersecurity workforce 
                of the Department and a plan to fill any such gap.

    (c) Updates.--The Secretary submit to the appropriate congressional 
committees annual updates on--
            (1) the cybersecurity workforce assessment required under 
        subsection (a); and
            (2) the progress of the Secretary in carrying out the 
        comprehensive workforce strategy required to be developed under 
        subsection (b).

     <<NOTE: Deadline. Reports.>> Not later than 120 days after the date 
of enactment of this Act, the Secretary shall submit to the appropriate 
congressional committees a report on the feasibility, cost, and benefits 
of establishing a Cybersecurity Fellowship Program to offer a tuition 
payment plan for individuals pursuing undergraduate and doctoral

[[Page 128 STAT. 2882]]

degrees who agree to work for the Department for an agreed-upon period 
of time.

    Approved December 18, 2014.


HOUSE REPORTS: No. 113-324 (Comm. on Homeland Security).
            July 28, considered and passed House.
            Dec. 10, considered and passed Senate, amended.
            Dec. 11, House concurred in Senate amendments.