[113th Congress Public Law 246]
[From the U.S. Government Publishing Office]



[[Page 2879]]

                 CYBERSECURITY WORKFORCE ASSESSMENT ACT

[[Page 128 STAT. 2880]]

Public Law 113-246
113th Congress

                                 An Act


 
      To require the Secretary of Homeland Security to assess the 
   cybersecurity workforce of the Department of Homeland Security and 
       develop a comprehensive workforce strategy, and for other 
            purposes. <<NOTE: Dec. 18, 2014 -  [H.R. 2952]>> 

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled, <<NOTE: Cybersecurity 
Workforce Assessment Act.>> 
SECTION 1. <<NOTE: 6 USC 101 note.>> SHORT TITLE.

    This Act may be cited as the ``Cybersecurity Workforce Assessment 
Act''.
SEC. 2. <<NOTE: 6 USC 146 note.>> DEFINITIONS.

    In this Act--
            (1) the term ``Cybersecurity Category'' means a position's 
        or incumbent's primary work function involving cybersecurity, 
        which is further defined by Specialty Area;
            (2) the term ``Department'' means the Department of Homeland 
        Security;
            (3) the term ``Secretary'' means the Secretary of Homeland 
        Security; and
            (4) the term ``Specialty Area'' means any of the common 
        types of cybersecurity work as recognized by the National 
        Initiative for Cybersecurity Education's National Cybersecurity 
        Workforce Framework report.
SEC. 3. CYBERSECURITY WORKFORCE ASSESSMENT AND STRATEGY.

     <<NOTE: Deadlines.6 USC 146.>> (a) Workforce Assessment.
            (1) In general.--Not later than 180 days after the date of 
        enactment of this Act, and annually thereafter for 3 years, the 
        Secretary shall assess the cybersecurity workforce of the 
        Department.
            (2) Contents.--The assessment required under paragraph (1) 
        shall include, at a minimum--
                    (A) an assessment of the readiness and capacity of 
                the workforce of the Department to meet its 
                cybersecurity mission;
                    (B) information on where cybersecurity workforce 
                positions are located within the Department;
                    (C) information on which cybersecurity workforce 
                positions are--
                          (i) performed by--
                                    (I) permanent full-time equivalent 
                                employees of the Department, including, 
                                to the greatest extent practicable, 
                                demographic information about such 
                                employees;

[[Page 128 STAT. 2881]]

                                    (II) independent contractors; and
                                    (III) individuals employed by other 
                                Federal agencies, including the National 
                                Security Agency; or
                          (ii) vacant; and
                    (D) information on--
                          (i) the percentage of individuals within each 
                      Cybersecurity Category and Specialty Area who 
                      received essential training to perform their jobs; 
                      and
                          (ii) in cases in which such essential training 
                      was not received, what challenges, if any, were 
                      encountered with respect to the provision of such 
                      essential training.

    (b) Workforce Strategy.--
            (1) In general.--The Secretary shall--
                    (A) not later than 1 year after the date of 
                enactment of this Act, develop a comprehensive workforce 
                strategy to enhance the readiness, capacity, training, 
                recruitment, and retention of the cybersecurity 
                workforce of the Department; and
                    (B) maintain and, as necessary, update the 
                comprehensive workforce strategy developed under 
                subparagraph (A).
            (2) Contents.--The comprehensive workforce strategy 
        developed under paragraph (1) shall include a description of--
                    (A) a multi-phased recruitment plan, including with 
                respect to experienced professionals, members of 
                disadvantaged or underserved communities, the 
                unemployed, and veterans;
                    (B) a 5-year implementation plan;
                    (C) a 10-year projection of the cybersecurity 
                workforce needs of the Department;
                    (D) any obstacle impeding the hiring and development 
                of a cybersecurity workforce in the Department; and
                    (E) any gap in the existing cybersecurity workforce 
                of the Department and a plan to fill any such gap.

    (c) Updates.--The Secretary submit to the appropriate congressional 
committees annual updates on--
            (1) the cybersecurity workforce assessment required under 
        subsection (a); and
            (2) the progress of the Secretary in carrying out the 
        comprehensive workforce strategy required to be developed under 
        subsection (b).
SEC. 4. CYBERSECURITY FELLOWSHIP PROGRAM.

     <<NOTE: Deadline. Reports.>> Not later than 120 days after the date 
of enactment of this Act, the Secretary shall submit to the appropriate 
congressional committees a report on the feasibility, cost, and benefits 
of establishing a Cybersecurity Fellowship Program to offer a tuition 
payment plan for individuals pursuing undergraduate and doctoral

[[Page 128 STAT. 2882]]

degrees who agree to work for the Department for an agreed-upon period 
of time.

    Approved December 18, 2014.

LEGISLATIVE HISTORY--H.R. 2952:
---------------------------------------------------------------------------

HOUSE REPORTS: No. 113-324 (Comm. on Homeland Security).
CONGRESSIONAL RECORD, Vol. 160 (2014):
            July 28, considered and passed House.
            Dec. 10, considered and passed Senate, amended.
            Dec. 11, House concurred in Senate amendments.

                                  <all>