[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 2007 Introduced in Senate (IS)]
114th CONGRESS
1st Session
S. 2007
To create a consistent framework to expedite the recruitment of highly
qualified personnel who perform information technology, cybersecurity,
and cyber-related functions to enhance cybersecurity across the Federal
Government.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
August 6, 2015
Mr. Bennet (for himself and Mr. Portman) introduced the following bill;
which was read twice and referred to the Committee on Homeland Security
and Governmental Affairs
_______________________________________________________________________
A BILL
To create a consistent framework to expedite the recruitment of highly
qualified personnel who perform information technology, cybersecurity,
and cyber-related functions to enhance cybersecurity across the Federal
Government.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Federal Cybersecurity Workforce
Assessment Act''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Appropriate congressional committees.--The term
``appropriate congressional committees'' means--
(A) the Committee on Armed Services of the Senate;
(B) the Committee on Homeland Security and
Governmental Affairs of the Senate;
(C) the Committee on Armed Services in the House of
Representatives;
(D) the Committee on Homeland Security of the House
of Representatives; and
(E) the Committee on Oversight and Government
Reform of House of Representatives.
(2) Director.--The term ``Director'' means the Director of
the Office of Personnel Management.
(3) Roles.--The term ``roles'' has the meaning given the
term in the National Initiative for Cybersecurity Education's
Cybersecurity Workforce Framework.
SEC. 3. NATIONAL CYBERSECURITY WORKFORCE MEASUREMENT INITIATIVE.
(a) In General.--The head of each Federal agency shall--
(1) identify all positions within the agency that require
the performance of information technology, cybersecurity, or
other cyber-related functions; and
(2) assign the corresponding employment code, which shall
be added to the National Initiative for Cybersecurity
Education's National Cybersecurity Workforce Framework, in
accordance with subsection (b).
(b) Employment Codes.--
(1) Procedures.--
(A) Coding structure.--Not later than 180 days
after the date of the enactment of this Act, the
Secretary of Commerce, acting through the National
Institute of Standards and Technology, shall update the
National Initiative for Cybersecurity Education's
Cybersecurity Workforce Framework to include a
corresponding coding structure.
(B) Identification of civilian cyber personnel.--
Not later than 9 months after the date of enactment of
this Act, the Director, in coordination with the
Director of National Intelligence, shall establish
procedures to implement the National Initiative for
Cybersecurity Education's coding structure to identify
all Federal civilian positions that require the
performance of information technology, cybersecurity,
or other cyber-related functions.
(C) Identification of non-civilian cyber
personnel.--Not later than 18 months after the date of
enactment of this Act, the Secretary of Defense shall
establish procedures to implement the National
Initiative for Cybersecurity Education's coding
structure to identify all Federal non-civilian
positions that require the performance of information
technology, cybersecurity or other cyber-related
functions.
(D) Baseline assessment of existing cybersecurity
workforce.--Not later than 3 months after the date on
which the procedures are developed under subparagraphs
(B) and (C), respectively, the head of each Federal
agency shall submit to the appropriate congressional
committees of jurisdiction a report that identifies--
(i) the percentage of personnel with
information technology, cybersecurity, or other
cyber-related job functions who currently hold
the appropriate industry-recognized
certifications as identified in the National
Initiative for Cybersecurity Education's
Cybersecurity Workforce Framework;
(ii) the level of preparedness of other
civilian and non-civilian cyber personnel
without existing credentials to pass
certification exams; and
(iii) a strategy for mitigating any gaps
identified in clause (i) or (ii) with the
appropriate training and certification for
existing personnel.
(E) Procedures for assigning codes.--Not later than
3 months after the date on which the procedures are
developed under subparagraphs (B) and (C),
respectively, the head of each Federal agency shall
establish procedures--
(i) to identify all encumbered and vacant
positions with information technology,
cybersecurity, or other cyber-related functions
(as defined in the National Initiative for
Cybersecurity Education's coding structure);
and
(ii) to assign the appropriate employment
code to each such position, using agreed
standards and definitions.
(2) Code assignments.--Not later than 1 year after the date
after the procedures are established under paragraph (1)(E),
the head of each Federal agency shall complete assignment of
the appropriate employment code to each position within the
agency with information technology, cybersecurity, or other
cyber-related functions.
(c) Progress Report.--Not later than 180 days after the date of
enactment of this Act, the Director shall submit a progress report on
the implementation of this section to the appropriate congressional
committees.
SEC. 4. IDENTIFICATION OF CYBER-RELATED ROLES OF CRITICAL NEED.
(a) In General.--Beginning not later than 1 year after the date on
which the employment codes are assigned to employees pursuant to
section 3(b)(2), and annually through 2022, the head of each Federal
agency, in consultation with the Director and the Secretary of Homeland
Security, shall--
(1) identify information technology, cybersecurity, or
other cyber-related roles of critical need in the agency's
workforce; and
(2) submit a report to the Director that--
(A) describes the information technology,
cybersecurity, or other cyber-related roles identified
under paragraph (1); and
(B) substantiates the critical need designations.
(b) Guidance.--The Director shall provide Federal agencies with
timely guidance for identifying information technology, cybersecurity,
or other cyber-related roles of critical need, including--
(1) current information technology, cybersecurity, and
other cyber-related roles with acute skill shortages; and
(2) information technology, cybersecurity, or other cyber-
related roles with emerging skill shortages.
(c) Cybersecurity Needs Report.--Not later than 2 years after the
date of the enactment of this Act, the Director, in consultation with
the Secretary of Homeland Security, shall--
(1) identify critical needs for information technology,
cybersecurity, or other cyber-related workforce across all
Federal agencies; and
(2) submit a progress report on the implementation of this
section to the appropriate congressional committees.
SEC. 5. GOVERNMENT ACCOUNTABILITY OFFICE STATUS REPORTS.
The Comptroller General of the United States shall--
(1) analyze and monitor the implementation of sections 3
and 4; and
(2) not later than 3 years after the date of the enactment
of this Act, submit a report to the appropriate congressional
committees that describes the status of such implementation.
<all>