The Federal Cybersecurity Workforce Assessment Act of 2015 (Act) calls upon the Federal Government to conduct workforce planning for its cyber workforce.
Specifically, the Act requires agencies to:
- Identify and code positions with information technology, cybersecurity, and other cyber-related functions using the National Initiative for Cybersecurity Education (NICE) Framework; and
- Identify cybersecurity work roles of critical need and report on them annually through 2022.
Resources
Several resources are available to help agencies understand and implement the requirements of the Act:
- Federal Cybersecurity Workforce Assessment Act of December 2015, pages 735-737
- OPM guidance memo dated January 4, 2017, for assigning cybersecurity codes to positions
- OPM memo dated April 2, 2018, for identifying, addressing, and reporting cybersecurity work roles of critical need
- The April 2, 2018, OPM memo contains a guidance document to help Federal agencies pinpoint and report their cybersecurity workforce’s most critical skill shortages
- OPM memo dated December 6, 2017, contains attachments outlining the Act’s requirements and timelines
- New Cybersecurity Data Standard in OPM’s Guide to Data Standards
- NICE Framework and associated cybersecurity codes
- The Federal Cybersecurity Coding Structure explains how the OPM cybersecurity codes align to the NICE Framework
- National Initiative for Cybersecurity Careers and Studies (NICCS) description and visual depiction of NICE Framework including categories, specialty areas and work roles
- CyberCareers.gov site to assist agencies on how to address cybersecurity workforce needs such as recruitment, compensation, and training