OPM has issued guidance to agencies on classifying cybersecurity-related positions that it says “is important foundational work to better managing these critical positions.”

The guidance notes that since 2013 agencies have assigned government-wide cybersecurity data standard codes to their positions with cybersecurity functions. “. This standardization is an important part of educating, recruiting, training, developing, and retaining a highly-qualified workforce,” it said.

Under the Federal Cybersecurity Workforce Assessment Act of 2015, OPM must bring the federal government’s practices in line with a standard in the industry that has been updated to include work roles and associated codes, and that has been broadened to include not only cybersecurity but also IT and other cyber-related functions, it said.

Following that standard, it said, will “make our work requirements and skill needs match the skills being developed through academic curricula and industry work experiences”; allow agencies to consistently describe the tasks, functions and work roles of federal cybersecurity positions for use in vacancy announcements, applicant assessments and employee development; help agencies identify critical needs and compare current workforce skills and work roles to those needed in the future; and better take advantage of existing cybersecurity training courses.

HR and classification staff are to develop and implement the overall process for identifying positions and assigning codes, while “managers will play a key role in knowing what positions are performing functions that will be coded.” The guidance includes instructions for assigning codes, requirements for reviewing current positions, and other responsibilities.