OPM has sent guidance on compliance with the Federal Cybersecurity Workforce Assessment Act, which a provision in a late-2015 budget law.
The act furthers the work that OPM and agencies already “have begun to identify the federal cybersecurity workforce” and “positions us to improve our workforce planning capabilities for this critical workforce and promotes collaboration in implementation among agencies, OPM, and the National Initiative for Cybersecurity Education,” a memo to agencies says.
While OPM is charged with leading the government-wide implementation of some of the requirements, it says, others fall to agencies.
By December, they must provide to Congress a baseline assessment of their existing workforce, identifying: the percentage of staff with Information technology, cybersecurity, or cyber-related functions who currently hold appropriate industry-recognized certifications; the level of preparedness of staff without credentials to take certification exams; and a strategy for mitigating any gaps identified with appropriate training and certification for existing staff.
Meanwhile, OPM will work with NICE to revise cybersecurity data standard coding structure in the Enterprise Human Resources Integration system; on a phased-in basis agencies will begin applying the revised cyber EHRI codes to positions with information technology, cybersecurity, and cyber-related functions.
By December 2017, agencies are to complete the revised coding of information technology, cybersecurity, and cyber-related positions, filled or vacant, and starting a year later they are to annually identify and report to OPM on roles of critical need in their workforces.
OPM added that it is working with government-wide councils and NICE networks to “garner their insights about how agencies could leverage best practices for implementing requirements” and that it will share them with agencies on MAX.gov.