The assessment required under paragraph (1) shall include, at a minimum—
(1) In general Not later than 180 days after December 18, 2014, and annually thereafter for 3 years, the Secretary shall assess the cybersecurity workforce of the Department.
The assessment required under paragraph (1) shall include, at a minimum—
(A) an assessment of the readiness and capacity of the workforce of the Department to meet its cybersecurity mission;
(B) information on where cybersecurity workforce positions are located within the Department;
(C) information on which cybersecurity workforce positions are— (i) performed by— (I) permanent full-time equivalent employees of the Department, including, to the greatest extent practicable, demographic information about such employees; (II) independent contractors; and (III) individuals employed by other Federal agencies, including the National Security Agency; or (ii) vacant; and
(D) information on— (i) the percentage of individuals within each Cybersecurity Category and Specialty Area who received essential training to perform their jobs; and (ii) in cases in which such essential training was not received, what challenges, if any, were encountered with respect to the provision of such essential training.
The Secretary shall—
The Secretary shall—
(A) not later than 1 year after December 18, 2014, develop a comprehensive workforce strategy to enhance the readiness, capacity, training, recruitment, and retention of the cybersecurity workforce of the Department; and
(B) maintain and, as necessary, update the comprehensive workforce strategy developed under subparagraph (A).
The comprehensive workforce strategy developed under paragraph (1) shall include a description of—
(A) a multi-phased recruitment plan, including with respect to experienced professionals, members of disadvantaged or underserved communities, the unemployed, and veterans;
(B) a 5-year implementation plan;
(C) a 10-year projection of the cybersecurity workforce needs of the Department;
(D) any obstacle impeding the hiring and development of a cybersecurity workforce in the Department; and
(E) any gap in the existing cybersecurity workforce of the Department and a plan to fill any such gap.
The Secretary submit [1] to the appropriate congressional committees annual updates on—
(1) the cybersecurity workforce assessment required under subsection (a); and
(2) the progress of the Secretary in carrying out the comprehensive workforce strategy required to be developed under subsection (b).
(Pub. L. 113–246, § 3, Dec. 18, 2014, 128 Stat. 2880.)