6 U.S.C. § 146. — Cybersecurity workforce assessment and strategy

((a)) ** Workforce assessment**

((1)) ** In general** Not later than 180 days after , and annually thereafter for 3 years, the Secretary shall assess the cybersecurity workforce of the Department.December 18, 20142014-12-18

((2)) ** Contents** The assessment required under paragraph (1) shall include, at a minimum—

((A)) an assessment of the readiness and capacity of the workforce of the Department to meet its cybersecurity mission;

((B)) information on where cybersecurity workforce positions are located within the Department;

((C)) information on which cybersecurity workforce positions are—

((i)) performed by—

((I)) permanent full-time equivalent employees of the Department, including, to the greatest extent practicable, demographic information about such employees;

((II)) independent contractors; and

((III)) individuals employed by other Federal agencies, including the National Security Agency; or

((ii)) vacant; and

((D)) information on—

((i)) the percentage of individuals within each Cybersecurity Category and Specialty Area who received essential training to perform their jobs; and

((ii)) in cases in which such essential training was not received, what challenges, if any, were encountered with respect to the provision of such essential training.

((b)) ** Workforce strategy**

((1)) ** In general** The Secretary shall—

((A)) not later than 1 year after , develop a comprehensive workforce strategy to enhance the readiness, capacity, training, recruitment, and retention of the cybersecurity workforce of the Department; and

((B)) maintain and, as necessary, update the comprehensive workforce strategy developed under subparagraph (A).

((2)) ** Contents** The comprehensive workforce strategy developed under paragraph (1) shall include a description of—

((A)) a multi-phased recruitment plan, including with respect to experienced professionals, members of disadvantaged or underserved communities, the unemployed, and veterans;

((B)) a 5-year implementation plan;

((C)) a 10-year projection of the cybersecurity workforce needs of the Department;

((D)) any obstacle impeding the hiring and development of a cybersecurity workforce in the Department; and

((E)) any gap in the existing cybersecurity workforce of the Department and a plan to fill any such gap.

((c)) ** Updates** The Secretary submit  to the appropriate congressional committees annual updates on—

((1)) the cybersecurity workforce assessment required under subsection (a); and

((2)) the progress of the Secretary in carrying out the comprehensive workforce strategy required to be developed under subsection (b).