(a) Workforce assessment
(1) In general
Not later than 180 days after December 18, 2014, and annually thereafter for 3 years, the Secretary shall assess the cybersecurity workforce of the Department.
(2) ContentsThe assessment required under paragraph (1) shall include, at a minimum—
(A)
an assessment of the readiness and capacity of the workforce of the Department to meet its cybersecurity mission;
(C) information on which cybersecurity workforce positions are—
(i) performed by—
(I)
permanent full-time equivalent employees of the Department, including, to the greatest extent practicable, demographic information about such employees;
(b) Workforce strategy
(1) In generalThe Secretary shall—
(A)
not later than 1 year after December 18, 2014, develop a comprehensive workforce strategy to enhance the readiness, capacity, training, recruitment, and retention of the cybersecurity workforce of the Department; and
(2) ContentsThe comprehensive workforce strategy developed under paragraph (1) shall include a description of—
(A)
a multi-phased recruitment plan, including with respect to experienced professionals, members of disadvantaged or underserved communities, the unemployed, and veterans;
(D)
any obstacle impeding the hiring and development of a cybersecurity workforce in the Department; and
(E)
any gap in the existing cybersecurity workforce of the Department and a plan to fill any such gap.
(c) UpdatesThe Secretary submit [1] to the appropriate congressional committees annual updates on—
(2)
the progress of the Secretary in carrying out the comprehensive workforce strategy required to be developed under subsection (b).