Sec. 9401. IMPROVING NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION
2,007 words·~9 min read·
/statute-compilations/comps-16736/sec-9401A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 9401 IMPROVING NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION ###
(a)Program Improvements Generally Subsection
(a)of section 401 of the Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7451) is amended— ####
(1)in paragraph (5), by striking “; and” and inserting a semicolon; ####
(2)by redesignating paragraph
(6)as paragraph (10); and ####
(3)by inserting after paragraph
(5)the following: > > #### “(6) > > supporting efforts to identify cybersecurity workforce skill gaps in public and private sectors; > > > #### “(7) > > facilitating Federal programs to advance cybersecurity education, training, and workforce development; > > > #### “(8) > > in coordination with the Department of Defense, the Department of Homeland Security, and other appropriate agencies, considering any specific needs of the cybersecurity workforce of critical infrastructure, including cyber physical systems and control systems; > > > #### “(9) > > advising the Director of the Office of Management and Budget, as needed, in developing metrics to measure the effectiveness and effect of programs and initiatives to advance the cybersecurity workforce; and” > . ###
(b)Strategic Plan Subsection
(c)of such section is amended— ####
(1)by striking “ The Director ” and inserting the following: > > #### “(1) In general > > The Director” > ; and ####
(2)by adding at the end the following: > > #### “(2) Requirement > > The strategic plan developed and implemented under paragraph
(1)shall include an indication of how the Director will carry out this section.” > . ###
(c)Cybersecurity Career Pathways **[**[15 U.S.C. 7451 note](/us/usc/t15/s7451)**]** ####
(1)Identification of multiple cybersecurity career pathways In carrying out subsection
(a)of such section and not later than 540 days after the date of the enactment of this Act, the Director of the National Institute of Standards and Technology shall, in coordination with the Secretary of Defense, the Secretary of Homeland Security, the Director of the Office of Personnel Management, and the heads of other appropriate agencies, use a consultative process with other Federal agencies, academia, and industry to identify multiple career pathways for cybersecurity work roles that can be used in the private and public sectors. ####
(2)Requirements The Director shall ensure that the multiple cybersecurity career pathways identified under paragraph
(1)indicate the knowledge, skills, and abilities, including relevant education, training, internships, apprenticeships, certifications, and other experiences, that— #####
(A)align with employers’ cybersecurity skill needs, including proficiency level requirements, for its workforce; and #####
(B)prepare an individual to be successful in entering or advancing in a cybersecurity career. ####
(3)Exchange program Consistent with requirements under chapter 37 of title 5, United States Code, the Director of the National Institute of Standards and Technology, in coordination with the Director of the Office of Personnel Management, may establish a voluntary program for the exchange of employees engaged in one of the cybersecurity work roles identified in the National Initiative for Cybersecurity Education
(NICE)Cybersecurity Workforce Framework (NIST Special Publication 800-181), or successor framework, between the National Institute of Standards and Technology and private sector institutions, including nonpublic or commercial businesses, research institutions, or institutions of higher education, as the Director of the National Institute of Standards and Technology considers feasible. ###
(d)Proficiency to Perform Cybersecurity Tasks **[**[15 U.S.C. 7451 note](/us/usc/t15/s7451)**]** Not later than 540 days after the date of the enactment of this Act, the Director of the National Institute of Standards and Technology shall, in coordination with the Secretary of Defense, the Secretary of Homeland Security, and the heads of other appropriate agencies— ####
(1)in carrying out subsection
(a)of such section, assess the scope and sufficiency of efforts to measure an individual’s capability to perform specific tasks found in the National Initiative for Cybersecurity Education
(NICE)Cybersecurity Workforce Framework (NIST Special Publication 800-181) at all proficiency levels; and ####
(2)submit to Congress a report— #####
(A)on the findings of the Director with respect to the assessment carried out under paragraph (1); and #####
(B)with recommendations for effective methods for measuring the cybersecurity proficiency of learners. ###
(e)Cybersecurity Metrics Such section is further amended by adding at the end the following: > > ### “(e) Cybersecurity Metrics > > In carrying out subsection (a), the Director of the Office of Management and Budget may seek input from the Director of the National Institute of Standards and Technology, in coordination with the Department of Homeland Security, the Department of Defense, the Office of Personnel Management, and such agencies as the Director of the National Institute of Standards and Technology considers relevant, to develop quantifiable metrics for evaluating Federally funded cybersecurity workforce programs and initiatives based on the outcomes of such programs and initiatives.” > . ###
(f)Regional Alliances and Multistakeholder Partnerships Such section is further amended by adding at the end the following: > > ### “(f) Regional Alliances and Multistakeholder Partnerships > > > #### “(1) In general > > Pursuant to section 2(b)(4) of the National Institute of Standards and Technology Act (15 U.S.C. 272(b)(4)), the Director shall establish cooperative agreements between the National Initiative for Cybersecurity Education
(NICE)of the Institute and regional alliances or partnerships for cybersecurity education and workforce. > > > #### “(2) Agreements > > The cooperative agreements established under paragraph
(1)shall advance the goals of the National Initiative for Cybersecurity Education Cybersecurity Workforce Framework (NIST Special Publication 800-181), or successor framework, by facilitating local and regional partnerships to— > > > ##### “(A) > > identify the workforce needs of the local economy and classify such workforce in accordance with such framework; > > > ##### “(B) > > identify the education, training, apprenticeship, and other opportunities available in the local economy; and > > > ##### “(C) > > support opportunities to meet the needs of the local economy. > > > #### “(3) Financial assistance > > > ##### “(A) Financial assistance authorized > > The Director may award financial assistance to a regional alliance or partnership with whom the Director enters into a cooperative agreement under paragraph
(1)in order to assist the regional alliance or partnership in carrying out the terms of the cooperative agreement. > > > ##### “(B) Amount of assistance > > The aggregate amount of financial assistance awarded under subparagraph
(A)per cooperative agreement shall not exceed $200,000. > > > ##### “(C) Matching requirement > > The Director may not award financial assistance to a regional alliance or partnership under subparagraph
(A)unless the regional alliance or partnership agrees that, with respect to the costs to be incurred by the regional alliance or partnership in carrying out the cooperative agreement for which the assistance was awarded, the regional alliance or partnership will make available (directly or through donations from public or private entities) non-Federal contributions, including in-kind contributions, in an amount equal to 50 percent of Federal funds provided under the award. > > > #### “(4) Application > > > ##### “(A) In general > > A regional alliance or partnership seeking to enter into a cooperative agreement under paragraph
(1)and receive financial assistance under paragraph
(3)shall submit to the Director an application therefore at such time, in such manner, and containing such information as the Director may require. > > > ##### “(B) Requirements > > Each application submitted under subparagraph
(A)shall include the following: > > > ###### “(i) > > > ######
(I)> > A plan to establish (or identification of, if it already exists) a multistakeholder workforce partnership that includes— > > > ###### “(aa) > > at least one institution of higher education or nonprofit training organization; and > > > ###### “(bb) > > at least one local employer or owner or operator of critical infrastructure. > > > ###### “(II) > > Participation from academic institutions in the Federal Cyber Scholarships for Service Program, the National Centers of Academic Excellence in Cybersecurity Program, or advanced technological education programs, as well as elementary and secondary schools, training and certification providers, State and local governments, economic development organizations, or other community organizations is encouraged. > > > ###### “(ii) > > A description of how the workforce partnership would identify the workforce needs of the local economy. > > > ###### “(iii) > > A description of how the multistakeholder workforce partnership would leverage the programs and objectives of the National Initiative for Cybersecurity Education, such as the Cybersecurity Workforce Framework and the strategic plan of such initiative. > > > ###### “(iv) > > A description of how employers in the community will be recruited to support internships, externships, apprenticeships, or cooperative education programs in conjunction with providers of education and training. Inclusion of programs that seek to include veterans, Indian Tribes, and underrepresented groups, including women, minorities, persons from rural and underserved areas, and persons with disabilities is encouraged. > > > ###### “(v) > > A definition of the metrics to be used in determining the success of the efforts of the regional alliance or partnership under the agreement. > > > ##### “(C) Priority consideration > > In awarding financial assistance under paragraph (3)(A), the Director shall give priority consideration to a regional alliance or partnership that includes an institution of higher education that is designated as a National Center of Academic Excellence in Cybersecurity or which received an award under the Federal Cyber Scholarship for Service program located in the State or region of the regional alliance or partnership. > > > #### “(5) Audits > > Each cooperative agreement for which financial assistance is awarded under paragraph
(3)shall be subject to audit requirements under part 200 of title 2, Code of Federal Regulations (relating to uniform administrative requirements, cost principles, and audit requirements for Federal awards), or successor regulation. > > > #### “(6) Reports > > > ##### “(A) In general > > Upon completion of a cooperative agreement under paragraph (1), the regional alliance or partnership that participated in the agreement shall submit to the Director a report on the activities of the regional alliance or partnership under the agreement, which may include training and education outcomes. > > > ##### “(B) Contents > > Each report submitted under subparagraph
(A)by a regional alliance or partnership shall include the following: > > > ###### “(i) > > An assessment of efforts made by the regional alliance or partnership to carry out paragraph (2). > > > ###### “(ii) > > The metrics used by the regional alliance or partnership to measure the success of the efforts of the regional alliance or partnership under the cooperative agreement.” > . ###
(g)Transfer of Section ####
(1)Transfer **[**[15 U.S.C. 7451](/us/usc/t15/s7451)**]** Such section is transferred to the end of title III of such Act and redesignated as section 303. ####
(2)Repeal Title IV of such Act is repealed. ####
(3)Clerical The table of contents in section 1(b) of such Act is amended— #####
(A)by striking the items relating to title IV and section 401; and #####
(B)by inserting after the item relating to section 302 the following:" “Sec. 303. National cybersecurity awareness and education program.” ". ####
(4)Conforming amendments #####
(A)Section 302(3) of the Federal Cybersecurity Workforce Assessment Act of 2015 (Public Law 114-113; 5 U.S.C. 301 note) is amended by striking “under section 401 of the Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7451)” and inserting “under section 303 of the Cybersecurity Enhancement Act of 2014 (Public Law 113-274)”. #####
(B)Section 2(c)(3) of the NIST Small Business Cybersecurity Act (Public Law 115-236; 15 U.S.C. 272 note) is amended by striking “under section 401 of the Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7451)” and inserting “under section 303 of the Cybersecurity Enhancement Act of 2014 (Public Law 113-274)”. #####
(C)Section 302(f) of the Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7442(f)) is amended by striking “under section 401” and inserting “under section 303”.
Connectionstraces to 7
Traces to 7 documents
U.S. Code
Citation graph
cites case law
Sec. 9401
IMPROVING NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION
Cites 7Cited by 0 across 0 sources