Back to Top

Guidance for Identifying, Addressing and Reporting Cybersecurity Work Roles of Critical Need

Monday, April 2, 2018
Guidance for Identifying, Addressing and Reporting Cybersecurity Work Roles of Critical Need

I am pleased to provide guidance that will help Federal agencies pinpoint their cybersecurity workforce’s most critical skill shortages.  This guidance is based on the requirements contained in the Federal Cybersecurity Workforce Assessment Act of 2015 (Act). 

The Act outlines the approach the Federal Government will take to identify the cybersecurity workforce and assess its critical needs.  This approach aligns the strategic management of the Federal cybersecurity workforce to the national standard set in the National Initiative for Cybersecurity Education (NICE) Workforce Framework (Framework).  The NICE Framework establishes a common lexicon that describes cybersecurity work. 

In accordance with the Act, agencies are required to identify and code Federal positions performing information technology, cybersecurity or other cyber-related functions.  Agencies are expected to complete this work by April 2018.  The position coding is based on the work roles described in the NICE Framework.  The next step is for agencies to determine the work roles of critical need in their workforce.

The attached guidance explains how and when agencies will identify, address and report their work roles of critical need.  For example, by April 2019, agencies will report their greatest skill shortages; analyze the root cause of the shortages; and provide actions plans, targets and measures for mitigating the critical skill shortages.  Based on these agency reports, the
U.S. Office of Personnel Management will identify common needs to address from the Governmentwide perspective.

Please see our MAX website for additional guidance and reporting templates.  If you have questions, you may contact Jodi Guss at 

Attachment (see 508-compliant PDF attached below) 

cc:  Chief Human Capital Officers, Chief Information Officers and Chief Information Security Officers