Back to Top

Issuance of Final Interpretive Guidance for Cybersecurity Positions

Monday, October 15, 2018
Issuance of Final Interpretive Guidance for Cybersecurity Positions

The U.S. Office of Personnel Management (OPM) issues this guidance in support of the President’s Management Agenda (PMA): Modernizing Government for the 21st Century, which was released March 20, 2018. The PMA emphasizes reducing cybersecurity risks to the Federal mission by leveraging current commercial capabilities and implementing cutting edge cybersecurity capabilities and building a modern IT workforce by recruiting, reskilling, and retaining professionals to help drive modernization with up-to-date technology. This guidance also supports Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, dated May 11, 2017, which highlights workforce development to ensure that the United States maintains a long-term cybersecurity advantage.


Over the years, OPM has proactively collaborated with agency partners and other stakeholders to gain a better understanding of the cybersecurity workforce Governmentwide. A critical part of identifying the cybersecurity workforce was defining cybersecurity for consistency throughout the Federal Government. The National Initiative for Cybersecurity Education National Cybersecurity Workforce Framework defines cybersecurity work as:

Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.

Based on the critical need to develop effective human resources practices for the Federal Cybersecurity Workforce, OPM is issuing Interpretive Guidance for Cybersecurity Positions to help agencies hire and retain a highly-skilled cybersecurity workforce. Cybersecurity is an evolving area and positions may be classified in a number of different occupational series based on the nature of the work. This Interpretive Guidance upon issuance authorizes the use of an official/basic position title, IT Cybersecurity,in the Job Family Standard (JFS) for Administrative Work in the Information Technology Group, GS-2200. Secondly, the Interpretive Guidance authorizes the use of Cybersecurity as a parenthetical title for other occupations that perform cybersecurity work the majority of the time, and not as a collateral duty.  Positions classified to the JFS for Administrative Work in the Information Technology Group, GS-2200, must require information technology knowledge and competencies. Furthermore, work classified to the 2200 JFS and other occupations performing cybersecurity work must include cybersecurity functions as supported by the job codes in the Guide to Data Standardsand the National Cybersecurity Workforce Framework.  Finally, this guidance provides information on position classification, job evaluation, and qualifications for cybersecurity positions. In summary, this guidance will assist agencies as they:

  • Identify cybersecurity positions;
  • Clarify cybersecurity roles and duties;
  • Address position management issues;
  • Recruit, hire, and develop a qualified cybersecurity workforce to meet their agency needs;
  • Implement training, performance, and retention programs; and
  • Conduct cybersecurity workforce assessments. 

OPM requires agencies to apply new or updated standards to covered positions within 12 months of the date of issuance. Agencies are encouraged to utilize the new titling guidance as soon as possible in an effort to identify, recruit, select, and develop a cadre of high-performing employees performing cybersecurity work.  If you have any questions regarding the issuance of the Interpretive Guidance or would like additional information, please email 


Attachment (see 508-conformant PDFs below)