The Office of Personnel Management asked agencies to put together an earlier-than-anticipated report on the “critical need” for cybersecurity workers in a June 11 memo to human resource officers.
Based on requirements in the Federal Cybersecurity Workforce Assessment Act of 2015, OPM issued guidance on April 2 detailing how agencies should identify and classify the cybersecurity positions that were of “critical need” for the agency, or those that had the greatest staffing shortages and were the most mission-critical.
The April guidance said that agencies would need to submit a full report to OPM by April 30, 2019, but the office is now requiring that agencies submit a preliminary report by August 31, 2018, on the work roles of critical need and their root causes.
“This information is critical as it provides the administration with cybersecurity needs from a governmentwide perspective and may enable future resources to be dedicated accordingly,” Mark D. Reinhold, associate director of employee services at OPM, wrote in the memo.
“As you know, strengthening our cybersecurity workforce remains critical for securing our nation’s financial systems, energy grids, intelligence and defense systems, and safeguarding the personally identifiable information of hundreds of millions of Americans.”
The template for the early agency reports includes a series of cybersecurity work role titles and their codes, asking agencies to check all that are a critical need, as well as report whether there are staffing or competency shortages, whether that shortage is current or emerging, and what the root causes of that shortage are.
The 2019 full reports will require agencies to add their action plans and metrics for targeting the root causes identified in the preliminary report.