The Office of Personnel Management released new guidance as part of an effort to fill the most crucial cybersecurity positions within the federal government. The classification tool establishes information technology work roles of “critical need” as those with the greatest staffing shortages and that are the most mission-critical, helping agencies identify and fill those skills gaps.

The guidance, released April 2, 2018, follows a series of actions required by the Federal Cybersecurity Workforce Assessment Act of 2015 to recode cybersecurity positions in the federal government and establish agency plans for filling workforce shortages.

In January 2017, OPM issued guidance instructing agencies to use the National Initiative for Cybersecurity Education coding structure for all cybersecurity-related positions. The NICE framework differs from previous federal workforce coding structures by enabling agencies to assign multiple codes to a single work role, to better represent the diverse work done by many cyber employees.

Agencies were required to implement the NICE framework by April 2018, and will now turn to determining which roles represent a critical need for the agency and developing plans to respond to that need.

According to the new OPM guidance, agencies will have to complete three steps to identify and report on their roles of critical need:

  • Identify critically needed roles using the NICE coding and OPM definitions. Agencies will have to compile a report including a list of those roles and submit it to OPM by April 2019.
  • Determine the root causes of cyber workforce shortages. Such causes may include a broken talent pipeline, problems with retention, budget constraints and training failures.
  • Develop an action plan to combat those root causes. The action plan must include metrics and targets for success in addressing the root causes of workforce shortage.

Agencies will be required to resubmit these reports annually through 2022 and update the work roles of critical need based on periodic re-evaluations. These reports will have to include revisions to an agency’s shortage root causes or action plan for addressing them, as well as progress reports on cyber workforce initiatives.

Agency data on their critically needed cyber positions will also help OPM create a governmentwide outlook on the federal cyber workforce.

OPM will release further direction on report submissions on its Federal Cybersecurity Workforce Assessment Act MAX website, according to the April 2018 guidance.