Editorial Notes
Codification

Section was classified to section 7451 of this title prior to renumbering by Pub. L. 116–283.

Amendments

2021—Subsec. (a)(6) to (10). Pub. L. 116–283, § 9401(a), added pars. (6) to (9) and redesignated former par. (6) as (10).

Subsec. (c). Pub. L. 116–283, § 9401(b), designated existing provisions as par. (1), inserted heading, and added par. (2).

Subsec. (e). Pub. L. 116–283, § 9401(e), added subsec. (e).

Subsec. (f). Pub. L. 116–283, § 9401(f), added subsec. (f).

Statutory Notes and Related Subsidiaries
Cybersecurity Career Pathways

Pub. L. 116–283, div. H, title XCIV, § 9401(c), Jan. 1, 2021, 134 Stat. 4806, provided that:

“(1)
Identification of multiple cybersecurity career pathways.—
In carrying out subsection (a) of such section [meaning 15 U.S.C. 7451(a), now 15 U.S.C. 7443(a)] and not later than 540 days after the date of the enactment of this Act [Jan. 1, 2021], the Director of the National Institute of Standards and Technology shall, in coordination with the Secretary of Defense, the Secretary of Homeland Security, the Director of the Office of Personnel Management, and the heads of other appropriate agencies, use a consultative process with other Federal agencies, academia, and industry to identify multiple career pathways for cybersecurity work roles that can be used in the private and public sectors.
“(2)
Requirements.—
The Director shall ensure that the multiple cybersecurity career pathways identified under paragraph (1) indicate the knowledge, skills, and abilities, including relevant education, training, internships, apprenticeships, certifications, and other experiences, that—
“(A)
align with employers’ cybersecurity skill needs, including proficiency level requirements, for its workforce; and
“(B)
prepare an individual to be successful in entering or advancing in a cybersecurity career.
“(3)
Exchange program.—
Consistent with requirements under chapter 37 of title 5, United States Code, the Director of the National Institute of Standards and Technology, in coordination with the Director of the Office of Personnel Management, may establish a voluntary program for the exchange of employees engaged in one of the cybersecurity work roles identified in the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NIST Special Publication 800–181), or successor framework, between the National Institute of Standards and Technology and private sector institutions, including nonpublic or commercial businesses, research institutions, or institutions of higher education, as the Director of the National Institute of Standards and Technology considers feasible.”

Proficiency to Perform Cybersecurity Tasks

Pub. L. 116–283, div. H, title XCIV, § 9401(d), Jan. 1, 2021, 134 Stat. 4806, provided that: “Not later than 540 days after the date of the enactment of this Act [Jan. 1, 2021], the Director of the National Institute of Standards and Technology shall, in coordination with the Secretary of Defense, the Secretary of Homeland Security, and the heads of other appropriate agencies—

“(1)
in carrying out subsection (a) of such section [meaning 15 U.S.C. 7451(a), now 15 U.S.C. 7443(a)], assess the scope and sufficiency of efforts to measure an individual’s capability to perform specific tasks found in the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NIST Special Publication 800–181) at all proficiency levels; and
“(2)
submit to Congress a report—
“(A)
on the findings of the Director with respect to the assessment carried out under paragraph (1); and
“(B)
with recommendations for effective methods for measuring the cybersecurity proficiency of learners.”