View all text of Subchapter II [§ 7441 - § 7443]
§ 7443. National cybersecurity awareness and education program
(a) National cybersecurity awareness and education programThe Director of the National Institute of Standards and Technology (referred to in this section as the “Director”), in consultation with appropriate Federal agencies, industry, educational institutions, National Laboratories, the Networking and Information Technology Research and Development program, and other organizations shall continue to coordinate a national cybersecurity awareness and education program, that includes activities such as—
(1) the widespread dissemination of cybersecurity technical standards and best practices identified by the Director;
(2) efforts to make cybersecurity best practices usable by individuals, small to medium-sized businesses, educational institutions, and State, local, and tribal governments;
(3) increasing public awareness of cybersecurity, cyber safety, and cyber ethics;
(4) increasing the understanding of State, local, and tribal governments, institutions of higher education, and private sector entities of—
(A) the benefits of ensuring effective risk management of information technology versus the costs of failure to do so; and
(B) the methods to mitigate and remediate vulnerabilities;
(5) supporting formal cybersecurity education programs at all education levels to prepare and improve a skilled cybersecurity and computer science workforce for the private sector and Federal, State, local, and tribal government;
(6) supporting efforts to identify cybersecurity workforce skill gaps in public and private sectors;
(7) facilitating Federal programs to advance cybersecurity education, training, and workforce development;
(8) in coordination with the Department of Defense, the Department of Homeland Security, and other appropriate agencies, considering any specific needs of the cybersecurity workforce of critical infrastructure, including cyber physical systems and control systems;
(9) advising the Director of the Office of Management and Budget, as needed, in developing metrics to measure the effectiveness and effect of programs and initiatives to advance the cybersecurity workforce; and
(10) promoting initiatives to evaluate and forecast future cybersecurity workforce needs of the Federal Government and develop strategies for recruitment, training, and retention.
(b) Considerations
(c) Strategic plan
(1) In general
(2) Requirement
(d) Report
(e) Cybersecurity metrics
(f) Regional alliances and multistakeholder partnerships
(1) In general
(2) AgreementsThe cooperative agreements established under paragraph (1) shall advance the goals of the National Initiative for Cybersecurity Education Cybersecurity Workforce Framework (NIST Special Publication 800–181), or successor framework, by facilitating local and regional partnerships to—
(A) identify the workforce needs of the local economy and classify such workforce in accordance with such framework;
(B) identify the education, training, apprenticeship, and other opportunities available in the local economy; and
(C) support opportunities to meet the needs of the local economy.
(3) Financial assistance
(A) Financial assistance authorized
(B) Amount of assistance
(C) Matching requirement
(4) Application
(A) In general
(B) RequirementsEach application submitted under subparagraph (A) shall include the following:
(i)(I) A plan to establish (or identification of, if it already exists) a multistakeholder workforce partnership that includes—(aa) at least one institution of higher education or nonprofit training organization; and(bb) at least one local employer or owner or operator of critical infrastructure.(II) Participation from academic institutions in the Federal Cyber Scholarships for Service Program, the National Centers of Academic Excellence in Cybersecurity Program, or advanced technological education programs, as well as elementary and secondary schools, training and certification providers, State and local governments, economic development organizations, or other community organizations is encouraged.
(ii) A description of how the workforce partnership would identify the workforce needs of the local economy.
(iii) A description of how the multistakeholder workforce partnership would leverage the programs and objectives of the National Initiative for Cybersecurity Education, such as the Cybersecurity Workforce Framework and the strategic plan of such initiative.
(iv) A description of how employers in the community will be recruited to support internships, externships, apprenticeships, or cooperative education programs in conjunction with providers of education and training. Inclusion of programs that seek to include veterans, Indian Tribes, and underrepresented groups, including women, minorities, persons from rural and underserved areas, and persons with disabilities is encouraged.
(v) A definition of the metrics to be used in determining the success of the efforts of the regional alliance or partnership under the agreement.
(C) Priority consideration
(5) Audits
(6) Reports
(A) In general
(B) ContentsEach report submitted under subparagraph (A) by a regional alliance or partnership shall include the following:
(i) An assessment of efforts made by the regional alliance or partnership to carry out paragraph (2).
(ii) The metrics used by the regional alliance or partnership to measure the success of the efforts of the regional alliance or partnership under the cooperative agreement.
(Pub. L. 113–274, title III, § 303, formerly title IV, § 401, Dec. 18, 2014, 128 Stat. 2985; renumbered title III, § 303, and amended Pub. L. 116–283, div. H, title XCIV, § 9401(a), (b), (e)–(g)(1), Jan. 1, 2021, 134 Stat. 4805–4807, 4809.)