Collapse to view only § 146. Cybersecurity workforce assessment and strategy

§§ 131 to 134. Transferred
§ 141. Procedures for sharing information
The Secretary shall establish procedures on the use of information shared under this subchapter that—
(1) limit the redissemination of such information to ensure that it is not used for an unauthorized purpose;
(2) ensure the security and confidentiality of such information;
(3) protect the constitutional and statutory rights of any individuals who are subjects of such information; and
(4) provide data integrity through the timely removal and destruction of obsolete or erroneous names and information.
(Pub. L. 107–296, title II, § 221, Nov. 25, 2002, 116 Stat. 2155.)
§ 142. Privacy officer
(a) Appointment and responsibilitiesThe Secretary shall appoint a senior official in the Department, who shall report directly to the Secretary, to assume primary responsibility for privacy policy, including—
(1) assuring that the use of technologies sustain, and do not erode, privacy protections relating to the use, collection, and disclosure of personal information;
(2) assuring that personal information contained in Privacy Act systems of records is handled in full compliance with fair information practices as set out in the Privacy Act of 1974 [5 U.S.C. 552a];
(3) evaluating legislative and regulatory proposals involving collection, use, and disclosure of personal information by the Federal Government;
(4) conducting a privacy impact assessment of proposed rules of the Department or that of the Department on the privacy of personal information, including the type of personal information collected and the number of people affected;
(5) coordinating with the Officer for Civil Rights and Civil Liberties to ensure that—
(A) programs, policies, and procedures involving civil rights, civil liberties, and privacy considerations are addressed in an integrated and comprehensive manner; and
(B) Congress receives appropriate reports on such programs, policies, and procedures; and
(6) preparing a report to Congress on an annual basis on activities of the Department that affect privacy, including complaints of privacy violations, implementation of the Privacy Act of 1974 [5 U.S.C. 552a], internal controls, and other matters.
(b) Authority to investigate
(1) In generalThe senior official appointed under subsection (a) may—
(A) have access to all records, reports, audits, reviews, documents, papers, recommendations, and other materials available to the Department that relate to programs and operations with respect to the responsibilities of the senior official under this section;
(B) make such investigations and reports relating to the administration of the programs and operations of the Department as are, in the senior official’s judgment, necessary or desirable;
(C) subject to the approval of the Secretary, require by subpoena the production, by any person other than a Federal agency, of all information, documents, reports, answers, records, accounts, papers, and other data and documentary evidence necessary to performance of the responsibilities of the senior official under this section; and
(D) administer to or take from any person an oath, affirmation, or affidavit, whenever necessary to performance of the responsibilities of the senior official under this section.
(2) Enforcement of subpoenas
(3) Effect of oaths
(c) Supervision and coordination
(1) In generalThe senior official appointed under subsection (a) shall—
(A) report to, and be under the general supervision of, the Secretary; and
(B) coordinate activities with the Inspector General of the Department in order to avoid duplication of effort.
(2) Coordination with the Inspector General
(A) In general
(B) Coordination
(i) Referral
(ii) Determinations and notifications by the Inspector General(I) In generalNot later than 30 days after the receipt of a matter referred under clause (i), the Inspector General shall—(aa) make a determination regarding whether the Inspector General intends to initiate an audit or investigation of the matter referred under clause (i); and(bb) notify the senior official of that determination.(II) Investigation not initiated
(iii) Investigation by senior officialThe senior official may investigate a matter referred under clause (i) if—(I) the Inspector General notifies the senior official under clause (ii)(I)(bb) that the Inspector General does not intend to initiate an audit or investigation relating to that matter; or(II) the Inspector General provides a further notification under clause (ii)(II) relating to that matter.
(iv) Privacy training
(d) Notification to Congress on removalIf the Secretary removes the senior official appointed under subsection (a) or transfers that senior official to another position or location within the Department, the Secretary shall—
(1) promptly submit a written notification of the removal or transfer to Houses of Congress; and
(2) include in any such notification the reasons for the removal or transfer.
(e) Reports by senior official to CongressThe senior official appointed under subsection (a) shall—
(1) submit reports directly to the Congress regarding performance of the responsibilities of the senior official under this section, without any prior comment or amendment by the Secretary, Deputy Secretary, or any other officer or employee of the Department or the Office of Management and Budget; and
(2) inform the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives not later than—
(A) 30 days after the Secretary disapproves the senior official’s request for a subpoena under subsection (b)(1)(C) or the Secretary substantively modifies the requested subpoena; or
(B) 45 days after the senior official’s request for a subpoena under subsection (b)(1)(C), if that subpoena has not either been approved or disapproved by the Secretary.
(Pub. L. 107–296, title II, § 222, Nov. 25, 2002, 116 Stat. 2155; Pub. L. 108–458, title VIII, § 8305, Dec. 17, 2004, 118 Stat. 3868; Pub. L. 110–53, title VIII, § 802, Aug. 3, 2007, 121 Stat. 358.)
§§ 143 to 145. Transferred
§ 146. Cybersecurity workforce assessment and strategy
(a) Workforce assessment
(1) In general
(2) ContentsThe assessment required under paragraph (1) shall include, at a minimum—
(A) an assessment of the readiness and capacity of the workforce of the Department to meet its cybersecurity mission;
(B) information on where cybersecurity workforce positions are located within the Department;
(C) information on which cybersecurity workforce positions are—
(i) performed by—(I) permanent full-time equivalent employees of the Department, including, to the greatest extent practicable, demographic information about such employees;(II) independent contractors; and(III) individuals employed by other Federal agencies, including the National Security Agency; or
(ii) vacant; and
(D) information on—
(i) the percentage of individuals within each Cybersecurity Category and Specialty Area who received essential training to perform their jobs; and
(ii) in cases in which such essential training was not received, what challenges, if any, were encountered with respect to the provision of such essential training.
(b) Workforce strategy
(1) In generalThe Secretary shall—
(A) not later than 1 year after December 18, 2014, develop a comprehensive workforce strategy to enhance the readiness, capacity, training, recruitment, and retention of the cybersecurity workforce of the Department; and
(B) maintain and, as necessary, update the comprehensive workforce strategy developed under subparagraph (A).
(2) ContentsThe comprehensive workforce strategy developed under paragraph (1) shall include a description of—
(A) a multi-phased recruitment plan, including with respect to experienced professionals, members of disadvantaged or underserved communities, the unemployed, and veterans;
(B) a 5-year implementation plan;
(C) a 10-year projection of the cybersecurity workforce needs of the Department;
(D) any obstacle impeding the hiring and development of a cybersecurity workforce in the Department; and
(E) any gap in the existing cybersecurity workforce of the Department and a plan to fill any such gap.
(c) UpdatesThe Secretary submit 1
1 So in original.
to the appropriate congressional committees annual updates on—
(1) the cybersecurity workforce assessment required under subsection (a); and
(2) the progress of the Secretary in carrying out the comprehensive workforce strategy required to be developed under subsection (b).
(Pub. L. 113–246, § 3, Dec. 18, 2014, 128 Stat. 2880.)
§§ 147 to 151. Transferred