Collapse to view only § 7443. National cybersecurity awareness and education program
- § 7441. Cybersecurity competitions and challenges
- § 7442. Federal Cyber Scholarship-for-Service Program
- § 7443. National cybersecurity awareness and education program
§ 7441. Cybersecurity competitions and challenges
(a) In generalThe Secretary of Commerce, Director of the National Science Foundation, and Secretary of Homeland Security, in consultation with the Director of the Office of Personnel Management, shall—
(1) support competitions and challenges under section 3719 of this title (as amended by section 105 of the America COMPETES Reauthorization Act of 2010 (124 Stat. 3989)) or any other provision of law, as appropriate—
(A) to identify, develop, and recruit talented individuals to perform duties relating to the security of information technology in Federal, State, local, and tribal government agencies, and the private sector; or
(B) to stimulate innovation in basic and applied cybersecurity research, technology development, and prototype demonstration that has the potential for application to the information technology activities of the Federal Government; and
(2) ensure the effective operation of the competitions and challenges under this section.
(b) ParticipationParticipants in the competitions and challenges under subsection (a)(1) may include—
(1) students enrolled in grades 9 through 12;
(2) students enrolled in a postsecondary program of study leading to a baccalaureate degree at an institution of higher education;
(3) students enrolled in a postbaccalaureate program of study at an institution of higher education;
(4) institutions of higher education and research institutions;
(5) veterans; and
(6) other groups or individuals that the Secretary of Commerce, Director of the National Science Foundation, and Secretary of Homeland Security determine appropriate.
(c) Affiliation and cooperative agreementsCompetitions and challenges under this section may be carried out through affiliation and cooperative agreements with—
(1) Federal agencies;
(2) regional, State, or school programs supporting the development of cyber professionals;
(3) State, local, and tribal governments; or
(4) other private sector organizations.
(d) Areas of skillCompetitions and challenges under subsection (a)(1)(A) shall be designed to identify, develop, and recruit exceptional talent relating to—
(1) ethical hacking;
(2) penetration testing;
(3) vulnerability assessment;
(4) continuity of system operations;
(5) security in design;
(6) cyber forensics;
(7) offensive and defensive cyber operations; and
(8) other areas the Secretary of Commerce, Director of the National Science Foundation, and Secretary of Homeland Security consider necessary to fulfill the cybersecurity mission.
(e) TopicsIn selecting topics for competitions and challenges under subsection (a)(1), the Secretary of Commerce, Director of the National Science Foundation, and Secretary of Homeland Security—
(1) shall consult widely both within and outside the Federal Government; and
(2) may empanel advisory committees.
(f) Internships
(Pub. L. 113–274, title III, § 301, Dec. 18, 2014, 128 Stat. 2981.)
§ 7442. Federal Cyber Scholarship-for-Service Program
(a) In general
(b) Program description and componentsThe Federal Cyber Scholarship-for-Service Program shall—
(1) provide scholarships through qualified institutions of higher education, including community colleges, to students who are enrolled in programs of study at institutions of higher education leading to degrees or specialized program certifications in the cybersecurity field and cybersecurity-related aspects of other related fields as appropriate, including artificial intelligence, quantum computing and aerospace;
(2) provide the scholarship recipients with summer internship opportunities or other meaningful temporary appointments in the Federal information technology and cybersecurity workforce;
(3) prioritize the placement of scholarship recipients fulfilling the post-award employment obligation under this section to ensure that—
(A) not less than 70 percent of such recipients are placed in an executive agency (as defined in section 105 of title 5);
(B) not more than 10 percent of such recipients are placed as educators in the field of cybersecurity at qualified institutions of higher education that provide scholarships under this section; and
(C) not more than 20 percent of such recipients are placed in positions described in paragraphs (2) through (5) of subsection (d); and
(4) provide awards to improve cybersecurity education, including by seeking to provide awards in coordination with other relevant agencies for summer cybersecurity camp or other experiences, including teacher training, in each of the 50 States, at the kindergarten through grade 12 level—
(A) to increase interest in cybersecurity careers;
(B) to help students practice correct and safe online behavior and understand the foundational principles of cybersecurity;
(C) to improve teaching methods for delivering cybersecurity span for kindergarten through grade 12 computer science curricula; and
(D) to promote teacher recruitment in the field of cybersecurity.
(c) Scholarship amounts
(d) Post-award employment obligationsEach scholarship recipient, as a condition of receiving a scholarship under the program, shall enter into an agreement under which the recipient agrees to work for a period equal to the length of the scholarship, following receipt of the student’s degree, in the cybersecurity mission of—
(1) an executive agency (as defined in section 105 of title 5);
(2) Congress, including any agency, entity, office, or commission established in the legislative branch;
(3) an interstate agency;
(4) a State, local, or Tribal government;
(5) a State, local, or Tribal government-affiliated non-profit that is considered to be critical infrastructure (as defined in section 5195c(e) of title 42); or
(6) as provided by subsection (b)(3)(B), a qualified institution of higher education.
(e) Hiring authority
(1) Appointment in excepted service
(2) Noncompetitive conversion
(3) Timing of conversion
(4) Authority to decline conversion
(f) EligibilityTo be eligible to receive a scholarship under this section, an individual shall—
(1) be a citizen or lawful permanent resident of the United States;
(2) demonstrate a commitment to a career in improving the security of information technology;
(3) have demonstrated a high level of competency in relevant knowledge, skills, and abilities, as defined by the national cybersecurity awareness and education program under section 7443 of this title;
(4) be a full-time student in an eligible degree program at a qualified institution of higher education, as determined by the Director of the National Science Foundation, except that in the case of a student who is enrolled in a community college, be a student pursuing a degree on a less than full-time basis, but not less than half-time basis;
(5) enter into an agreement accepting and acknowledging the post award employment obligations, pursuant to section 1
1 So in original. Probably should be “subsection”.
(d);(6) accept and acknowledge the conditions of support under section 1 (g); and
(7) accept all terms and conditions of a scholarship under this section.
(g) Conditions of support
(1) In general
(2) TermsA scholarship recipient under this section shall be liable to the United States as provided in subsection (i) if the individual—
(A) fails to maintain an acceptable level of academic standing at the applicable institution of higher education, as determined by the Director of the National Science Foundation;
(B) is dismissed from the applicable institution of higher education for disciplinary reasons;
(C) withdraws from the eligible degree program before completing the program;
(D) declares that the individual does not intend to fulfill the post-award employment obligation under this section;
(E) fails to maintain or fulfill any of the post-graduation or post-award obligations or requirements of the individual; or
(F) fails to fulfill the requirements of paragraph (1).
(h) Monitoring complianceAs a condition of participating in the program, a qualified institution of higher education shall—
(1) enter into an agreement with the Director of the National Science Foundation, to monitor the compliance of scholarship recipients with respect to their post-award employment obligations; and
(2) provide to the Director of the National Science Foundation and the Director of the Office of Personnel Management, on an annual basis, the post-award employment documentation required under subsection (g)(1) for scholarship recipients through the completion of their post-award employment obligations.
(i) Amount of repayment
(1) Less than 1 year of serviceIf a circumstance described in subsection (g)(2) occurs before the completion of 1 year of a post-award employment obligation under this section, the total amount of scholarship awards received by the individual under this section shall—
(A) be repaid; or
(B) be treated as a loan to be repaid in accordance with subsection (j).
(2) 1 or more years of serviceIf a circumstance described in subparagraph (D) or (E) of subsection (g)(2) occurs after the completion of 1 or more years of a post-award employment obligation under this section, the total amount of scholarship awards received by the individual under this section, reduced by the ratio of the number of years of service completed divided by the number of years of service required, shall—
(A) be repaid; or
(B) be treated as a loan to be repaid in accordance with subsection (j).
(j) RepaymentsA loan described subsection (i) shall—
(1) be treated as a Federal Direct Unsubsidized Stafford Loan under part D of title IV of the Higher Education Act of 1965 (20 U.S.C. 1087a et seq.); and
(2) be subject to repayment, together with interest thereon accruing from the date of the scholarship award, in accordance with terms and conditions specified by the Director of the National Science Foundation (in consultation with the Secretary of Education) in regulations promulgated to carry out this subsection.
(k) Collection of repayment
(1) In generalIn the event that a scholarship recipient is required to repay the scholarship award under this section, the qualified institution of higher education providing the scholarship shall—
(A) determine the repayment amounts and notify the recipient, the Director of the National Science Foundation, and the Director of the Office of Personnel Management of the amounts owed; and
(B) collect the repayment amounts within a period of time as determined by the Director of the National Science Foundation, or the repayment amounts shall be treated as a loan in accordance with subsection (j).
(2) Returned to Treasury
(3) Retain percentage
(l) Exceptions
(m) Public information
(1) EvaluationThe Director of the National Science Foundation, in coordination with the Director of the Office of Personnel Management, shall periodically evaluate and make public, in a manner that protects the personally identifiable information of scholarship recipients, information on the success of recruiting individuals for scholarships under this section and on hiring and retaining those individuals in the public sector cybersecurity workforce, including information on—
(A) placement rates;
(B) where students are placed, including job titles and descriptions;
(C) salary ranges for students not released from obligations under this section;
(D) how long after graduation students are placed;
(E) how long students stay in the positions they enter upon graduation;
(F) how many students are released from obligations; and
(G) what, if any, remedial training is required.
(2) ReportsThe Director of the National Science Foundation, in coordination with the Office of Personnel Management, shall submit, not less frequently than once every two years, to the Committee on Commerce, Science, and Transportation and the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Science, Space, and Technology and the Committee on Oversight and Reform of the House of Representatives a report, including—
(A) the results of the evaluation under paragraph (1);
(B) the disparity in any reporting between scholarship recipients and their respective institutions of higher education; and
(C) any recent statistics regarding the size, composition, and educational requirements of the Federal cyber 2
2 So in original. Probably should be “cybersecurity”. See 2021 Amendment notes below.
workforce..33 So in original.
(3) ResourcesThe Director of the National Science Foundation, in coordination with the Director of the Office of Personnel Management, shall provide consolidated and user-friendly online resources for prospective scholarship recipients, including, to the extent practicable—
(A) searchable, up-to-date, and accurate information about participating institutions of higher education and job opportunities related to the field of cybersecurity; and
(B) a modernized description of cybersecurity careers.
(Pub. L. 113–274, title III, § 302, Dec. 18, 2014, 128 Stat. 2982; Pub. L. 115–91, div. A, title XVI, § 1649B(a), Dec. 12, 2017, 131 Stat. 1754; Pub. L. 116–283, div. H, title XCIV, §§ 9401(g)(4)(C), 9403, 9404, Jan. 1, 2021, 134 Stat. 4810, 4811; Pub. L. 117–167, div. B, title III, § 10316(b), Aug. 9, 2022, 136 Stat. 1531.)
§ 7443. National cybersecurity awareness and education program
(a) National cybersecurity awareness and education programThe Director of the National Institute of Standards and Technology (referred to in this section as the “Director”), in consultation with appropriate Federal agencies, industry, educational institutions, National Laboratories, the Networking and Information Technology Research and Development program, and other organizations shall continue to coordinate a national cybersecurity awareness and education program, that includes activities such as—
(1) the widespread dissemination of cybersecurity technical standards and best practices identified by the Director;
(2) efforts to make cybersecurity best practices usable by individuals, small to medium-sized businesses, educational institutions, and State, local, and tribal governments;
(3) increasing public awareness of cybersecurity, cyber safety, and cyber ethics;
(4) increasing the understanding of State, local, and tribal governments, institutions of higher education, and private sector entities of—
(A) the benefits of ensuring effective risk management of information technology versus the costs of failure to do so; and
(B) the methods to mitigate and remediate vulnerabilities;
(5) supporting formal cybersecurity education programs at all education levels to prepare and improve a skilled cybersecurity and computer science workforce for the private sector and Federal, State, local, and tribal government;
(6) supporting efforts to identify cybersecurity workforce skill gaps in public and private sectors;
(7) facilitating Federal programs to advance cybersecurity education, training, and workforce development;
(8) in coordination with the Department of Defense, the Department of Homeland Security, and other appropriate agencies, considering any specific needs of the cybersecurity workforce of critical infrastructure, including cyber physical systems and control systems;
(9) advising the Director of the Office of Management and Budget, as needed, in developing metrics to measure the effectiveness and effect of programs and initiatives to advance the cybersecurity workforce; and
(10) promoting initiatives to evaluate and forecast future cybersecurity workforce needs of the Federal Government and develop strategies for recruitment, training, and retention.
(b) Considerations
(c) Strategic plan
(1) In general
(2) Requirement
(d) Report
(e) Cybersecurity metrics
(f) Regional alliances and multistakeholder partnerships
(1) In general
(2) AgreementsThe cooperative agreements established under paragraph (1) shall advance the goals of the National Initiative for Cybersecurity Education Cybersecurity Workforce Framework (NIST Special Publication 800–181), or successor framework, by facilitating local and regional partnerships to—
(A) identify the workforce needs of the local economy and classify such workforce in accordance with such framework;
(B) identify the education, training, apprenticeship, and other opportunities available in the local economy; and
(C) support opportunities to meet the needs of the local economy.
(3) Financial assistance
(A) Financial assistance authorized
(B) Amount of assistance
(C) Matching requirement
(4) Application
(A) In general
(B) RequirementsEach application submitted under subparagraph (A) shall include the following:
(i)(I) A plan to establish (or identification of, if it already exists) a multistakeholder workforce partnership that includes—(aa) at least one institution of higher education or nonprofit training organization; and(bb) at least one local employer or owner or operator of critical infrastructure.(II) Participation from academic institutions in the Federal Cyber Scholarships for Service Program, the National Centers of Academic Excellence in Cybersecurity Program, or advanced technological education programs, as well as elementary and secondary schools, training and certification providers, State and local governments, economic development organizations, or other community organizations is encouraged.
(ii) A description of how the workforce partnership would identify the workforce needs of the local economy.
(iii) A description of how the multistakeholder workforce partnership would leverage the programs and objectives of the National Initiative for Cybersecurity Education, such as the Cybersecurity Workforce Framework and the strategic plan of such initiative.
(iv) A description of how employers in the community will be recruited to support internships, externships, apprenticeships, or cooperative education programs in conjunction with providers of education and training. Inclusion of programs that seek to include veterans, Indian Tribes, and underrepresented groups, including women, minorities, persons from rural and underserved areas, and persons with disabilities is encouraged.
(v) A definition of the metrics to be used in determining the success of the efforts of the regional alliance or partnership under the agreement.
(C) Priority consideration
(5) Audits
(6) Reports
(A) In general
(B) ContentsEach report submitted under subparagraph (A) by a regional alliance or partnership shall include the following:
(i) An assessment of efforts made by the regional alliance or partnership to carry out paragraph (2).
(ii) The metrics used by the regional alliance or partnership to measure the success of the efforts of the regional alliance or partnership under the cooperative agreement.
(Pub. L. 113–274, title III, § 303, formerly title IV, § 401, Dec. 18, 2014, 128 Stat. 2985; renumbered title III, § 303, and amended Pub. L. 116–283, div. H, title XCIV, § 9401(a), (b), (e)–(g)(1), Jan. 1, 2021, 134 Stat. 4805–4807, 4809.)