Cybersecurity Data Standard Codes

GENERAL SERVICES ADMINISTRATION
              Washington, DC  20405                               

HRM 9292.1 CHGE 1
May 5, 2021

GSA ORDER

SUBJECT:  Cybersecurity Data Standard Codes

1.  Purpose. This policy provides guidance regarding the identification and assignment of Cybersecurity Data Standard Codes for encumbered and vacant positions with information technology, cybersecurity, and cyber-related functions.  

2.  Background.

     a.  In 2013, The Office of Personnel Management (OPM) began efforts under the Special Cybersecurity Workforce Project to collect and analyze data on the cybersecurity workforce to identify and address the skills needed by this important group. This effort included identifying and coding Federal positions with cybersecurity functions, thus allowing the Federal Government to pinpoint these crucial functions and positions.  

     b.  Since 2013, Federal agencies have assigned government-wide Cybersecurity Data Standard Codes to their positions with cybersecurity functions. The codes align with the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework and currently recognize 7 categories and 33 specialty areas of cybersecurity functions.

     c.  The Federal Cybersecurity Workforce Assessment Act of 2015 requires OPM to establish procedures to implement the NICE coding structure and to identify all Federal civilian positions that require the performance of information technology, cybersecurity, or other cyber-related functions. NICE coding structure, captured in the Federal Cybersecurity Coding Structure, has recently been updated to include "work roles" and associated codes, and broadened to include not only cybersecurity functions, but also information technology and cyber-related functions. OPM has revised the Government-wide Cybersecurity Data Standard Codes, contained in the Guide to Data Standards, to align with the new Federal cybersecurity coding structure.  

3.  Scope and Applicability.    

     a.  This policy applies to all positions that require the performance of information technology, cybersecurity, or other cyber-related functions.

b.  The Office of Inspector General (OIG) has independent hiring and personnel administration authority. See Section 6 of the Inspector General Act of 1978 (5 U.S.C. §6  as amended). (Inspector General is authorized “to select, appoint, and employ, such officers and employees as may be necessary for carrying out the functions, powers, and duties of the Office of Inspector General” 5 U.S.C. §6 (C )(7)) and GSA Order ADM 5450.39D CHGE 1, GSA Delegations of Authority Manual (Delegations Manual), Chapter 2, Part 1 (“the Inspector General has independent authority to formulate policies and make determinations concerning human capital issues within the [OIG] and GSA determinations/delegations do not limit that authority). Similarly, GSA specifically recognizes that the Inspector General has independent authority to formulate policies and make determinations concerning training, employee development, and career management.  

4.  Cancellation. This Order cancels and supersedes GSA Order HRM 9292.1.

5.  Explanation of Change. This change clarifies Section 3.c., General Information, by stating ‘Cybersecurity Data Standard Codes will be assigned to positions that are performing information technology, cybersecurity, and cyber-related functions.’

6.  Implementation. This issuance must be carried out in accordance with applicable laws, regulations, and bargaining agreements.

7.  Signature.

 

/S/_______________________________        
Traci DiMartini                  
Chief Human Capital Officer
Office of Human Resources Management