Many federal cybersecurity vacancies aren’t being coded properly, GAO says

(Getty Images)


Written by

One-fourth of CFO Act agencies have not completed a key requirement of a 2015 law that was intended to bring more rigor to how the federal government categorizes and fills cybersecurity jobs, a new report from the Government Accountability Office says.

Six of the 24 agencies surveyed by GAO had not “completed assigning the associated work role codes to their vacant positions, although they were required to do so by April 2018” under the Federal Cybersecurity Workforce Assessment Act of 2015, the report says.

“In addition, most agencies had likely miscategorized the work roles of many positions,” the GAO says.

The six agencies that GAO singled out — the departments of Defense, Energy and Justice, as well as the EPA, General Services Administration and NASA — gave various administrative reasons for not coding the vacancies. DOD, for example, “reported that, while some components assigned codes to vacant positions, the department did not have an enterprise-wide capability to assign codes to vacant positions and had not modified the systems to enable the use of the 3-digit work role codes for vacant positions due to time and funding constraints,” GAO says.

The GAO says it administered a questionnaire to the 24 CFO Act agencies, “analyzed coding data from personnel systems, and examined preliminary reports on critical needs.” Much of the focus was on the government’s 2210 job code for the Information Technology Management Series. Those positions “are most likely to perform IT, cybersecurity, or cyber-related functions,” GAO says.

“By assigning work roles that are inconsistent with the IT, cybersecurity, and cyber-related positions, the agencies are diminishing the reliability of the information they need to improve workforce planning,” the GAO says.

Of the 24 agencies survey, 18 provided responses to the GAO signaling that they had addressed the problems or were working on them. In agencies with large workforces, some fixes might take a few years. DOD, for example, said guidelines for assessing the accuracy of some position descriptions won’t be ready until 2022.

-In this Story-

Cybersecurity, Federal Cybersecurity Workforce Assessment Act, Government Accountability Office (GAO), workforce