10 U.S. Code § 1599f - United States Cyber Command recruitment and retention

(a) General Authority.—

(1) The Secretary of Defense may—

(A) establish, as positions in the excepted service, such qualified positions in the Department of Defense as the Secretary determines necessary to carry out the responsibilities of the United States Cyber Command, including—

(i) positions held by staff of the headquarters of the United States Cyber Command;

(ii) positions held by elements of the United States Cyber Command enterprise relating to cyberspace operations, including elements assigned to the Joint Task Force-Department of Defense Information Networks; and

(iii) positions held by elements of the military departments supporting the United States Cyber Command;

(B) appoint an individual to a qualified position (after taking into consideration the availability of preference eligibles for appointment to the position); and

(C) subject to the requirements of subsections (b) and (c), fix the compensation of an individual for service in a qualified position.

(2) The authority of the Secretary under this subsection applies without regard to the provisions of any other law relating to the appointment, number, classification, or compensation of employees.

(b) Basic Pay.—

(1) In accordance with this section, the Secretary shall fix the rates of basic pay for any qualified position established under subsection (a)—

(A) in relation to the rates of pay provided for employees in comparable positions in the Department, in which the employee occupying the comparable position performs, manages, or supervises functions that execute the cyber mission of the Department; and

(B) subject to the same limitations on maximum rates of pay established for such employees by law or regulation.

(2) The Secretary may—

(A) consistent with section 5341 of title 5, adopt such provisions of that title to provide for prevailing rate systems of basic pay; and

(B) apply those provisions to qualified positions for employees in or under which the Department may employ individuals described by section 5342(a)(2)(A) of such title.

(c) Additional Compensation, Incentives, and Allowances.—

(1) The Secretary may provide employees in qualified positions compensation (in addition to basic pay), including benefits, incentives, and allowances, consistent with, and not in excess of the level authorized for, comparable positions authorized by title 5.

(2) An employee in a qualified position whose rate of basic pay is fixed under subsection (b)(1) shall be eligible for an allowance under section 5941 of title 5 on the same basis and to the same extent as if the employee was an employee covered by such section, including eligibility conditions, allowance rates, and all other terms and conditions in law or regulation.

(d) Implementation Plan Required.—

The authority granted in subsection (a) shall become effective 30 days after the date on which the Secretary of Defense provides to the congressional defense committees a plan for implementation of such authority. The plan shall include the following:

(1) An assessment of the current scope of the positions covered by the authority.

(2) A plan for the use of the authority.

(3) An assessment of the anticipated workforce needs of the United States Cyber Command across the future-years defense plan.

(4) Other matters as appropriate.

(e) Collective Bargaining Agreements.—

Nothing in subsection (a) may be construed to impair the continued effectiveness of a collective bargaining agreement with respect to an office, component, subcomponent, or equivalent of the Department that is a successor to an office, component, subcomponent, or equivalent of the Department covered by the agreement before the succession.

(f) Training.—

(1) The Secretary shall provide training to covered personnel on hiring and pay matters relating to authorities under this section.

(2) For purposes of this subsection, covered personnel are employees of the Department who—

(A) carry out functions relating to—

(i) the management of human resources and the civilian workforce of the Department; or

(ii) the writing of guidance for the implementation of authorities regarding hiring and pay under this section; or

(B) are employed in supervisory positions or have responsibilities relating to the hiring of individuals for positions in the Department and to whom the Secretary intends to delegate authority under this section.

(g) Required Regulations.—

The Secretary, in coordination with the Director of the Office of Personnel Management, shall prescribe regulations for the administration of this section.

(h) Annual Report.—

(1) Not later than one year after the date of the enactment of this section and not less frequently than once each year thereafter until the date that is five years after the date of the enactment of this section, the Director of the Office of Personnel Management, in coordination with the Secretary, shall submit to the appropriate committees of Congress a detailed report on the administration of this section during the most recent one-year period.

(2) Each report submitted under paragraph (1) shall include, for the period covered by the report, the following:

(A) A discussion of the process used in accepting applications, assessing candidates, ensuring adherence to veterans’ preference, and selecting applicants for vacancies to be filled by an individual for a qualified position.

(B) A description of the following:

(i) How the Secretary plans to fulfill the critical need of the Department to recruit and retain employees in qualified positions.

(ii) The measures that will be used to measure progress.

(iii) Any actions taken during the reporting period to fulfill such critical need.

(C) A discussion of how the planning and actions taken under subparagraph (B) are integrated into the strategic workforce planning of the Department.

(D) The metrics on actions occurring during the reporting period, including the following:

(i) The number of employees in qualified positions hired, disaggregated by occupation, grade, and level or pay band.

(ii) The placement of employees in qualified positions, disaggregated by military department, Defense Agency, or other component within the Department.

(iii) The total number of veterans hired.

(iv) The number of separations of employees in qualified positions, disaggregated by occupation and grade and level or pay band.

(v) The number of retirements of employees in qualified positions, disaggregated by occupation, grade, and level or pay band.

(vi) The number and amounts of recruitment, relocation, and retention incentives paid to employees in qualified positions, disaggregated by occupation, grade, and level or pay band.

(E) A description of the training provided to employees described in subsection (f)(2) on the use of authorities under this section.

(i) Three-year Probationary Period.—

The probationary period for all employees hired under the authority established in this section shall be three years.

(j) Incumbents of Existing Competitive Service Positions.—

(1) An individual occupying a position on the date of the enactment of this section that is selected to be converted to a position in the excepted service under this section shall have the right to refuse such conversion.

(2) After the date on which an individual who refuses a conversion under paragraph (1) stops serving in the position selected to be converted, the position may be converted to a position in the excepted service.

(k) Definitions.—

In this section:

(1) The term “appropriate committees of Congress” means—

(A) the Committee on Armed Services, the Committee on Homeland Security and Governmental Affairs, and the Committee on Appropriations of the Senate; and

(B) the Committee on Armed Services, the Committee on Oversight and Government Reform, and the Committee on Appropriations of the House of Representatives.

(2) The term “collective bargaining agreement” has the meaning given that term in section 7103(a)(8) of title 5.

(3) The term “excepted service” has the meaning given that term in section 2103 of title 5.

(4) The term “preference eligible” has the meaning given that term in section 2108(3) of title 5.

(5) The term “qualified position” means a position, designated by the Secretary for the purpose of this section, in which the individual occupying such position performs, manages, or supervises functions that execute the responsibilities of the United States Cyber Command relating to cyber operations.

(6) The term “Senior Executive Service” has the meaning given that term in section 2101a of title 5.

(Added Pub. L. 114–92, div. A, title XI, § 1107(a), Nov. 25, 2015, 129 Stat. 1024; amended Pub. L. 114–328, div. A, title XI, § 1103(a), (b)(2), Dec. 23, 2016, 130 Stat. 2444.)

Editorial Notes

References in Text

The date of the enactment of this section, referred to in subsecs. (h)(1) and (j)(1), is the date of enactment of Pub. L. 114–92, which was approved Nov. 25, 2015.

Amendments

2016—Subsecs. (f), (g). Pub. L. 114–328, § 1103(a), added subsec. (f) and redesignated former subsec. (f) as (g). Former subsec. (g) redesignated (h).

Subsec. (h). Pub. L. 114–328, § 1103(a)(1), redesignated subsec. (g) as (h). Former subsec. (h) redesignated (i).

Subsec. (h)(2)(E). Pub. L. 114–328, § 1103(b)(2), substituted “employees described in subsection (f)(2) on the use of authorities under this section” for “supervisors of employees in qualified positions at the Department on the use of the new authorities”.

Subsecs. (i) to (k). Pub. L. 114–328, § 1103(a)(1), redesignated subsecs. (h) to (j) as (i) to (k), respectively.

Statutory Notes and Related Subsidiaries

Change of Name

Committee on Oversight and Government Reform of House of Representatives changed to Committee on Oversight and Reform of House of Representatives by House Resolution No. 6, One Hundred Sixteenth Congress, Jan. 9, 2019.

Department of Defense Cyber Workforce Efforts

Pub. L. 116–283, div. A, title XVII, § 1726(a), Jan. 1, 2021, 134 Stat. 4115, provided that:

“(a) Resources for Cyber Education.—

“(1) In general.—

The Chief Information Officer of the Department of Defense, in consultation with the Director of the National Security Agency (NSA), shall examine the current policies permitting National Security Agency employees to use up to 140 hours of paid time toward NSA’s cyber education programs.

“(2) Report.—

“(A) In general.—

Not later than 90 days after the date of the enactment of this Act [Jan. 1, 2021], the Chief Information Officer shall submit to the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] and the congressional intelligence committees a strategy for expanding the policies described in paragraph (1) to—

“(i) individuals who occupy positions described in section 1599f of title 10, United States Code; and

“(ii) any other individuals who the Chief Information Officer determines appropriate.

“(B) Implementation plan.—

The report required under subparagraph (A) shall detail the utilization of the policies in place at the National Security Agency, as well as an implementation plan that describes the mechanisms needed to expand the use of such policies to accommodate wider participation by individuals described in such subparagraph. Such implementation plan shall detail how such individuals would be able to connect to the instructional and participatory opportunities available through the efforts, programs, initiatives, and investments accounted for in the report required under section 1649 of the National Defense Authorization Act for Fiscal Year 2020 (Public Law 116–92 [133 Stat. 1758]), including the following programs:

“(i) GenCyber.

“(ii) Centers for Academic Excellence – Cyber Defense.

“(iii) Centers for Academic Excellence – Cyber Operations.

“(C) Deadline.—

Not later than 120 days after the submission of the report required under subparagraph (A), the Chief Information Officer of the Department of Defense shall carry out the implementation plan contained in such report.”

Zero-Based Review of Department of Defense Cyber and Information Technology Personnel

Pub. L. 116–92, div. A, title XVI, § 1652, Dec. 20, 2019, 133 Stat. 1761, provided that:

“(a) Review Required.—

Not later than January 1, 2021, each head of a covered department, component, or agency shall—

“(1) complete a zero-based review of the cyber and information technology personnel of the head’s covered department, component, or agency; and

“(2) provide the Principal Cyber Advisor, the Chief Information Officer of the Department of Defense, and the Under Secretary of Defense for Personnel and Readiness the findings of the head with respect to the head’s covered department, component, or agency.

“(b) Covered Departments, Components, and Agencies.—

For purposes of this section, a covered department, component, or agency is—

“(1) an independent Department of Defense component or agency;

“(2) the Office of the Secretary of Defense;

“(3) a component of the Joint Staff;

“(4) a military department or an armed force; or

“(5) a reserve component of the Armed Forces.

“(c) Scope of Review.—

As part of a review conducted pursuant to subsection (a)(1), the head of a covered department, component, or agency shall, with respect to the covered department, component, or agency of the head—

“(1) assess military, civilian, and contractor positions and personnel performing cyber and information technology missions;

“(2) determine the roles and functions assigned by reviewing existing position descriptions and conducting interviews to quantify the current workload performed by military, civilian, and contractor workforce;

“(3) compare the Department’s manning with the manning of comparable industry organizations;

“(4) include evaluation of the utility of cyber- and information technology-focused missions, positions, and personnel within such components—

“(A) to assess the effectiveness and efficiency of current activities;

“(B) to assess the necessity of increasing, reducing, or eliminating resources; and

“(C) to guide prioritization of investment and funding;

“(5) develop recommendations and objectives for organizational, manning, and equipping change, taking into account anticipated developments in information technologies, workload projections, automation and process enhancements, and Department requirements;

“(6) develop a gap analysis, contrasting the current organization and the objectives developed pursuant to paragraph (5); and

“(7) develop roadmaps of prioritized activities and a timeline for implementing the activities to close the gaps identified pursuant to paragraph (6).

“(d) Elements.—

In carrying out a review pursuant to subsection (a)(1), the head of a covered department, component, or agency shall consider the following:

“(1) Whether position descriptions and coding designators for given cybersecurity and information technology roles are accurate indicators of the work being performed.

“(2) Whether the function of any cybersecurity or information technology position or personnel can be replaced by acquisition of cybersecurity or information technology products or automation.

“(3) Whether a given component or subcomponent is over- or under-resourced in terms of personnel, using industry standards as a benchmark where applicable.

“(4) Whether cybersecurity service provider positions and personnel fit coherently into the enterprise-wide cybersecurity architecture and with the Department’s cyber protection teams.

“(5) Whether the function of any cybersecurity or information technology position or personnel could be conducted more efficiently or effectively by enterprise-level cyber or information technology personnel.

“(e) Furnishing Data and Analysis.—

“(1) Data and analysis.—

In carrying out subsection (a)(2), each head of a covered department, component, or agency, shall furnish to the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary a description of the analysis that led to the findings submitted under such subsection and the data used in such analysis.

“(2) Certification.—

The Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary of Defense shall jointly review each submittal under subsection (a)(2) and certify whether the findings and analysis are in compliance with the requirements of this section.

“(f) Recommendations.—

After receiving findings submitted by a head of a covered department, component, or agency pursuant to paragraph (2) of subsection (a) with respect to a review conducted by the head pursuant to paragraph (1) of such subsection, the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary shall jointly provide to such head such recommendations as the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary may have for changes in manning or acquisition that proceed from such review.

“(g) Implementation.—

The Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary shall jointly oversee and assist in the implementation of the roadmaps developed pursuant to subsection (c)(7) and the recommendations developed pursuant to subsection (f).

“(h) In-progress Reviews.—

Not later than six months after the date of the enactment of this Act [Dec. 20, 2019] and not less frequently than once every six months thereafter until the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary give the briefing required by subsection (i), the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary shall jointly—

“(1) conduct in-progress reviews of the status of the reviews required by subsection (a)(1); and

“(2) provide the congressional defense committees [Committees on Armed Services and Appropriations of the Senate and the House of Representatives] with a briefing on such in-progress reviews.

“(i) Final Briefing.—

After all of the reviews have been completed under paragraph (1) of subsection (a), after receiving all of the findings pursuant to paragraph (2) of such subsection, and not later than June 1, 2021, the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary shall jointly provide to the congressional defense committees a briefing on the findings of the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary with respect to such reviews, including such recommendations as the Principal Cyber Advisor, the Chief Information Officer, and the Under Secretary may have for changes to the budget of the Department as a result of such reviews.

“(j) Definition of Zero-based Review.—

In this section, the term ‘zero-based review’ means a review in which an assessment is conducted with each item, position, or person costed anew, rather than in relation to its size or status in any previous budget.”

Actions Pending Full Implementation of Plan for Cyber Mission Force Positions

Pub. L. 114–328, div. A, title XVI, § 1643(a), Dec. 23, 2016, 130 Stat. 2602, provided that:

“Until the Secretary of Defense completes implementation of the authority in subsection (a) of section 1599f of title 10, United States Code, for United States Cyber Command workforce positions in accordance with the implementation plan required by subsection (d) of such section, the Secretary shall do each of the following:

“(1) Notwithstanding sections 3309 through 3318 of title 5, United States Code, provide for and implement an interagency transfer agreement between excepted service position systems and competitive service position systems in military departments and Defense Agencies concerned to satisfy the requirements for cyber workforce positions from among a mix of employees in the excepted service and the competitive service in such military departments and Defense Agencies.

“(2) Implement in the defense civilian cyber personnel system a classification system commonly known as a ‘Rank-in-person’ classification system similar to such classification system used by the National Security Agency as of the date of the enactment of this Act [Dec. 23, 2016].

“(3) Approve direct hiring authority for cyber workforce positions up to the GG or GS–15 level in accordance with the criteria in section 3304 of title 5, United States Code.

“(4) Notwithstanding section 5333 of title 5, United States Code, authorize officials conducting hiring in the competitive service for cyber workforce positions to set starting salaries at up to a step-five level with no justification and at up to a step-ten level with justification that meets published guidelines applicable to the excepted service.”