Inspector General Audit Praises Army for Cyber Workforce Compliance


In a recent Audit of the Department of Defense Recruitment and Retention of the Civilian Cyber Workforce (DODIG-2021-110) conducted by the office of the DoD CIO, the Army was praised for its compliance with DoD coding requirements,

With the exception of the Department of the Army, the DoD Components we reviewed did not always comply with work role coding requirements…”


Why was the Audit Necessary?


The overall objective of the audit was to determine whether the DoD is adequately meeting requirements, guidance, and goals related to retention and recruitment for its cyber workforce

As we’ve discussed in past articles, in today’s cyber landscape, especially within the DoD and defense contractor space, the gap between open cyber workforce positions and qualified individuals available to fill them is widening.

Without a clear understanding of the cyber skills gap that exists within the government, it’s near impossible to effectively recruit, cross-train, and incentivize promotion. The concern is only growing in the face of recent cyber-attacks on the contractor and critical infrastructure businesses like Colonial Pipeline and Solar Winds.


Where the DoD is Struggling

Back in 2015, the Federal Cybersecurity Workforce Assessment Act went into effect. It required DoD agencies to log and code both filled and unfilled positions within the cyber workforce. The coding requirements were based on the National Institute for Standards and Technology’s coding structure.

The audit uncovered that:

“The DoD Components did not code all positions in accordance with the DoD Coding Guide. Specifically:


  •         Filled positions were not coded in accordance with the DoD Coding Guide; and
  •         Unfilled positions were not coded in accordance with the DoD Coding Guide.”


The underlying issue as to why the DoD is struggling appears to be rooted in ineffective quality assurance processes.

In short, if the positions aren’t being correctly coded, the programs designed to address and aid recruitment within the cybersecurity space will remain ineffective.

The Inspector General’s recommendations to the DoD CIO were:


“We recommend that the DoD CIO:

  •       Require DoD Components to code filled and unfilled positions to meet Federal requirements and comply with the DoD Coding Guide;
  •       In coordination with the Under Secretary of Defense for Personnel and Readiness and the Office of the Chief Data Officer, conduct a feasibility study of including quality assurance checks in systems used for coding civilian cyber workforce positions to ensure that work role coding is in accordance with the DoD Coding Guide; and
  •       Based on the results of the feasibility study, establish and implement a manual or automated (or combination of both) quality assurance process to determine compliance with the DoD Coding Guide.”

The CIO agreed with the recommendations.


What the Army is Doing Right


As stated earlier, the Army stood out as the only branch that utilized an automated quality assurance process to properly code its cyber workforce.

For many years the Army has had a very forward-looking role regarding the cyber workforce challenges in the DoD. The Army Training and Certification Tracking System (ATCTS), an instance of WillCo Tech’s CyberSTAR cyber expertise management platform, began as a pilot more than 15 years ago and has been a testament to the Army’s vision for solving the challenge consistently and with the scale of the largest DoD workforce.

ACTCS offers Army leadership on-demand transparency within their cyber workforce roles; and the cyber requirements across the entire workforce. By solving the root requirement of codifying and complying to the DoD Directives (8570, and others), additional benefits can be readily realized:

  • Provides on-demand “common operating picture” visibility and reporting on the cyber workforce
  • Enables automated compliance tracking and notification for soldiers and leadership
  • Consistently onboards codifies and manages the Defense Cyber Workforce roles for contractors, civilians, and military personnel


Why CyberSTAR?


CyberSTAR is the trusted source for ongoing cyber training. Used by the DoD and other government agencies as well as corporate customers, it is the most effective automated credentials management and cyber workforce compliance system available, with over two million registered users.

CyberSTAR helps streamline processes and maintain current credentials for your cyber workforce by:

  • Ensuring proper training and certification (including DoDD 8570, DoDD 8140, NIST NICE, and other commercial standards)
  • Matching personnel and roles to contractual or regulatory requirements
  • Forecasting, planning, and recruiting workforce
  • Continuous compliance and on-demand reporting
  • Reducing the cost and complexity of identifying skill gaps


CyberSTAR is the one source of truth for all your cyber training and certification—evaluating, expanding, and enhancing your organization’s cyber readiness.

To find out how CyberSTAR can help your agency or organization, click below to request a demo.


CyberSTAR Demo Request