The Cyber PIVOTT Act of 2025 would create a new program within the Cybersecurity and Infrastructure Security Agency (CISA) called the PIVOTT Program (Providing Individuals Various Opportunities for Technical Training to Build a Skills-Based Cyber Workforce). The program partners with community colleges, technical schools, and other 2-year higher education providers to offer education and hands-on training designed to feed a skills-based cyber workforce for federal, state, local, tribal, and territorial governments, as well as critical infrastructure sectors. Key elements include full tuition scholarships, a 2-year service obligation in cyber roles after program completion, a slate of hands-on “skills-based exercises” (such as labs, hackathons, and tabletop exercises), internships, and ongoing access to job and credentialing resources mapped to the NICE Cybersecurity Workforce Framework. In addition to student support, the act envisions outreach, internships, and coordination with federal agencies and industry partners, plus reporting requirements to Congress, the potential for cybersecurity certifications funded through vouchers, and a plan to scale the program to thousands of students over 10 years. It also sets up accountability mechanisms, including repayment obligations if a participant fails to meet post-graduate service requirements, and a review of CISA’s education and training programs within a short time after enactment.
Key Points
- 1Establishment of the PIVOTT Program (within CISA) to partner with 2-year institutions and provide education, training, internships, and post-program federal employment opportunities in cyber or cyber-relevant roles; program name is the PIVOTT Program.
- 2Student eligibility and scholarships: eligible students include those starting or already in 2-year cyber or cyber-relevant programs; full scholarships cover tuition, fees, travel, stipends, certification testing, and related costs; at least one in-person skills-based exercise required.
- 3Service obligation and exceptions: participants must complete a 2-year service obligation in a cyber or cyber-relevant role in a federal, state/local/tribal/territorial government, or related setting; exceptions for those with Armed Forces service, active military membership, or pursuing military cyber service; possible delayed service if pursuing a 4-year degree after program completion.
- 4Program components and internships: minimum of four eligible skills-based exercises per participant (labs, hackathons, virtual programming, tabletop exercises, etc.); in-person exercise required at least once per student; mandatory cyber or cyber-relevant internships with government or critical infrastructure entities; efforts to assign security clearances where applicable.
- 5Outreach, governance, and reporting: regional outreach by CISA, industry engagement, a potential advisory committee (FACA exemption applies), voluntary federal recruitment fairs at multiple institutions; regular reporting to Senate and House committees on program progress and industry input.
- 6Education resources and post-program benefits: online database of cyber training aligned to NICE job roles; list of certification programs with potential voucher funding for up to three certifications; optional scholarships for a limited number of graduates employed by the federal government, after program completion.
- 7Repayment and accountability: scholarship awards come with post-award repayment obligations if the recipient fails to meet academic or post-graduation service requirements; repayment can be treated as a Federal Direct Unsubsidized loan and collected by the Secretary; options for waivers or partial suspensions in cases of hardship or military enlistment; participating institutions may retain a portion of repayments to cover administrative costs.