Roughly 50,000 federal employees could lose workforce protections under new OPM rule

The Office of Personnel Management finalized a new classification Thursday for career federal workers in policy-related roles that will effectively make them easier to terminate. The new “Schedule Policy/Career” creates an administrative category for nonpolitical “career” federal employees who work in roles that are defined as influencing policy. Workers added to that classification will be converted to “at-will” employees and will no longer be eligible for adverse action procedures or the ability to appeal terminations. Roughly 50,000 employees will be subject to the change, per an estimate in the final rule. Despite the administration’s assertion that the new schedule is for “accountability” and will not be subject to political loyalty tests, federal employee advocates have long argued the policy is a thinly veiled attempt to strip career employees of safeguards in an effort to replace them with workers who are politically aligned with the president. The announcement from OPM on Thursday stated that the final rule explicitly does not allow discrimination based on politics, prohibits use of the new schedule to reshape the workforce or conduct mass layoffs, and would protect whistleblowers. OPM also stated that it would take on a role to review agency actions to ensure they are compliant.

A Cybersecurity and Infrastructure Security Agency order published Thursday directs federal agencies to stop using “edge devices” like firewalls and routers that their manufacturers no longer support. It’s a stab at tackling one of the most persistent and difficult-to-manage avenues of attack for hackers, a vector that has factored into some of the most consequential and most common types of exploits in recent years. New edge-device vulnerabilities surface frequently. Under the binding operational directive CISA released Thursday, federal civilian executive branch (FCEB) agencies must inventory edge devices in their systems that vendors no longer support within three months, and replace those on a dedicated list with supported devices within one year. To aid agencies in following the directive, CISA is producing a list of end-of-service edge devices. CISA developed the directive in conjunction with the Office of Management and Budget, and puts a bit more muscle behind a decade-old OMB circular on agencies phasing out unsupported technologies. Despite being called “binding operational directives,” CISA has no authority to mandate that agencies carry out the orders — although agencies have demonstrated they usually seek to follow them, and there are ways that CISA can work to ensure compliance. The private sector pays attention to CISA’s directives even though they don’t apply to companies.

The Daily Scoop Podcast is available every Monday-Friday afternoon.

If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.