![](/uploads/1/2/5/7/125740874/372977576.jpg)
DoD 8570 and How Security+ Fits in. The Department of Defense document DoD 8570.01-M provides guidance and procedures for the training, certification and management of the DoD workforce conducting Information Assurance (IA) functions. This Instruction: a. Updates and reissues DCMA Instruction (DCMA-INST 125), “Final Overhead Rates” (Reference (a)). Is established in accordance with the authority in DoD Directive 5105.64, “Defense Contract Management Agency (DCMA)” (Reference (b)). Implements Department policy pursuant to listed references.
The U.S. government has put significant emphasis on certification and training for system users to ensure they can meet the ever-changing cyber threats and to reinforce their skillsets to mitigate adversary attacks with existing or new security tools. Comprehensive annual security awareness has been made mandatory for all users, and several opportunities to increase competence are available for employees who need more advanced IT skills and knowledge.
This effort is summarized by DoD Directive 8140.01, “Cyberspace Workforce Management,” August 11, 2015 that “unifies the overall cyberspace workforce and establishes specific workforce elements (cyberspace effects, cybersecurity, and cyberspace information technology (IT)) to align, manage and standardize cyberspace work roles, baseline qualifications, and training requirements.” This directive expands and updates the scope of DoD Directive (DoDD) 8570.01, Information Assurance Workforce Improvement Program. Serial number mask pro 4.1. However, the DoD 8570.01-M governing the IA workforce certification program is still in effect until new guidelines are issued. DoD 8570 serves, in fact, as both a “Directive” and a “Manual,” whereas, the DoD 8140 is currently just a “Directive” pending a manual to be developed. The current 8570 manual with a number of edits done in August 2015 in response to Directive 8140.01 still serve as a guide that establishes the category and level functions in which personnel are performing their IA duties and applies to all members of the DoD IA workforce including military, civilians, foreign nationals, local nationals, non-appropriated fund (NAF), and contractors.
How Does the DoD Directive 8140.01 Affect an IA Professional?
All professionals with privileged access to US Department of Defense information systems ought to obtain industry certification credentials that have been accredited by the American National Standards Institute (ANSI). The regulations identify the specific individual qualifications mandated by the Directive’s enterprise-wide IA workforce management program, so it is important that even professionals applying for Defense jobs with Information Assurance Management (IAM) and Information Assurance Technical (IAT) roles become very familiar with what is required of them to be compliant. Ensuring to have the right certifications but also the required knowledge and skills to progress in the career is important to avoid disappointments in the future.
Training is required for all personnel that have access to any information system and perform any security function. IT employees who are part of the Cyber or IA Workforce, whether it is full-time or part-time or even as an embedded duty, will be required to be trained and certified to an IA baseline requirement, as indicated for their position category or specialty and level in the DISA IA Support Environment (IASE) website. The directives authorize units to request funds to get the personnel trained to the level needed to perform their IA duty functions by acquiring an approved certification for their particular job classification.
Training requirements are broken down by different categories of Infosec personnel: IA Technical and IA Management and then further divided into three functional levels (I, II, and III), based on where the position is located within the overall information system architecture, such as to a DoD Information System Computing, Network, or Enclave environment, and not to an individual’s grade or experience. In most instances the basic rule still stands, a position is identified as IAT if it requires privileged access to a DoD Information System Computing, Network, or Enclave environment and includes any of the functional requirements listed in Chapter 3 of DoD 8570.01-M for that level of the information system architecture; whereas, a position is part of the IAM workforce if it has responsibility for managing information system security for a DoD Information System Computing, Network, or Enclave environment and includes any of the functions listed in Chapter 4 of DoD 8570.01-M for that level of the information system architecture.
The manual also has two specialties: The Computer Network Defense-Service Provider (CND-SP) specialty levels that are tied to functional positions (i.e., Analyst, Infrastructure Support, Incident Responder, Auditor, and Manager); and there’s the IA System Architects and Engineers (IASAEs) specialty that has levels I, II, and III, just like IAT and IAM.
Below are the approved baseline certifications for personnel in IAM and IAT roles:
IAT Level I | IAT Level II | IAT Level III |
A+ CE CCNA-Security Network+ CE SSCP | CCNA Security CySA+ ** GICSP GSEC Security+ CE SSCP | CASP CE CCNP Security CISA CISSP (or Associate) GCED GCIH |
IAM Level I | IAM Level II | IAM Level III |
CAP GSLC Security+ CE | CAP CASP CE CISM CISSP (or Associate) GSLC | CISM CISSP (or Associate) GSLC |
Personnel is required to obtain only one of the certifications listed for their category; however, many hold more than one credential. In addition, a certification listed under a level 2 or 3 is valid also as a qualification for level 1. Certification providers include Cisco, CompTIA, (ISC)2, ISACA and GIAC.
DoD 8140 and Training
In addition to the DoD internally available training (e.g., Service Schoolhouse IA courses, DISA web-based training), external training providers like Infosec offer certification-type courses for those in the IA level I, II, or III or who will be performing specialized functions for the Computing, Network, or Enclave environments. This training can help personnel satisfy the certification and knowledge requirements for their function and level in the IA workforce.
Infosec offers courses in support of most IT certifications and provides valuable training for all requirements listed in directive 8140 and 8570.1. A foundation option that can set a professional on a good course towards compliance is 8570 Mandate Compliance Training. In addition, students can find more specific selections that can set them well on the road to certification in their preferred field.
Infosec offers, in fact, an interesting and currently very popular option: the boot camp. This is an intensive training course that is normally offered in a 5-day-class seminar version, but that also has online options; these are some of the most popular courses also thanks to the students’ passing rates that are between the highest in the industry. Boot camps are also great options for group training on-site for companies looking to train all or part of their personnel. All courses provide knowledge relevant to the latest version of the exam for which they prepare professionals.
Professional interested in DOD 8140 and 8570.1 compliance can find the following options in Infosec catalog:
- CompTIA A+: for a beginners’ approach to the comprehensive CompTIA exam
- Security+: with theory and hands-on exercises
- Network+: to apply basic networking skills like installing and configuring networks on multiple platforms
- CASP: prepares for the CompTIA Advanced Security Practitioner exam, a vendor-neutral credential
- ISACA CISA: a review course that covers the core sections and a series of sample exam questions for the Certified Information Systems Auditor exam and covers the skills needed to get a workforce up to speed with a security solution to defend against unauthorized access to information
- Ethical Hacking/CEH: an in-depth review of black-hat hackers’ techniques, penetration testing, and defensive techniques through lectures and hands-on exercises
- Incident Response and Network Forensics: covers how to detect and defend from security incidents including learning how systems are compromised and how to look for traces left behind by attackers on the systems
- CAP: a 3-day course made of drills and mentoring for Certified Authorization Professional
- CCNA Security: one of the most popular boot camps on information security and hacking training
- CCNA Training: allows students to earn 4 Cisco certifications in 7 Days: ICND1, ICND2, IINS, and CCDA
- CISM: with a passing rate of 94%, this popular course help’s students master the ISACA Official CISM Review Manual and apply knowledge to real-world scenarios
- CSSLP: prepares students for the Certified Secure Software Lifecycle Professional exam by (ISC)2 and covers the knowledge needed to incorporate security into each phase of the software lifecycle to help mitigate threats
- ISSAP: places an emphasis on the technical aspects of security architecture
- ISSEP: focuses on Security Systems Engineering and the construction of an efficient network
- ISSMP: undergo four days to learn about the five major domains of the Information Systems Security Management Professional (ISSMP) Concentration
- There’s also a 7-day training boot camp for (ISC)² CISSP that prepares students on all eight Common Body of Knowledge domains and all the concepts covered by the complex Certified Information Systems Security Professional test
So, if a team needs to achieve DOD 8140 and 8750 compliance, Infosec’s boot camp-style programs might be the best options to gain the essential knowledge and hands-on skills needed to be familiar with a variety of security concepts practiced in their daily routine at work. What’s more, all training programs are designed for the GI Bill funds (for training active duty or selected reserve, officer or enlisted) that can be used for Infosec certification courses.
Another great option for professionals who have no chance or time to attend the in-class courses, instead, is online training. Infosec offers this format to help students achieve compliance in the comfort of their own home or office:
- CISM Online Certification Training: designed for professionals who manage and/or assess an organization’s information security program, this course offers the same content as the instructor-led option in 47 online modules
- CISSP Online Training: this online version of the popular CISSP training is self-paced to cater to the needs of professionals with difficult or unpredictable schedules but still allows access to the help of an instructor/mentor when needed. The course offers over 45 hours of content and prepares students for the newest CISSP visual exam question format
- CompTIA A+ Online Training: includes over 25 hours of training in a mentored-learning format for professionals preparing to pass the CompTIA A+ exam or that are looking to increase their foundation-level knowledge and skills necessary for a career in IT support
- CISA Online Course Overview: intended for students that are preparing to pass the CISA test; a designation for IS audit control, assurance, and security professionals. The course comprises of 47 online modules and covers the same content of in-class versions
There are a number of other courses on hand that can cover additional skills and help professionals get an overview of a variety of other security topics that can help them in their daily work affected by DoD Directive (DoDD) 8140 (8570) Training and Certification – see more about the 8140 Training with Infosec. After selecting the needed Information Security Training, “you can trust that you are getting the most up-to-date information, complete hands-on labs, industry-leading instructors, and the certification preparation you will need,” vouches Infosec, as noted on its official website.
Conclusion
So, who should be concerned about DoD Directive 8140? All those who are most likely involved with IA/Cybersecurity positions within the DoD must be compliant with this directive within 6 months of employment. Therefore, if you are looking for specially designed courses available that fully comply with DoD 8140, then Infosec can be a good option with their specifically-designed courses in multiple formats to cater to the requests of students with different needs: online classes, workshops, and boot camps.
References
DoDD8140.com. (n.d.). DoDD 8570 & 8140 Background & History. Retrieved from http://dodd8140.com/
IASE. (n.d.). DoD 8570.01-M Manual Information Assurance Workforce Improvement Program and DoD Directive 8140.01 Cyberspace Workforce Management Frequently Asked Questions (FAQs). Retrieved from https://iase.disa.mil/iawip/Pages/iaetafaq.aspx
IASE. (n.d.). DoD Approved 8570 Baseline Certifications. Retrieved from https://iase.disa.mil/iawip/Pages/iabaseline.aspx
IASE. (n.d.). Summary of IA Workforce Qualification Requirements. Retrieved from https://iase.disa.mil/iawip/Pages/summary_wf_requirements.aspx
InfoSec Institute. (n.d.). 8140 Training with InfoSec Institute. Retrieved from https://www.infosecinstitute.com/8140-training-with-infosec-institute/
InfoSec Institute. (n.d.). 8570 Mandate Compliance Training. Retrieved from https://www.infosecinstitute.com/courses/8570-mandate-compliance-training/
Kyzer, L. (2015, April 23). What is DoD 8570? Retrieved from https://news.clearancejobs.com/2015/04/23/dod-8570/
McCray, J. (2017, May 3). What is DoD 8570, who does it apply to, and how it works. Retrieved from https://infosecaddicts.com/dod-8570/
McCurry, T. (2014, April 8). 8570 Certification and the Way Ahead to 8140 Certification. Retrieved from http://resources.infosecinstitute.com/dod-8570-requirements/#gref
![Dod Infosec Instruction Dod Infosec Instruction](/uploads/1/2/5/7/125740874/387538777.jpg)
NIST. (2016, August 11). DoD Directive 8140.01 Cyberspace Workforce Management. Retrieved from https://www.nist.gov/news-events/news/2016/08/dod-directive-814001-cyberspace-workforce-management
Sherman, R. (2017, August 30). Security+ and the DoD 8570. Retrieved from http://resources.infosecinstitute.com/category/certifications-training/securityplus/dod-8570/
Stanger, J. (2015, September 11). What are U.S. DoD 8140, 8570 and 8570.01-M and What Do They Mean for Your Career? Retrieved from https://certification.comptia.org/it-career-news/post/view/2015/09/11/what-are-u-s-dod-8140-8570-and-8570-01-m-and-what-do-they-mean-for-your-career-
Tittel, E. (2015, September 23). DoD 8570 Gives Way to DoD 8140, Specifies Security Certs for Government Workers. Retrieved from http://www.pearsonitcertification.com/blogs/blog.aspx?uk=DoD-8570-Gives-Way-to-DoD-8140-Sepcifies-Security-Certs-for-Government-Workers
Yip, K. N. (2018, March 30). CISSP: DoD 8570 Overview. Retrieved from http://resources.infosecinstitute.com/category/certifications-training/cissp/dod-8570-overview-for-the-cissp/
Department of Defense Directive 8570, or DoDD 8570 provides guidance and procedures for the training, certification, and management of all government employees who perform IA functions in their official assigned duties. These individuals are required to have an approved certification for their specific job classification.
All DOD IA jobs are defined as either ‘Management’ (IAM) or ‘Technical’ (IAT) Level I, II, or III. These levels reflect the system architecture that the employee is in, not the employee’s experience or military rank. This article will guide those who are seeking DoDD IAM level II certification and will examine the requirements, certification, and job positions that demand a DoDD 8570 certification.
What is the Difference Between IAM and IAT?
To determine whether a position is an IAM or IAT position, you must ask two questions:
- Does the position require privileged access to a DoD Information System Computing, Network, or Enclave environment?
- Does the position include any of the functional requirements listed in Chapter 3 of DoD 8570.01-M (Manual) for that level of the information system architecture?
If the answer to both questions is yes, then the position is an IAT position. If the answer is no to both, then it is not an IAT Position. If the answer is yes to the first question and no to the second question, then it is not an IAT position. If the answer is no to the first question and yes to the second question, it may be an IAM or other IA position.
System Environments
Across the board of IAM and IAT levels, there are different system environments that these positions operate in. These system environments are the Computing Environment (CE), The Networking Environment (NE), and the Enclave. IAM Level II personnel operate within the NE system environment, so it will be the system environment that this article focuses on.
NE, as defined by DoD 8570.01-M, is a component of an enclave responsible for connecting CE by providing short-haul data transport capabilities, such as local or campus area networks, or long-haul data transport capabilities, such as operational, metropolitan, or wide area and backbone networks that provide for the application of IA controls. Examples of possible networks in the basic enclave include Operations Networks, Logistics Networks, and Human Resources networks connecting to a Component Enclave. Each NE contains at least one CE.
![Infosec Infosec](/uploads/1/2/5/7/125740874/727855375.png)
To Whom Does DoDD 8570 Apply?
Any full or part-time military service member, contractor, or local nationals with privileged access to a DoD information system performing information assurance (security) functions — regardless of job or occupational series. Examples of who would hire individuals with a DoDD 8570 certification are:
- U.S. Department of Defense
- U.S. Intelligence Agencies
- U.S. Department of Homeland Security
- U.S Department of Justice
- U.S Department of State
- Most other U.S. federal government agencies
More specifically, common job positions that require DoDD 8570 IAM Level II are Cyberspace Analyst (Level 2), Malware Analyst (Level 2), Security Specialist (Level 2) Cybersecurity Information Assurance to name a few. If you want to work for the government as a middle-level Information Assurance employee, you will need to be DoDD 8570 IAM Level II certified.
DoDD 8570 Requirements
Currently, all employees performing IAM functions must be certified. This begs the obvious question of what do you need to be IAM Level II certified? To answer this, DoD 8570.01-M(Manual) explains that an individual seeking DoDD 8570 certification must have one of the baseline certifications for the level of their position. Across the levels of DoDD IAM 8570, different certifications are required for the different levels.
IA Baseline certifications are usually required to be earned by IA personnel within six months of assignment to the position. Regarding IAM Level II, the baseline certifications accepted are:
- CompTIA Advanced Security Practitioner (CASP) certification offered by CompTIA (InfoSec Training Course and Training Bootcamp available)
- Certified Authorization Professional (CAP) certification offered by ISC2 (InfoSec Training Course and Training Boot Camp available)
- Certified Information Security Manager (CISM) offered by ISACA (InfoSec Training Course and Training Boot Camp available)
- Certified Information Systems Security Professional (CISSP) (or Associate) certification offered by ISC2 (InfoSec Training Course and Training Boot Camp available)
- GIAC Security Leadership Certification (GSLC) offered by GIAC (InfoSec Training Course Available)
Luckily, InfoSec – the world leader in Information Security training, offers training courses for all of these baseline certifications. Additionally, InfoSec offers Certification Training Boot Camps that features an intense multi-day training regimen. Please visit www.infosecinstitute.com for more information on Training Courses and Training Boot Camps for these baseline certifications.
Aside from the baseline certifications requirement, DoD 8570.01-M sets out some additional requirements for an individual working in an IAM Level 2 position. IAM Level II personnel are responsible for the IA program of an Information System (IS) within the Network Environment (NE). Individuals in these positions perform a variety of security-related IA tasks, including the development and implementation of system information security standards and procedures. IAM Level II personnel ensure that the IS is functional and secure within the NE.
Moreover, further IAM Level II position requirements are listed in Table C4.T4 of DoD 8570.01-M. These requirements are:
- IAM Level II personnel usually have at least five years of management experience
- IAM Level II personnel are responsible for managing the IA operations for the NE
- IAM Level II personnel must apply knowledge of IA policy, procedures, and workforce structure to develop, implement, and maintain a secure the NE
- When issues arise, they normally get reported to IAM Level III (Enclave) Managers or Designated Accrediting Authority (DAA)
References
http://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodm/857001m.pdf
https://certification.comptia.org/why-certify/government
![](/uploads/1/2/5/7/125740874/372977576.jpg)