The Department of Defense Directive 8140 (DoD 8140), also known as the Information Assurance Workforce Improvement Program or Cybersecurity Workforce Improvement Program, was designed based on the National Institute of Standards and Technology (NIST) National Initiative for Cybersecurity Education (NICE) framework. This directive is an update and expansion of the previous DoD Directive 8570. DoD 8140 outlines the necessary training and certifications required for government employees to perform different levels of Information Assurance (IA) job functions. DoD 8140 also outlines the responsibilities of managing the workforce requirements for the applicable agencies.
Maintaining a qualified cyberspace workforce is a priority for the DoD. One of the primary purposes of the DoD 8140 directive is to unify the cyberspace workforce to ensure alignment and standardization across cyberspace work roles and qualifications across the DoD. The directive ensures that anyone working with DoD information systems has the minimum baseline certification(s) to perform their job function competently.
What are the different DoD 8140 IA categories?
- Information Assurance Technical (IAT)
- IAT Level I
- IAT Level II
- Information Assurance Management (IAM)
- IAM Level I
- IAM Level III
- Information Assurance System Architects and Engineers (IASAE)
- IASAE I
- IASAE II
- IASAE III
- Cyber Security Service Providers (CSSP)
- CSSP Infrastructure Support
- CSSP Incident Responder
- CSSP Auditor
- CSSP Manager
Start the "CompTIA Network+" Certification Course >>
Who does DoD 8140 apply to?
DoD 8140 applies to anyone working part or full time with DoD information systems including contractors, civilians, military, and interns whose positions fall into the following categories:
- All personnel performing IAT and IAM functions
- All personnel performing CSSP and IASAE roles
- Personnel categorized as ‘Technical’ or ‘Management’ level I, II, or III
DoD 8140 applies explicitly to personnel in the following organizations:
- Office of the Secretary of Defense (OSD)
- Military Departments
- Office of the Chairman of the Joints Chiefs of Staff (CJCS)
- Joint Staff
- Combatant Commands
- Office of the Inspector General of the Department of Defense (IG DoD)
- Defense Agencies
- DoD Field Activities
- DoD Components
- United States Coast Guard
If your job function falls into a category that requires DoD 8140 certification, you will be required to obtain certification within six months to be compliant with this directive.
How do I obtain DoD 8140 Certification?
If DoD 8140 certification is required for your position, your Information Assurance Manager should be able to help you get started with the certification process. You first need to identify the IA category and level of certification required for your position, then figure out which certification you would like to obtain. After you have successfully passed your certification, simply provide your IA Manager with your certification information.
The chart below gives you an idea of the baseline certifications for each of the categories. You only need to obtain one certification within the category level for your current IA position, but there are several options to choose from in each of the categories.
Approved Baseline Certifications
IAT Level IIAT Level IIIAT Level IIIA+ CE
CCNA-Security
CND
Network+ CE
SSCPCCNA-Security
CySA+
GICSP
GSEC
Security+ CE
CND
SSCPCASP+ CE
CCNP Security
CISA
CISSP (or Associate)
GCED
GCIHIAM Level IIAM Level IIIAM Level IIICAP
CND
Cloud+
GSLC
Security+ CECAP
CASP+ CE
CISM
CISSP (or Associate)
GSLC
CCISOCISM
CISSP (or Associate)
GSLC
CCISOIASAE IIASAE IIIASAE IIICASP+ CE
CISSP (or Associate)
CSSLPCASP+ CE
CISSP (or Associate)
CSSLPCISSP-ISSAP
CISSP-ISSEPCSSP AnalystCSSP Infrastructure SupportCSSP Incident ResponderCEH
CFR
CCNA Cyber Ops
CCNA-Security
CySA+
GCIA
GCIH
GICSP
Cloud+
SCYBERCEH
CySA+
GICSP
SSCP
CHFI
CFR
Cloud+
CNDCEH
CFR
CCNA Cyber Ops
CCNA-Security
CHFI
CySA+
GCFA
GCIH
SCYBERCSSP AuditorCCSP ManagerCEH
CySA+
CISA
GSNA
CFRCISM
CISSP-ISSMP
CCISO
How should I choose which certification to get?
If you are not sure which certification is right for you, do some research on the options available in the IA category that your position falls into, and make an educated decision. There are different certification options available from various certification providers, and the exams can vary in format and structure. If you already have a lower level certification from one vendor, you may want to take one of the higher-level certification exams from that same vendor because it would renew your lower-level certification while ensuring your compliance with DoD 8140. Obtaining a certification can be a great way to learn new skills and advance in your career, so I would recommend choosing a certification that aligns with your interests and career goals. Ultimately, you get to decide which certification to take, so choose wisely and have fun with it!
Cybrary helps organizations close the cybersecurity skills gap and build a workforce capable of tackling the challenges of today, and tomorrow. Request your demo of Cybrary for Teams to get started.
References
- https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodd/814001p.pdf?ver=2019-06-06-120639-863
- https://public.cyber.mil/cw/cwmp/steps-to-obtain-a-dod-8570-baseline-certification/
