Make Sense of DoD 8570 and 8140

Need to understand what the U.S. Department of Defense (DoD) directives 8140, 8570, and 8570.01-M, are? don’t worry! You’re not the only one. These DoD directives may seem confusing, but they’re actually pretty easy to understand. This article can help you Make Sense of DoD 8570 and 8140 for your Cyber Security Career.

For those who are interested in information technology, DoD 8140 is actually a massive opportunity. As the DoD increased its focus on cybersecurity, thousands of jobs for trained individuals have been created. Large and small organizations and businesses are following the DoD’s lead and have begun requiring similar certifications for their employees to help mitigate risk and protect their organizational data.

August 2004
DoD 8570 Compliance

DoD 8570 (technically 8570.1) compliance is required of all authorized users of DoD information systems, including military service members, contractors, and government employees. If you’ve been searching for cybersecurity jobs, chances are you’ve seen a listing with DoD 8570 compliance requirement as part of the posting.

Signed August 15, 2004, DoD 8570 is a directive that requires the American National Standards Institute (ANSI) accredited certification for information assurance workers. You can achieve compliance by achieving specific IT certifications. DoD 8570 established three levels of certification requirements for Information Assurance Management (IAM) and Information Assurance Technicians (IAT). IAM roles are typically in a management or leadership position, whereas IAT roles are actively working with controlled information or on the networks that carry it. If you want to qualify for DoD Information Assurance jobs, you must obtain one of the certifications required for that position category or specialty and level.

August 2015
DoD 8140: A New Focus on Cyber Security

Recently, officials realized there was a need to change the way the DoD handled information and network security. Changes in those technologies since 2004 and an increase in cyber attacks were the driving force behind this new directive.

On August 11, 2015, the 8140 DoD directive was signed by representatives of the U.S. Department of Defense. Because of this change of focus, the “Information Assurance (IA) Workforce” has been renamed to the “Cybersecurity Workforce.”

DoD 8140 confirms the importance of popular IT certifications like A+Network+Security+, and CISSP as well as adding newly approved baseline cybersecurity certifications including CASPCEH, and more.

DoD 8570 Certifications Table

So what happens to DoD 8570?

DoD Directive 8140 “reissues, renumbers, and cancels DoD Directive (DoDD) 8570.01 to update and expand established policies and assigned responsibilities for managing the DoD cyberspace workforce” according to the Information Assurance Support Environment site. Despite this, DoD 8140 currently uses the DoD 8570 manual.

DoD 8140 will eventually have its own manual, but it takes a few years to create complex manuals like this. For this reason, the DoD will continue using the 8570 manual, called 8570.01-M, for the time being. When a new manual is released for 8140 it will most likely replace 8570.01-M.

One of the major changes that DoD 8140 will bring about once its new manual is released is more of a focus on training that includes live, hands-on exercises like the Mission Critical Institute CCRMP program.

The DoD wanted to make sure that the certifications required for the Cybersecurity Workforce Knowledge Units give their holders, not just the knowledge, but also the know-how to defend the United States’ networks, digital assets, and information.

Starting to Make Sense of DoD 8570 and 8140?

Circa 2020
A New Era for Cybersecurity

US DoD IO schools were recently re-aligned to 8140 based performance training – aligned to job role competency. Since it is aligned with the US Department of Homeland Security’s National Cybersecurity Workforce Framework Domains and the NIST Cybersecurity Framework, many academic, training and industry certification organizations are positioning existing programs to be recognized as cyber technical but do not meet the same IO workforce competency standards within specific job role competencies.

From a risk management perspective, the cybersecurity industry requires multiple levels of skills and talent.

  1. From Information Assurance and Enterprise Risk Management, which allows an organization to mitigate risks by implementing processes to manage, protect and defend its data, technical assets, and information systems.
  2. To Information Operations which is focused on the unique knowledge, skills, and abilities required to proactively deploy teams for cyber defense. with highly tactical individuals continuously identifying, mitigating and staying ahead of the adversary.

More and more cybersecurity education and training organizations will begin to release programs that focus and recognize performance based assessments at both the Information Assurance and Information Operations levels.

Both areas of the industry require skilled individuals to manage and mitigate organizational risk through appropriate enterprise processes and active defense.

Higher recognition will be given to those individuals that complete a program that can be articulated into, or offered directly in partnerships with accredited institutions that can award academic credentials and degrees.

The Mission Critical Institute cybersecurity CCRMP curriculum is aligned to the specialty areas of the National Cybersecurity Workforce Framework and listed as a provider on the Department of Homeland Security NICCS website. The program is directly aligned to the NIST Risk Management Framework and the NIST Cyber Security Framework as well as NICE Cybersecurity functions and roles.

CCRMP - Certified Cloud Risk Management Professional

The CCRMP covers 1) the Information Assurance and Enterprise Risk Management component and 2) Information Operations through an integrated e-learning eco-system that deploys an enterprise risk management dashboard and RMF/CSF alignment along with “Red” and “Blue” team virtual cyber ranges, software-defined infrastructures,  and network devices, on various Unix and Windows operating system, with related network architectures and technologies that allow Red/Blue teams to engage tactically.

Partnering for the Future
Developing Cyber Risk Management Professionals as well as Tactical Cyber Warriors

The Mission Critical Institute further partners with education institutions and coding boot camps, that produce software engineers, and can be upgraded into a Cybersecurity Career pathway to increase the Human Capital Development pipeline for all ends of the cybersecurity talent market.

You don’t have to be a software engineer to earn a Cybersecurity Cloud Risk Management professional Certificate or Degree, but it does require a baseline understanding of today’s technology.

From Cybersecurity Cloud Risk Management, to tactically placed Information Operation Individuals, that leverage technologies like Python and engage in TCP/IP stack, deep-packet analysis, network forensics, Windows and *NIX system operator fundamentals, malware triage and the pre/postcompromise.

If you do have a robust and tactical understanding of today’s technology then an Information Operations position may be right for you.

Learn more about the CCRMP Program here.

How will DoD 8140 affect you?

For many IT professionals, and those interested in IT, this presents a huge opportunity. With the DoD’s increased focus on cybersecurity, certified individuals are in high demand. DoD contractors operate all over the United States and even abroad, which makes it easy to take your credentials just about anywhere and get hired.

For those who are serving in the military, DoD 8140 (and 8570 before it) provides a way to gain valuable experience that translates directly into a lucrative civilian career. If you can work in the Cybersecurity Workforce during your service, you’ll come out of your military career with military clearance and certifications that will give you a huge head start in the civilian world.

For cybersecurity education and training companies like the Mission Critical Institute, DoD 8140 was a major driver towards the development of 100% hands-on performance based CCRMP program certificate, that also allows an individual to earn 8570 compliant CISSP, CEH and CAP certificates.

Time to Join the Cybersecurity Workforce?

The average annual salary for a cybersecurity trained individual is $95,000 and there is a huge shortage of qualified workers. In the U.S. alone, over 40,000 jobs for information security analysts are going unfilled every year, and employers are struggling to fill 200,000 other cyber security-related roles, according to CyberSeek. With demand for these professionals at record levels, you can be sure that getting certified will pay off in spades.

Mission Critical Institutes Cybersecurity Academy offers high-velocity IT training programs that can help you complete your information security certifications and be job-ready in weeks. Day and night class schedules make it easy for you to get the training you need fast in a way that works with your schedule with both 100% performance-based approaches and certification based constructs. You won’t leave the Mission Critical institute with just a certificate or academic degree (through our partners) you achieve the skills you need to be successful in your career. Our industry-expert instructors will make sure you have the knowledge you need to excel in a new job role, whether it’s through DoD 8570 or DoD 8140. We hope this article helps you make sense of DoD 8570 and 8140

Get started by completing the Cybersecurity Career Readiness Assessment