8140/8570 DOD

All of our cybersecurity based programs are aligned with the federal governments DoD directive for government agencies, private contractors and individuals accessing sensitive government data. Guidelines are below.

The Department of Defense created the 8140 directives to identify, tag, track, and manage the cybersecurity workforce. This directive lays down baseline certification requirements for technical, management, servicing, and engineering job roles while working for the U.S government or for a government contractor. The directive also updates policies and requirements regularly to account for new technologies and changes in the industry and allows for DoD workforce management to ensure that all requirements of the directive are met. Overall, the DoD 8140 covers 7 broad categories and 54 work roles and outlines which cybersecurity certifications are approved by the DoD.

DoD 8140 Job Categories

The DoD 8140 directive is an update of the 8570 DoD directive and uses work roles from the NICE framework. There are 7 job categories that are involved in the 8140 directives and it uses the Defense Cybersecurity Workforce Framework (DCWF) to identify job roles and add additional work roles. In addition to the 7 job categories, there are 33 different specialty areas that accompany each role.

DoD 8140 Compliance

Most government divisions and contractors will require information security personnel must obtain one of the IT certifications listed in the DoD 8570.01 mandate. In order to become compliant, you will have to earn specific baseline certifications, and in order to earn those certifications, you must follow a specific set of instructions.

The DoD Cyber Exchange outlines the four steps for earning baseline certifications.

1. Contact your IAM (Information Assurance Manager) and identify your position, level, and IT requirements needed for compliance.
2. Obtain training for the certification and follow your organization’s procedure.
3. Request an exam voucher from your IAM for the certification and complete the exam.
4. Notify your IAM once you have completed all required training and have received your certification.

The 7 Job Categories and specialty areas are:

1. Securely Provision – Risk management, software development, systems architecture, technology R&D, systems requirements planning, and test and evaluation.
2. Operate and Maintain – Data administration, knowledge management, customer service and technical support, network services, systems administration, and systems analysis.
3. Oversee and Govern – Legal advice and advocacy, training and education, cybersecurity management, strategic planning and policy, executive cyber leadership, project management.
4. Protect and Defend – Cyber-defense analysis, cyber defense infrastructure support, incident response, and vulnerability assessment.
5. Analyze – Threat analysis, exploitation analysis, all-source analysis, targets, and language analysis.
6. Collect and Operate – Collection operations, cyber operational planning, and cyber operations.
7. Investigate – cyber investigations and digital forensics.