In a previous post, we discussed DoDD 8570.01, the directive on Information Assurance Training, Certification, and Workforce Management. In this post, we will talk about DoD 8570.01-M, which is the manual for DoDD 8570. DoD 8570.01-M is entitled Information Assurance Workforce Improvement Program. It is a set of guidelines and procedures for the training, certification, and management of the information assurance workforce. All of the DoD organization, agencies, and departments must comply with DoD 8570.01-M, which makes sure that the DoD has fully capable and reliable people in the proper places. Most people are knowledgeable about DoD 8570 (DoDD 8570.01 and DoD 8570.01-M) due to the certifications that are outlined within the manual. DoD 8570.01-M prepares the DoD IA workforce by requiring every full time and part time employee (service member, defense contractor, and civilian) to obtain a certification that has been accredited by the ISO/IEC.
The first question that comes to mind is “what certification do I need for my position”, or “how does it affect me if I’m already employed by the DoD”? The answer to most of your questions can be given by your Information Assurance Manager (IAM). The table below lists some of the certification providers and certifications that are listed within the DoD 8570.01-M.
|Certification Provider||Certification Name|
Computer Security Incident Handler (CSIH)
Certified Ethical Hacker(CEH)
Microsoft Certified System Administrator: Security (MCSA Security)
The SANS Institute
What Certification Should I Get?
The certifications that you need to get depends on the role that you have in the workforce. DoD 8570.01-M splits the workforce into two categories, IA Technical, and IA Management, and each of those have three levels, so the resultant levels are IAT I, IAT II, IAT III, IAM I, IAM II, and IAM III. In the latest version of DoD 8570.01-M, a few other functional areas were added. The current listing of certifications are listed in the table below:
If you have any other questions feel free to post a comment and we will get back to you!
I am trying to find out what certifications are accepted for IAT Level I, II and III. Currently I can only find something like the chart above that calls out the IA portion not the CE/OS certifications. I can only find a listing on a Navy document.
Please help, this is very hard to show why we are sending personnel to a class thats not identified on a ARMY site.
Example of what I am looking for:
Mr. Paul, DoD 8570.1M is a DoD-wide mandate so the chart you found will do just fine. Ultimately it’s up to your local IAM to decide, but the navy site that you posted looks like the most up to date version of the chart that I’ve seen lately.
Just to confirm to obtain a level in the certification chart you have hold only one of the listed certifications correct?
It depends on how your IA/Cyber manager interprets 8570, but most of the time if you have the IA cert and the OS cert, you’re good to go!
The website referred to above is no longer active or is at least inaccessible to myself. Is there a new URL that is available to use in reviewing certification requirements?
Can a Contractor get a CISSP DOD waiver? Can they have some time to get trained?
Most of the time the government gives their contractors a “grace period.” I’ve seen anywhere between 3 – 6 months. You may want to ask the COR on your contract.
I only see Universities and either BA or MA degrees in Cyber Security. What about Certifications that can be earned through IT Certification schools after passing and earning the required IT certifications for IAT level I, II, III or IAM level I, II, III? Are these approved by IAM’s, is there a list of approved schools?
Yes, certifications are definitely a way to help achieve IAT level certifications. Only your IAM can decide which certifications are accepted. We recommend talking to your IAM about this.