Information Assurance

DoD 8570.01-M – What is DoD Directive (DoDD) 8570? (Part 2)

In a previous post, we discussed DoDD 8570.01, the directive on Information Assurance Training, Certification, and Workforce Management.  In this post, we will talk about DoD 8570.01-M, which is the manual for DoDD 8570.  DoD 8570.01-M is entitled Information Assurance Workforce Improvement Program.  It is a set of guidelines and procedures for the training, certification, and management of the information assurance workforce.  All of the DoD organization, agencies, and departments must comply with DoD 8570.01-M, which makes sure that the DoD has fully capable and reliable people in the proper places.  Most people are knowledgeable about DoD 8570 (DoDD 8570.01 and DoD 8570.01-M) due to the certifications that are outlined within the manual.  DoD 8570.01-M prepares the DoD IA workforce by requiring every full time and part time employee (service member, defense contractor, and civilian) to obtain a certification that has been accredited by the ISO/IEC.

The first question that comes to mind is “what certification do I need for my position”, or “how does it affect me if I’m already employed by the DoD”?  The answer to most of your questions can be given by your Information Assurance Manager (IAM).  The table below lists some of the certification providers and certifications that are listed within the DoD 8570.01-M.

Certification ProviderCertification Name


Computer Security Incident Handler (CSIH)


  • A+
  • Network+
  • Security+


Certified Ethical Hacker(CEH)


  • Certification and Accreditation Professional (CAP)
  • Certified Information Systems Security Professional (CISSP) (or CISSP Associate)
  • Information Systems Security Architecture Professional (CISSP-ISSAP)
  • Information Systems Security Engineering Professional (CISSP-ISSEP)
  • Information Systems Security Management Professional (CISSP-ISSMP)
  • System Security Certified Practitioner (SSCP)


  • Certified Information Security Manager (CISM)
  • Certified Information Security Auditor (CISA)

Microsoft Corporation

Microsoft Certified System Administrator: Security (MCSA Security)


  • Security Certified Network Professional (SCNP)
  • Security Certified Network Architect (SCNA)

The SANS Institute

  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Security Expert (GSE)
  • GIAC Security Essentials Certification (GSEC)
  • GIAC Security Leadership Certificate (GSLC)
  • GIAC Systems and Network Auditor (GSNA)
  • GIAC Information Security Fundamentals (GISF)

What Certification Should I Get?

The certifications that you need to get depends on the role that you have in the workforce.  DoD 8570.01-M splits the workforce into two categories, IA Technical, and IA Management, and each of those have three levels, so the resultant levels are IAT I, IAT II, IAT III, IAM I, IAM II, and IAM III.  In the latest version of DoD 8570.01-M, a few other functional areas were added.  The current listing of certifications are listed in the table below:

DoD 8570.01-M Approved Certifications

If you have any other questions feel free to post a comment and we will get back to you!


  1. Avatar for dodiatraininghq

    Brett Paul

    I am trying to find out what certifications are accepted for IAT Level I, II and III. Currently I can only find something like the chart above that calls out the IA portion not the CE/OS certifications. I can only find a listing on a Navy document.

    Please help, this is very hard to show why we are sending personnel to a class thats not identified on a ARMY site.

    Example of what I am looking for:

    Brett Paul

    • Avatar for dodiatraininghq

      Mr. Paul, DoD 8570.1M is a DoD-wide mandate so the chart you found will do just fine. Ultimately it’s up to your local IAM to decide, but the navy site that you posted looks like the most up to date version of the chart that I’ve seen lately.

  2. Avatar for dodiatraininghq


    Just to confirm to obtain a level in the certification chart you have hold only one of the listed certifications correct?

    • Avatar for dodiatraininghq

      It depends on how your IA/Cyber manager interprets 8570, but most of the time if you have the IA cert and the OS cert, you’re good to go!

  3. Avatar for dodiatraininghq

    Ken Hatten

    The website referred to above is no longer active or is at least inaccessible to myself. Is there a new URL that is available to use in reviewing certification requirements?


  4. Avatar for dodiatraininghq

    Laura Godin

    Can a Contractor get a CISSP DOD waiver? Can they have some time to get trained?

    • Avatar for dodiatraininghq

      Most of the time the government gives their contractors a “grace period.” I’ve seen anywhere between 3 – 6 months. You may want to ask the COR on your contract.

  5. Avatar for dodiatraininghq

    Jennifer Strobl

    I only see Universities and either BA or MA degrees in Cyber Security. What about Certifications that can be earned through IT Certification schools after passing and earning the required IT certifications for IAT level I, II, III or IAM level I, II, III? Are these approved by IAM’s, is there a list of approved schools?

    • Avatar for dodiatraininghq

      Yes, certifications are definitely a way to help achieve IAT level certifications. Only your IAM can decide which certifications are accepted. We recommend talking to your IAM about this.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.