Department of Defense Directive 8570.1
In 2004, the US Department of Defense (DoD) established Directive 8570.1: Information
Assurance Training, Certification and Workforce Management. It requires that all DoD
information assurance technicians and managers are trained and certified to effectively defend
DoD information, information systems and information infrastructures.
DoD 8570.01-M. DoD Approved Baseline Certifications
As an extension of Appendix 3 to the DoD 8570.01-Manual, the following certifications have been
approved as IA baseline certifications for the IA Workforce. Personnel performing IA functions must
obtain one of the certifications required for their position category or specialty and level. Refer
to Appendix 3 of 8570.01-M for further implementation guidance.
IAT Level I | IAT Level II | IAT Level III |
CompTIA A+CE CompTIA Network+CE SSCP |
GSEC CompTIA Security+CE SSCP |
CISA GCED CASP+ CISSP (or Associate) GCIH |
IAM Level I | IAM Level II | IAM Level III |
CAP GSLC CompTIA Security+CE |
CAP GSLC CISM CASP+ CISSP (or Associate) |
GLSC CISM CISSP (or Associate) |
IASAE I | IASAE II | IASAE III |
CASP+ CISSP (or Associate) CSSLP |
CASP+ CISSP (or Associate) CSSLP |
CISSP - ISSEP CISSP - ISSAP |
CNDSP Analyst | CNDSP Infrastructure Support |
CNDSP Incident Reporter |
CNDSP Auditor | CNDSP Manager |
GCIA GCIH |
SSCP |
GCIH CSIH GCFA |
CISA GSNA |
CISSP-ISSMP CISM |
The above table provides a list of DoD approved IA baseline certifications aligned to each category and level of the IA Workforce. Personnel performing IA functions must obtain one of the certifications required for their position, category/specialty and level to fulfill the IA baseline certification requirement. Most IA levels within a category or specialty have more than one approved certification and a certification may apply to more than one level.
An individual needs to obtain only one of the "approved certifications"; for his or her IA category or specialty and level to meet the minimum requirement. For example, an individual in an IAT Level II position could obtain any one of the four certifications listed in the IAT Level II cell.
Higher level IAT and IAM certifications satisfy lower level requirements. Certifications listed in Level II or III cells can be used to qualify for Level I. However, Level I certifications cannot be used for Level II or III unless the certification is also listed in the Level II or III cell. For example:
- The A+ or Network+ certification qualify only for Technical Level I and cannot be used for Technical Level II positions.
- The System Security Certified Practitioner (SSCP) certification qualifies for both Technical Level I and Technical Level II. If the individual holding this certification moved from an IAT Level I to an IAT Level II position, he or she would not have to take a new certification.
Higher level CND-SP and IASAE certifications do not satisfy lower level requirements
The GIAC GSE and GISF were removed from the approved list on 25 January 2013. Individuals holding one of these certifications to qualify for their current IA position will remain qualified. However, a different certification may be required once the GIAC GSE or GISF expires or if the individual changes positions requiring a different certification.
CompTIA's transition from certified for life to their ANSI Approved CE program, includes a status called "enrolled" for members who were certified in their original program. DoD lA workforce members must either have a CompTIA "CE certification" or be "enrolled". Personnel "enrolled" have registered with CompTIA and are working toward obtaining their CompTIA CE certification. Personnel in an "enrolled" status have been assigned a date to complete their continuing education requirement by CompTIA. DoD considers the "enrolled" status as compliant with meeting the certification requirement. However personnel who do not meet their CompTIA CE requirements by the date assigned will not obtain the CE certification and will no longer be compliant with the DoD's certification requirement.
What are the contractor qualification implementation requirements?
Contractors performing IA functions on a DoD system must meet the qualification requirements established in the DoD 8570.01-M for the category and level functions in which they are performing. All contractors brought on to a DoD contract to perform Information Assurance Manger (IAM) Information Assurance Technician (IAT), (Information Assurance System Architect and Engineer (IASAE) or Chapter 11 (Computer Network Defense Service Provider (CND SP)) functions after 31 December 2011 should meet the baseline certification requirement prior to assignment of IAM, IAT, IASAE, or CND SP job functions.
- The contracting officer will ensure that contracting personnel are appropriately certified. They will need to provide verification to the Contractor Verification System (CVS)
- Components should not pay for contractors to obtain/retain required certifications. However, Components may provide additional training on local or DoD specific system procedures
Disclaimer:
The data contained on these pages is supplied for informational purposes only. It was acquired from internet resources posted by the actual governing body of the source material. To the best of our knowledge, the information is accurate and up-to-date as of the date we published it to our sites. CBT Campus/CBT XPress does not guarantee the accuracy or claim to know the current policies of these organizations. We highly recommend that you research any and all certification requirements from these organizations on your own.
For more information on DoD 8570.01-M. DoD Approved Baseline Certifications, visit http://iase.disa.mil/iawip/Pages/policyref.aspx