This is the final article in a four-part series about U.S. Department of Defense (DoD) Directives 8570 and 8140. In the first article, you learned the differences between DoD Directive 8570, the 8570 manual (8570.01-m) and Directive 8140. In the second and third installments, you learned specifically about DoD Directives 8570 and 8140 and how they set standards for cybersecurity workforce management. In this final article, you will learn specifically about DoD 8570.01-m, commonly referred to as the 8570 manual.
DoD 8570.01-m Defined
Whereas DoD Directives 8570 and 8140 define the need to assess and manage the DoD’s cybersecurity workforce, the manual, DoD 8570.01-m, explains how to accomplish it. It provides guidance and procedures for the training, certification and management of the DoD workforce that conducts cybersecurity functions in assigned duty positions. It also provides information and guidance on reporting metrics and the implementation schedule.
6 Main Goals of DoD 8570.01-m
The manual outlines six goals for accomplishing the directive:
- Develop the DoD cybersecurity workforce to enhance protection and availability of DoD information, information systems and networks
- Establish baseline technical and management skills for cybersecurity functions across the enterprise
- Provide warfighters with qualified cybersecurity personnel
- Implement a formal cybersecurity workforce skills development and sustainment process
- Verify cybersecurity workforce knowledge and skills through standard IT certification testing
- Augment and enhance knowledge and skills on a continuous basis through experience and formal education
4 Job Categories of DoD 8570.01-m
The manual organizes job roles into four categories:
- Information Assurance Technical (IAT) – technical positions, such as security administrators
- Information Assurance Management (IAM) – management positions, such as security managers.
- Information Assurance Security Architecture and Engineering (IASAE) – higher-level positions, such as security engineers and security architects
- Cyber Security Service Provider (CSSP) – this category includes the specific job roles of cybersecurity analyst, infrastructure support, incident responder, management and auditing
3 Skill Levels of DoD 8570.01-m
The IAT, IAM and IASAE categories have three skill levels: I, II and III. The CSSP categories do not include skill levels because the positions are very specific. The skill levels vary by job category, but generally increase from beginner to intermediate to advanced.
A DoD 8570.01-m chart of approved certifications is below, but let’s look at the IAT category as an example to better illustrate how the job categories and skill levels come into play:
- Level 1: Computing Environment: At this level, DoD 8570.01-m requires an IT certification such as CompTIA A+ because it focuses on help desk support for the computing environment.
- Level 2: Network and Advanced Computer: DoD 8570.01-m level 2 jobs require an IT certification such as CompTIA Security+ because it focuses on securing networks.
- Level 3: Enclave/Advanced Network and Computer: Level 3 job within DoD 8570.01-m require IT certifications such as CompTIA Advanced Security Practitioner (CASP+) because it covers advanced networking skills.
What Are the DoD 8570.01-m-Approved Certifications?
At the time of this writing, DoD Directive 8140 continues to use 8570.01-m to identify the requirements. DoD 8570.01-m is still in use and actively managed by the DoD. A DoD 8140 manual is expected to be released in the next year.
According to the manual, “the 8570.01-m certification programs are intended to produce cybersecurity personnel with a baseline understanding of the fundamental cybersecurity principles and practices related to the functions of their assigned position. Each category, specialty and skill level has specific certification requirements that must be provided by the Department of Defense to government employees (military or civilian).”
CompTIA is well represented in the DoD 8570.01-m list of approved, required IT certifications, as shown in the following table. For a complete list of approved certifications, click here.
DoD 8570.01-m Approved Certifications from CompTIA
Information Assurance Technical (IAT)
IAT Level I
IAT Level II
IAT Level III
Information Assurance Management (IAM)
IAM Level I
IAM Level II
IAM Level III
Information Assurance Security Architecture and Engineering (IASAE)
Cyber Security Service Provider (CSSP)
CSSP Infrastructure Support
CSSP Incident Responder
*CompTIA PenTest+ is pending 8570.01-m approval for CSSP Incident Responder and CSSP Auditor.
What Training Is Required to Achieve DoD 8570.01-m Compliance?
To meet the 8570.01-m certification requirements, you’ll need a combination of training and experience, such as on-the-job training and continuing education. Training and other activities are related to obtaining and renewing an IT certification.
How to Become DoD 8570.01-m Compliant
DoD personnel must comply with DoD 8570.01-m by earning one or more of the IT certifications that fall under their assigned job categories. Most DoD-related organizations are required to comply, and therefore assign personnel to a job category.
In addition, IT certification holders must keep their IT certifications current by following the recertification policies set by their certification provider. Keeping your certification current helps to ensure longevity in your IT career. If your certification expires, you will need to sit for and pass the exam again.
For more information on how to comply with DoD 8570.01-m, read Steps to Obtain a DoD 8570 Baseline Certification at the DoD Cyber Exchange. And learn about how to renew your CompTIA certifications in the continuing education section of our website.
What’s the Difference Between DoD 8570 vs. 8570.01-m vs. 8140?
Despite having different numbers, DoD 8570, DoD 8140 and DoD 8570.01-m are all interrelated. Directive 8140 is the updated version of 8570 and was created to expand the work roles covered. DoD 8570.01-m is the manual that lists the IT certification requirements. The new DoD 8140 manual is expected to identify the new requirements, such as IT certifications and training, but those requirements are unknown at this time.
The DoD will continue to assess and manage its cybersecurity workforce and education will continue to play a key role in that mission. CompTIA will keep you informed on new developments with DoD 8140, including the eventual release of the DoD 8140 manual.
Whether you work for the DoD or in the corporate sector, CompTIA certifications validate the skills you need for IT. See which certification is right for you and download the exam objectives for free.
Patrick Lane, M.Ed., Network+, MCSE, CISSP, directs cybersecurity workforce certifications for CompTIA, including Security+, PenTest+, CySA+, and CASP+. He assisted the U.S. National Cybersecurity Alliance (NCSA) to create the “Lock Down Your Login” campaign to promote multi-factor authentication nationwide. He has implemented a wide variety of IT projects as a network, security and server administrator, security analyst and architect. Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, born and raised on U.S. military bases, and has authored and co-authored multiple books, including Hack Proofing Linux: A Guide to Open Source Security.