Training / Certification Paths

Roadmap to Success: DOD 8570 and 8140 Compliance

by Karin Klinger
Roadmap to Success: DOD 8570 and 8140 Compliance picture: A
Published on July 3, 2017

Roadmap to Success is a series of posts designed to help learners better understand certification pathways, career opportunities associated with those certifications, and next steps beyond certification.

IT pros hoping to work for the Department of Defense (DOD) or other federal government agencies, even on a contractual or temporary basis, must meet a variety of compliance regulations in order to be eligible for employment. At this time, DOD Directive 8140 provides the regulations for employment, superseding DOD Directive 8570. There are differences between the two directives, but for now they're closely aligned. IT pros can serve in a variety of roles under the federal government, but most typically include network administrator, systems administrator, security specialist, and more.

Department of Defense Directive 8140 and 8570

The Department of Defense Directive (DoDD) 8140 recently replaced Directive 8570, creating a larger initiative and framework that provides Information Assurance workforce qualification requirements. Though DoDD 8140 is the current policy, it adopted the DoDD 8750 manual until an updated manual is produced. As a result, learners who are interested in working with the federal government or the DOD must be compliant with DoDD 8750 regulations.

DoDD 8140 and 8750 Workforce Qualification Requirements basically establish the minimum qualifications IT pros must meet in order to be eligible to work with the DOD or other federal government agencies. DoDD 8140/8750 identifies a variety of levels of Information Assurance Technical (IAT), Information Assurance Management (IAM), Information Assurance System Architect and Engineer (IASAE), and Cyber Security Service Provider (CSSP) for which IT pros must earn industry certifications to qualify for employment.

DoD-approved 8140 (DoDD 8570) Baseline Certifications (IAT, IAM, and IASAE)

IAT Level I

IAT Level II

IAT Level III

CompTIA A+

CompTIA Network+

Cisco Certified Network Associate – Security (CCNA Security)

(ISC)2 Systems Security Certified Practitioner (

SSCP

)

Cisco Certified Network Associate – Security (CCNA Security)

CompTIA CySA+

GIAC Global Security Cyber Security Professional (

GICSP

)

GIAC Security Essentials (

GSEC

)

CompTIA Security+

(ISC)2 Systems Security Certified Practitioner (

SSCP

)

CompTIA Advanced Security Practitioner (

CASP

)

ISACA Certified Information Systems Auditor (

CISA

)

(ISC)2  Certified Information Systems Security Professional (CISSP)

 (or Associate)

GIAC Certified Enterprise Defender (

GCED

)

GIAC Certified Incident Handler (

GCIH

)

IAM Level I

IAM Level II

IAM Level III

(ISC)2 Certified Authorization Professional (

CAP

)

GIAC Security Leadership (

GSLC

)

CompTIA Security+

(ISC)2 Certified Authorization Professional (

CAP

)

CompTIA Advanced Security Practitioner (

CASP

)

ISACA Certified Information Security Manager (

CISM

)

(ISC)2  Certified Information Systems Security Professional (CISSP)

 

(or Associate)

GIAC Security Leadership (

GSLC

)

ISACA Certified Information Security Manager (

CISM

)

(ISC)2  Certified Information Systems Security Professional (CISSP)

 

(or Associate)

GIAC Security Leadership (

GSLC

)

IASAE I

IASAE II

IASAE III

CompTIA Advanced Security Practitioner (

CASP

)

(ISC)2  Certified Information Systems Security Professional (CISSP)

 

(or Associate)

(ISC)2 Certified Secure Software Lifecycle Professional (

CSSLP

)

CompTIA Advanced Security Practitioner (

CASP

)

(ISC)2  Certified Information Systems Security Professional (CISSP)

 

(or Associate)

(ISC)2 Certified Secure Software Lifecycle Professional (

CSSLP

)

(ISC)2 Certified Information Systems Security Professional – Architecture (

CISSP-ISSAP

)

(ISC)2 Certified Information Systems Security Professional – Engineering (

CISSP-ISSEP

)

DoD-approved 8140 (DoDD 8570) Baseline Certifications (CSSP)

CSSP Analyst

CSSP Infrastructure Support

CSSP Incident Responder

CSSP Auditor

CSSP Manager

White Hat Hacking

CompTIA CySA+

GIAC Certified Intrusion Analyst (

GCIA

)

GIAC Certified Incident Handler (

GCIH

)

GIAC Global Industrial Cyber Security Professional (

GICSP

)

Cisco Cybersecurity Specialist (

SCYBER

)

White Hat Hacking

CompTIA CySA+

GIAC Global Industrial Cyber Security Professional (

GICSP

)

(ISC)2 Systems Security Certified Practitioner (

SSCP

)

White Hat Hacking

CompTIA CySA+

GIAC Certified Forensic Analyst (

GCFA

)

GIAC Certified Incident Handler (

GCIH

)

Cisco Cybersecurity Specialist (

SCYBER

)

White Hat Hacking

CompTIA CySA+

ISACA Certified Information Systems Auditor (

CISA

)

GIAC Systems and Network Auditor (

GSNA

)

ISACA Certified Information Security Manager (

CISM

)

(ISC)2 Certified Information Systems Security Professional – Management (

CISSP-ISSMP

)

DOD 8140/8750 baseline certifications come from a variety of vendors across the IT industry including:

  • (ISC)2 CAP Certification provides eligibility for IAM Level I and IAM Level II CISSP (learn more from the Roadmap to Success: CISSP ) Certification provides eligibility for IAT Level III, IAM Level II, IAM Level III, IASAE Level I, and IASAE Level II CISSP-ISSAP Certification provides eligibility for IASAE Level III CISSP-ISSEP Certification provides eligibility for IASAE Level III CISSP-ISSMP Certification provides eligibility for IASAE Level III CSSLP Certification provides eligibility for IASAE Level I and IASAE Level II SSCP Certification provides eligibility for IAT Level I, IAT Level II, and CSSP Infrastructure Support

  • Cisco CCNA Security (learn more from the Roadmap to Success: CCNA Security ) Certification provides eligibility for IAT Level I and IAT Level II SCYBER Certification provides eligibility for CSSP Analyst and CSSP Infrastructure Support

  • CompTIA A+(learn more from the Roadmap to Success: CompTIA A+) Certification provides eligibility for IAT Level I CASPCertification provides eligibility for IAT Level III, IAM Level II, IASAE Level I, and IASAE Level II Network+ (learn more from the Roadmap to Success: CompTIA Network+ ) Certification provides eligibility for IAT Level I Security+ (learn more from the Roadmap to Success: Security+) Certification provides eligibility for IAT Level II and IAM Level I

  • GIAC GCED Certification provides eligibility for IAT Level III GCFA Certification provides eligibility for CSSP Incident Responder GCIA Certification provides eligibility for CSSP Analyst GCIH Certification provides eligibility for IAT Level III, CSSP Analyst, and CSSP Incident Responder GICSP Certification provides eligibility for IAT Level II, CSSP Analyst, and CSSP Infrastructure Support GSEC Certification provides eligibility for IAT Level II GSNA Certification provides eligibility for CSSP Auditor GSLC Certification provides eligibility for IAM Level I, IAM Level II, and IAM Level III

  • ISACA CISA (learn more from the Roadmap to Success: ISACA CISA) Certification provides eligibility for IAT Level III and CSSP Auditor CISMCertification provides eligibility for IAM Level II, IAM Level III, and CSSP Manager

Exam Details

DoDD 8570 and 8140 compliance draws from a diverse range of vendors, certifications, and exams. There may be some exceptions to the generalizations regarding the following overview of relevant exams.

(ISC)2 Exams (ISC)2 Steps for Certification:

  1. Document required experience to earn eligibility to sit for many (ISC)2 exams.

  2. Schedule and pass appropriate exam(s).

  3. Complete the endorsement process within nine (9) months of passing the certification exam(s).

Time allotted for exam: 3-6 hours, depending on the exam Number of questions: 125-250, depending on the exam Passing score: 700 out of 1,000 points Exam registration: Pearson Vue testing centers Exam cost: $250-549 (USD)*, depending on the exam *Learn more about 2017 (ISC)2 exam pricing Exam outlines: Available by request on the (ISC)2 website (free resource)

Cisco Exams Time allotted for exam: 1.5 hours (90 minutes) per exam Number of questions: 40-60 questions per exam Passing score: Cisco does not publish the passing score for its exams Question types: Multiple choice/single answer; Multiple choice/multiple answer; Drag and drop; Fill-in-the-blank; Simulation; Testlet; Simlet Exam registration: Pearson VUEExam cost: $165-300 (USD)*, depending on the exam *Learn more about exam fees from Pearson VUEExam topics: Freely available from Cisco

CompTIA Exams Time allotted for exam: 90-165 minutes, depending on the exam Number of questions: Maximum of 90 questions Passing score: 675-750* (on a scale of 100-900), depending on exam *The CASP exam is a pass/fail exam with no scaled score. Question types: Multiple choice and performance-based Exam registration: Pearson Vue Exam cost: $205-426 (USD), depending on exam Exam objectives: Freely available from CompTIA

EC-Council Exams Time allotted for exam: 4 hours (240 minutes) Number of questions: 125 Passing score: 70% Question types: Multiple choice Exam registration: Pearson VueExam cost: $500 (USD) for an exam voucher; $100 (USD) for the exam eligibility fee Exam Blueprint: CEH Exam Blueprint v2.0

GIAC Exams Time allotted for exam: 3-5 hours, depending on the exam Number of questions: 115-180*, depending on the exam Please note that GIAC exams are open-book. Passing score: 68-74%, depending on the exam Question types: Multiple choice; Application and analysis; RealSexam™ questions Exam registration: GIAC Proctored Exam Registration or Pearson VUEExam cost: $429-2,199 (USD), depending on the exam* *Learn more about GIAC certification pricing Exam Certification Objectives & Outcome Statements: Freely available from GIAC

ISACA Exams Time allotted for exam: 4 hours Number of questions: 15 Question types: Multiple choice Passing score: 450 Exam registration: ISACAExam cost: Early registration for ISACA members: $525  —  for non-ISACA members: $710 Standard registration for ISACA members: $575  —  for non-ISACA members: $760 *Fees for exam registrations submitted by mail or fax increase by $75 Exam Objectives: Freely available from ISACA

Career Considerations

There are a variety of valuable resources available to help learners determine appropriate pay scales for job opportunities associated with DOD 8570 and DoDD 8140, including:

  • OPM.gov – This is probably the best resource for governmental salary information, including pay and leave information, rates of pay based on states and geographic regions, fact sheets, and more.

  • CPMS.OSD.mil – Civilian Personnel Policy and the Defense Civilian Personnel Advisory Service (CPP/DCPAS) is responsible for all wage and personnel policies for any individual or organization that contracts with the DOD.

  • Payscale.com/ – One of our favorites for finding salary information, salary ranges, and fascinating demographic information for the IT roles you care about.

  • Indeed.com/ – Use keywords to find the specific role or company you're interested in, or use this resource to compare civilian and government salaries.

  • Simplyhired.com/ – Similar to Indeed.com/, but with a slightly slicker interface, this is a good resource for finding salary information for specific IT roles.

Keep in mind that as a government role, it's likely that the salary for the particular role you are considering is public information. Apply a little Google-fu and you should be able to dig up the budget information that will reveal the specific salary information you need.

Concluding Thoughts

When considering DOD or other federal government IT career opportunities, it's critical to understand how IAT, IAM, IASAE, and CSSP levels work and which certifications you must have to be eligible for employment. Earning the right certifications can set you up for a long-term career, even as a civilian, working for the government to support the IT infrastructure, security, and systems that run our government and society.

Watch. Learn. Conquer DOD 8570 and DoDD 8140!


Download

Download

Ultimate Security Cert Guide

A 62-page guide to every Palo Alto, Offensive Security, (ISC)2, Check Point, CompTIA, and Cisco certification, and how they fit into your career.

By submitting this form you agree that you have read, understood, and are able to consent to our privacy policy.


Don't Miss Out

Get great content delivered to your inbox.

I have read and understood the privacy policy, and am able to consent to it.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2022 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522