Roadmap to Success: DOD 8570 and 8140 Compliance
Roadmap to Success is a series of posts designed to help learners better understand certification pathways, career opportunities associated with those certifications, and next steps beyond certification.
IT pros hoping to work for the Department of Defense (DOD) or other federal government agencies, even on a contractual or temporary basis, must meet a variety of compliance regulations in order to be eligible for employment. At this time, DOD Directive 8140 provides the regulations for employment, superseding DOD Directive 8570. There are differences between the two directives, but for now they're closely aligned. IT pros can serve in a variety of roles under the federal government, but most typically include network administrator, systems administrator, security specialist, and more.
Department of Defense Directive 8140 and 8570
The Department of Defense Directive (DoDD) 8140 recently replaced Directive 8570, creating a larger initiative and framework that provides Information Assurance workforce qualification requirements. Though DoDD 8140 is the current policy, it adopted the DoDD 8750 manual until an updated manual is produced. As a result, learners who are interested in working with the federal government or the DOD must be compliant with DoDD 8750 regulations.
DoDD 8140 and 8750 Workforce Qualification Requirements basically establish the minimum qualifications IT pros must meet in order to be eligible to work with the DOD or other federal government agencies. DoDD 8140/8750 identifies a variety of levels of Information Assurance Technical (IAT), Information Assurance Management (IAM), Information Assurance System Architect and Engineer (IASAE), and Cyber Security Service Provider (CSSP) for which IT pros must earn industry certifications to qualify for employment.
DoD-approved 8140 (DoDD 8570) Baseline Certifications (IAT, IAM, and IASAE)
IAT Level I | IAT Level II | IAT Level III |
Cisco Certified Network Associate Security (CCNA Security) (ISC)2 Systems Security Certified Practitioner ( SSCP ) | Cisco Certified Network Associate Security (CCNA Security) CompTIA CySA+ GIAC Global Security Cyber Security Professional ( GICSP ) GIAC Security Essentials ( GSEC ) (ISC)2 Systems Security Certified Practitioner ( SSCP ) | CompTIA Advanced Security Practitioner ( CASP ) ISACA Certified Information Systems Auditor ( CISA ) (ISC)2 Certified Information Systems Security Professional (CISSP) (or Associate) GIAC Certified Enterprise Defender ( GCED ) GIAC Certified Incident Handler ( GCIH ) |
IAM Level I | IAM Level II | IAM Level III |
(ISC)2 Certified Authorization Professional ( CAP ) GIAC Security Leadership ( GSLC ) | (ISC)2 Certified Authorization Professional ( CAP ) CompTIA Advanced Security Practitioner ( CASP ) ISACA Certified Information Security Manager ( CISM ) (ISC)2 Certified Information Systems Security Professional (CISSP) (or Associate) GIAC Security Leadership ( GSLC ) | ISACA Certified Information Security Manager ( CISM ) (ISC)2 Certified Information Systems Security Professional (CISSP) (or Associate) GIAC Security Leadership ( GSLC ) |
IASAE I | IASAE II | IASAE III |
CompTIA Advanced Security Practitioner ( CASP ) (ISC)2 Certified Information Systems Security Professional (CISSP) (or Associate) (ISC)2 Certified Secure Software Lifecycle Professional ( CSSLP ) | CompTIA Advanced Security Practitioner ( CASP ) (ISC)2 Certified Information Systems Security Professional (CISSP) (or Associate) (ISC)2 Certified Secure Software Lifecycle Professional ( CSSLP ) | (ISC)2 Certified Information Systems Security Professional Architecture ( CISSP-ISSAP ) (ISC)2 Certified Information Systems Security Professional Engineering ( CISSP-ISSEP ) |
DoD-approved 8140 (DoDD 8570) Baseline Certifications (CSSP)
CSSP Analyst | CSSP Infrastructure Support | CSSP Incident Responder | CSSP Auditor | CSSP Manager |
CompTIA CySA+ GIAC Certified Intrusion Analyst ( GCIA ) GIAC Certified Incident Handler ( GCIH ) GIAC Global Industrial Cyber Security Professional ( GICSP ) Cisco Cybersecurity Specialist ( SCYBER ) | CompTIA CySA+ GIAC Global Industrial Cyber Security Professional ( GICSP ) (ISC)2 Systems Security Certified Practitioner ( SSCP ) | CompTIA CySA+ GIAC Certified Forensic Analyst ( GCFA ) GIAC Certified Incident Handler ( GCIH ) Cisco Cybersecurity Specialist ( SCYBER ) | CompTIA CySA+ ISACA Certified Information Systems Auditor ( CISA ) GIAC Systems and Network Auditor ( GSNA ) | ISACA Certified Information Security Manager ( CISM ) (ISC)2 Certified Information Systems Security Professional Management ( CISSP-ISSMP ) |
DOD 8140/8750 baseline certifications come from a variety of vendors across the IT industry including:
(ISC)2 CAP Certification provides eligibility for IAM Level I and IAM Level II CISSP (learn more from the Roadmap to Success: CISSP ) Certification provides eligibility for IAT Level III, IAM Level II, IAM Level III, IASAE Level I, and IASAE Level II CISSP-ISSAP Certification provides eligibility for IASAE Level III CISSP-ISSEP Certification provides eligibility for IASAE Level III CISSP-ISSMP Certification provides eligibility for IASAE Level III CSSLP Certification provides eligibility for IASAE Level I and IASAE Level II SSCP Certification provides eligibility for IAT Level I, IAT Level II, and CSSP Infrastructure Support
Cisco CCNA Security (learn more from the Roadmap to Success: CCNA Security ) Certification provides eligibility for IAT Level I and IAT Level II SCYBER Certification provides eligibility for CSSP Analyst and CSSP Infrastructure Support
CompTIA A+(learn more from the Roadmap to Success: CompTIA A+) Certification provides eligibility for IAT Level I CASPCertification provides eligibility for IAT Level III, IAM Level II, IASAE Level I, and IASAE Level II Network+ (learn more from the Roadmap to Success: CompTIA Network+ ) Certification provides eligibility for IAT Level I Security+ (learn more from the Roadmap to Success: Security+) Certification provides eligibility for IAT Level II and IAM Level I
GIAC GCED Certification provides eligibility for IAT Level III GCFA Certification provides eligibility for CSSP Incident Responder GCIA Certification provides eligibility for CSSP Analyst GCIH Certification provides eligibility for IAT Level III, CSSP Analyst, and CSSP Incident Responder GICSP Certification provides eligibility for IAT Level II, CSSP Analyst, and CSSP Infrastructure Support GSEC Certification provides eligibility for IAT Level II GSNA Certification provides eligibility for CSSP Auditor GSLC Certification provides eligibility for IAM Level I, IAM Level II, and IAM Level III
ISACA CISA (learn more from the Roadmap to Success: ISACA CISA) Certification provides eligibility for IAT Level III and CSSP Auditor CISMCertification provides eligibility for IAM Level II, IAM Level III, and CSSP Manager
Exam Details
DoDD 8570 and 8140 compliance draws from a diverse range of vendors, certifications, and exams. There may be some exceptions to the generalizations regarding the following overview of relevant exams.
(ISC)2 Exams (ISC)2 Steps for Certification:
Document required experience to earn eligibility to sit for many (ISC)2 exams.
Schedule and pass appropriate exam(s).
Complete the endorsement process within nine (9) months of passing the certification exam(s).
Time allotted for exam: 3-6 hours, depending on the exam Number of questions: 125-250, depending on the exam Passing score: 700 out of 1,000 points Exam registration: Pearson Vue testing centers Exam cost: $250-549 (USD)*, depending on the exam *Learn more about 2017 (ISC)2 exam pricing Exam outlines: Available by request on the (ISC)2 website (free resource)
Cisco Exams Time allotted for exam: 1.5 hours (90 minutes) per exam Number of questions: 40-60 questions per exam Passing score: Cisco does not publish the passing score for its exams Question types: Multiple choice/single answer; Multiple choice/multiple answer; Drag and drop; Fill-in-the-blank; Simulation; Testlet; Simlet Exam registration: Pearson VUE Exam cost: $165-300 (USD)*, depending on the exam *Learn more about exam fees from Pearson VUE Exam topics: Freely available from Cisco
CompTIA Exams Time allotted for exam: 90-165 minutes, depending on the exam Number of questions: Maximum of 90 questions Passing score: 675-750* (on a scale of 100-900), depending on exam *The CASP exam is a pass/fail exam with no scaled score. Question types: Multiple choice and performance-based Exam registration: Pearson Vue Exam cost: $205-426 (USD), depending on exam Exam objectives: Freely available from CompTIA
EC-Council Exams Time allotted for exam: 4 hours (240 minutes) Number of questions: 125 Passing score: 70% Question types: Multiple choice Exam registration: Pearson Vue Exam cost: $500 (USD) for an exam voucher; $100 (USD) for the exam eligibility fee Exam Blueprint: CEH Exam Blueprint v2.0
GIAC Exams Time allotted for exam: 3-5 hours, depending on the exam Number of questions: 115-180*, depending on the exam Please note that GIAC exams are open-book. Passing score: 68-74%, depending on the exam Question types: Multiple choice; Application and analysis; RealSexamâ„¢ questions Exam registration: GIAC Proctored Exam Registration or Pearson VUE Exam cost: $429-2,199 (USD), depending on the exam* *Learn more about GIAC certification pricing Exam Certification Objectives & Outcome Statements: Freely available from GIAC
ISACA Exams Time allotted for exam: 4 hours Number of questions: 15 Question types: Multiple choice Passing score: 450 Exam registration: ISACA Exam cost: Early registration for ISACA members: $525 for non-ISACA members: $710 Standard registration for ISACA members: $575 for non-ISACA members: $760 *Fees for exam registrations submitted by mail or fax increase by $75 Exam Objectives: Freely available from ISACA
Career Considerations
There are a variety of valuable resources available to help learners determine appropriate pay scales for job opportunities associated with DOD 8570 and DoDD 8140, including:
OPM.gov: This is probably the best resource for governmental salary information, including pay and leave information, rates of pay based on states and geographic regions, fact sheets, and more.
CPMS.OSD.mil: Civilian Personnel Policy and the Defense Civilian Personnel Advisory Service (CPP/DCPAS) is responsible for all wage and personnel policies for any individual or organization that contracts with the DOD.
Payscale.com/: One of our favorites for finding salary information, salary ranges, and fascinating demographic information for the IT roles you care about.
Indeed.com/: Use keywords to find the specific role or company you're interested in, or use this resource to compare civilian and government salaries.
Simplyhired.com/: Similar to Indeed.com/, but with a slightly slicker interface, this is a good resource for finding salary information for specific IT roles.
Keep in mind that as a government role, it's likely that the salary for the particular role you are considering is public information. Apply a little Google-fu and you should be able to dig up the budget information that will reveal the specific salary information you need.
Concluding Thoughts
When considering DOD or other federal government IT career opportunities, it's critical to understand how IAT, IAM, IASAE, and CSSP levels work and which certifications you must have to be eligible for employment. Earning the right certifications can set you up for a long-term career, even as a civilian, working for the government to support the IT infrastructure, security, and systems that run our government and society.
Watch. Learn. Conquer DOD 8570 and DoDD 8140!
delivered to your inbox.
By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.