DoD Directive 8140

CyberStar Logo

DoD Directive 8140 – The Next Generation Directive

DoDD 8570 had acted as the backbone of cybersecurity readiness for ten years, but as the internet matured, so did the need for a revised directive. So, in 2015, the DoD CIO began work on DoD Directive 8140.01 (referred to here as simply DoDD 8140).

DoD Directive 8140 effectively replaces DoD Directive 8570. DoDD 8570 is now part of a larger initiative that falls under the guidelines of DoDD 8140. While the manual for 8140 is still being drafted, and the directive is not fully promulgated, it is increasingly being reviewed and showing up in requirements.

DoDD 8140 incorporates the DoD Cyber Workforce Framework (DCWF) which drew heavily from the National Initiative for Cybersecurity Education (NICE) framework, developed by none other than the National Institute of standards and technology (NIST). This is valuable because:

  • The granularity of the NICE framework creates great cyber workforce opportunities, including:
  • Expanded coverage to individuals working directly in cybersecurity, or who are significant influencers into an organization’s cybersecurity practices
    • Expands and adequately addresses the myriad of paths that lead to the proficiency and compliant levels for cybersecurity workers (degrees, on-the-job training, etc.)
  • Adopts a methodology and framework that helps span from DoD through the rest of the Federal Government and into the commercial space

DoDD 8140 allows for more granular compliance and credentialing management as roles are more clearly defined.

DoDD 8140 Requirements

  • All personnel performing IAT and IAM functions must be certified.
  • All personnel performing CSSP and IASAE roles must be certified.
  • All IA jobs will be categorized as ‘Technical’ or ‘Management’ Level I, II, or III, and to be qualified for those jobs, you must be certified.

DoD Approved 8140 (DoDD 8570) Baseline Certifications

IAT Level I IAT Level II IAT Level III
A+ CE
CCNA-Security
CND
Network+ CE
SSCP
CCNA Security
CySA+ **
GICSP
GSEC
Security+ CE
CND
SSCP
CCNA Security
CySA+ **
GICSP
GSEC
Security+ CE
CND
SSCP
IAM Level I IAM Level II IAM Level III
CAP
CND
Cloud+
GSLC
Security+ CE
HCISPP
SSCP
CAP
CASP+ CE
CISM
CISSP (or Associate)
GSLC
CCISO
HCISPP
CISM
CISSP (or Associate)
GSLC
CCISO
IASAE I IASAE II IASAE III
CASP+ CE
CISSP (or Associate)
CSSLP
CASP+ CE
CISSP (or Associate)
CSSLP
CISSP-ISSAP
CISSP-ISSEP
CCSP
CSSP Analyst1 CSSP Infrastructure Support1 CSSP Incident Responder1
CEH
CFR
CCNA Cyber Ops
CCNA-Security
CySA+ **
GCIA
GCIH
GICSP
Cloud+
SCYBER
PenTest+
CEH
CySA+ **
GICSP
SSCP
CHFI
CFR
Cloud+
CND
CEH
CFR
CCNA Cyber Ops
CCNA-Security
CHFI
CySA+ **
GCFA
GCIH
SCYBER
PenTest+
CSSP Auditor1 CSSP Manager1
CEH
CySA+ **
CISA
GSNA
CFR
PenTest
CISM
CISSP-ISSMP
CCISO
BASELINE CERTIFICATIONS PDF

8140 vs. 8570 – The Differences

While DoDD 8140 (generally) expands on DoDD 8570, there are some specific differences worth noting.
  1. Role organization
    • DoDD 8570 has a flat structure to determine the information assurance (IA) level required
    • Each level has a flat number of possible certifications or trainings required to address it
  2. 8140 / NICE groups into work roles

 

  • A work role carries with it a number of Tasks, Knowledge, and Skills statements (TKS).
  • The resulting TKSs can then be collected for an individual worker
  • To achieve proficiency for a given task, those Knowledge and Skills can be obtained by a large number of overlapping certifications, on the job experience, and degrees

The CyberSTAR Advantage

WillCo Tech’s CyberSTAR™ solution is the largest Credentials Management and Cyber Workforce Compliance software system in use by the Federal Government. The WillCo Tech-developed software solution tracks training credentials and certifications for more than 1.8 million government users.

CyberSTAR is helping the Department of Defense and its move to DODD 8140 by offering:

FISMA/DoDD Directive 8140 Compliance

  • Agency-specific online assessment tool
  • Assess and identify the organization’s Cyber Workforce
  • Mapped to DoD Directive 8140 categories, specialty areas, and roles
  • Agency-specific mapping to courses and certifications
  • Assign agency-specific training requirements
  • Assign agency-specific certification requirements
  • Vouchers-On-Demand management system for voucher distribution and tracking

Centralized Governance and Oversight

  • Customized for each entity’s unique requirements
  • Customized reports for all levels of management
  • Systems Integration with DMDC, FedVTE, SkillPort, and organizational databases
  • Integrates with DoD training providers
  • Integrates with commercial training vendors and IT training libraries

 

To learn more about how CyberSTAR can help your organization meet and stay within DODD 8140 compliance, click below to request a demo!