The highly anticipated Department of Defense (DoD) Manual 8140.03, "Cyberspace Workforce Qualification and Management Program," was officially released this week (February 15th, 2023).
Specifically, the manual:
- “Implements policy, assigns responsibilities, and prescribes procedures for the qualification of personnel identified as members of the DoD cyberspace workforce.
- Identifies members of the DoD cyberspace workforce based on the cyberspace work role(s) of the position(s) assigned, as described in DoD Instruction (DoDI) 8140.02”
Generally speaking, the manual governs and provides guidance and procedures for the management and development of the DoD's cyberspace workforce, covering a wide range of topics related to cyberspace workforce management, including the classification of positions, personnel vetting and security clearance, training and education, workforce planning, and career development. The manual also describes the roles and responsibilities of various organizations and personnel involved in managing the cyberspace workforce, such as the Defense Information Systems Agency and the Defense Cyber Crime Center.
8140.03M Implementation and Requirements for Cyber Personnel as Related to DoDD 8140.02 (p. 21)
Specific Requirements
Within 12 months of the effective date of this issuance, the OSD and DoD
(a) Identify all positions designated as cyberspace workforce positions in accordance with DoDI 8140.02 and Volumes 1-4 of DoDI 1442.02.
(b) Analyze all cyberspace workforce positions to ensure a proficiency level is assigned in accordance with DoDI 8140.02.
(c) Provide data on incumbent cyberspace workforce positions to the Defense
Manpower Data Center (DMDC) in accordance with DoDIs 8140.02, 1336.05, 7730.54, 7730.64, and Volumes 1-4 of DoDI 1444.02. DMDC will routinely capture and format the data to support the DoD’s cyberspace workforce management requirements. If an OSD and DoD Component uses an authoritative manpower and personnel system that does not exchange data with DMDC systems, the OSD and DoD Component will develop the necessary data fields to track cyberspace workforce requirements.
(d) Annually review all encumbered personnel in the personnel systems and validate their billet matches to the manpower system. Review this match annually at a minimum.
(e) Appropriately resource for cyberspace qualification requirements and workforce management requirements of DoD civilian employees and Service members.
In summary, over the next 12 months, agencies and contractors will need to:
- Have cyber positions and roles mapped
- Analyze proficiency requirements with 8140.02
- Provide data on the current force in accordance with 8140.02
- appropriately resource cyber qualification requirements and workforce management systems: 1) implement 8140.03, 2) require systems to be upgraded to match, 3) resource training/certifying current and future members of the force
General Requirements
- Within two years of the effective date of this issuance, all DoD civilian employees
and Service members in cyberspace work roles under the cybersecurity workforce element must be qualified in accordance with this issuance.
- Within three years of the effective date of this issuance, all DoD civilian employees and service members in work roles under the cyberspace IT, cyberspace effects, intelligence (cyberspace), and cyberspace enabler workforce elements must be qualified in accordance with this issuance. Thereafter, all incumbents and new hires must be trained, certified, and recertified in accordance with this issuance.
- Contractors must be qualified in accordance with this issuance at the commencement of work.
The general and specific requirements above were taken directly from the manual.
Our Take Aways
This manual has been eight years in the making (since the original release of DoDD 8140.01 in 2015), and our initial impression is that it largely matched what we had expected.
Much of the work role requirements (p. 12) are still tied to DoD Instruction 8140.02, “Identification, Tracking, and Reporting of Cyberspace Workforce Requirements,” December 21, 2021, which matches roles to Knowledge, Skills, Abilities, and Tasks (DoD Cyber Exchange Workforce Elements)
The directive allows for a collage of assessments, training, degrees, and certification - all geared to ensure the right skills are ready to be deployed in these cyber work roles.
One inclusion we were happy to see was the Alternative to Foundational Qualification Options (p. 14)
“The experience foundational qualification option provides a mechanism to validate and document knowledge attained through actual conduct of the tasks of a work role or work roles (i.e., experience) in a DoD environment. This option mitigates the requirement to expend additional resources on DoD employees who have already been developed to perform in their current component environment, freeing up those resources for targeted benefits such as reward or reskilling programs.”
Our primary takeaway was around the implementation and requirements timeline. While we knew this manual was forthcoming, we weren’t sure how quickly it would mandate the implementation of the new 8140.02 requirements.
Overall, the manual is a comprehensive guide for managing the DoD's cyberspace workforce. It provides a detailed framework for ensuring that the workforce has the necessary skills, knowledge, and expertise to carry out its mission effectively and efficiently.
How CyberSTAR™ Can Help Agencies and Contractors Meet the 12-Month Deadline
CyberSTAR™ is engineered as a complete solution for FISMA, DoD 8570, and DoD 8140 requirements. It comes off-the-shelf and is able to automate the ingestion and validation of thousands of training and qualification records, allowing CyberSTAR to map and maintain a continuous report against the 8140.03 qualification matrix: offering a clear and actionable picture to the organization from the individual, through all reporting echelons, to leadership. Additionally, CyberSTAR™ can directly integrate with your existing Active Directory and LMS systems.
CyberSTAR™ is the next evolution of its predecessor, IASTAR. For more than 15 years, IASTAR™ has served and continues to serve as the largest cybersecurity compliance and readiness platform utilized by the federal government and the Department of Defense (DoD). White-label branded as ATCTS (Army Training & Certification Tracking System) by the U.S. Army, this software capability is actively supporting over 1 million registered DoD users.
CyberSTAR™ automates the monitoring, management, and alerting for cyber workforce credentials and compliance and is the only DoDD 8140-compliant platform contracted for use within the Department of Defense.
- Through HR system integration, manual mapping, or an online assessment tool, individuals can be identified and mapped to their proper category and level. A profile is given to each system user.
- Courses from DoD entities or commercial training vendors can be loaded into the CyberSTAR system. The system auto-generates a training plan with the relevant courses needed for workforce compliance. Courses can also be launched from the platform.
- Certification exam vouchers can be imported, distributed, and managed. E-vouchers are assigned to users that are ready to take the exam. A voucher distribution system manages the process using a voucher-on-demand model.
- Multiple reports can be generated at every level of the system hierarchy.
Compliance data can be retrieved, and reports generated at any time. Your organization can set compliance parameters, and results placed in the proper database.
CyberSTAR™ is available to purchase through multiple contract vehicles, including GSA. Reach out below to discuss your 8140 transition or questions regarding how to deploy CyberSTAR™ to address the 8140.02 requirements.