WillCo Tech Logo
(816) 842-6262

DoD 8140.03M

On February 15, 2023, the Department of Defense (DoD) released a new manual, 8140.03M, which provides guidelines for managing the DoD Cybersecurity Workforce (CSWF). The manual replaces the previous version, 8570.01-M. Keep reading for an overview of the new 8140.03M manual and its impact on the DoD CSWF.

8140.03M

What is 8140.03M? 8140.03M is the new manual that outlines the DoD’s requirements for managing the CSWF. It provides guidance on the identification, training, certification, and management of the DoD’s cybersecurity workforce. The manual has been updated to reflect the changing threat landscape and the evolving cybersecurity needs of the DoD.

The new 8140.03 manual introduces several key changes to the DoD CSWF, including:

  1. Role Mapping: Added much needed nuance to the description of the workforce by replacing a one to one mapping of an individual to Information Assurance categories with the one to many alignment of the individual to DCWF work roles. 8140.03M works in tandem with DCWF, a framework for organizing and classifying different cybersecurity roles and responsibilities across the Department of Defense. DCWF follows the model of the National Institute of Standards and Technology (NIST) Cybersecurity Workforce Framework (NICE).
  2. New Qualification Methods in 8140.03 adds flexibility for the workforce to validate their qualifications by accepting several new methods as qualifiers. The new manual still allows for Certifications, but now enables training, degrees and on the job assessments to be used as qualifications
  3. Cybersecurity workforce management: The connection to DCWF work roles provides guidance and a defined path on how to manage the DoD’s cybersecurity workforce, including how to identify critical positions, how to recruit and retain personnel, and how to develop career paths for cybersecurity professionals.

8140.03 Introduces "Qualification Matrices" for each of the 68 work roles C 3 proficiency levels per work role

(204 matrices in total) currently defined in the DCWF

8140_03m

8140.03M Impact

What is the impact of 8140.03M? The new manual has a significant impact on the DoD’s cybersecurity workforce. It provides a more flexible and agile approach to managing the DoD’s cybersecurity workforce, which is critical given the evolving threat landscape. The new certification requirements ensure that the DoD’s cybersecurity workforce is up to date with the latest cybersecurity skills and knowledge. The emphasis on training and education ensures that the DoD’s cybersecurity workforce is continually improving their skills and knowledge.

The release of 8140.03M represents a significant step forward in the management of the DoD’s cybersecurity workforce. The new manual provides updated guidance that reflects the changing threat landscape and the evolving cybersecurity needs of the DoD. The new certification requirements, training and education, and cybersecurity workforce management guidance will help ensure that the DoD’s cybersecurity workforce is prepared to meet the challenges of the future.

8140.03M Timeline

Within 12 months of the effective date of this issuance, the OSD and DoD

  • Identify all positions designated as cyberspace workforce positions in accordance with DoDI 8140.02 and Volumes 1-4 of DoDI 1442.02.
  • Analyze all cyberspace workforce positions to ensure a proficiency level is assigned in accordance with DoDI 8140.02.
  • Provide data on incumbent cyberspace workforce positions to the Defense
    Manpower Data Center (DMDC) in accordance with DoDIs 8140.02, 1336.05, 7730.54, 7730.64, and Volumes 1-4 of DoDI 1444.02. DMDC will routinely capture and format the data to support the DoD’s cyberspace workforce management requirements. If an OSD and DoD Component uses an authoritative manpower and personnel system that does not exchange data with DMDC systems, the OSD and DoD Component will develop the necessary data fields to track cyberspace workforce requirements.
  • Annually review all encumbered personnel in the personnel systems and validate their billet matches to the manpower system. Review this match annually at a minimum.
  • Appropriately resource for cyberspace qualification requirements and workforce management requirements of DoD civilian employees and Service members.

In summary, over the next 12 months, agencies and contractors will need to:

  • Have cyber positions and roles mapped
  • Analyze proficiency requirements with 8140.02
  • Provide data on the current force in accordance with 8140.02
  • Appropriately resource cyber qualification requirements and workforce management systems: 1) implement 8140.03, 2) require systems to be upgraded to match, 3) resource training/certifying current and future members of the force

8140.03M Implementation Options

We understand the budget constraints agencies and contractors are facing in light of this new 12-month requirement being issued in FY 2023. Many haven’t budgeted for the necessary resources that can help get them compliant within the mandated time frame.

WillCo Tech is offering several flexible migration and implementation options to DoD agencies and defense contractors using CyberSTAR to transition from 8570 workforce management approach to 8140.03 approach and meet the 12-month reporting/mapping requirements.

White Paper

Download: How a Cyber Workforce Management System Can Ease the Transition to DoDD 8140.02

CyberStar Logo
Army Training & Certification Tracking Sysrtem
IASTAR Logo

Industries & SERVICES

Company

WillCo Tech Logo

(816) 842-6262

Copyright 2023 WillCo Tech LLC. All Rights Reserved.

Vulnerability Disclosure Policy
Privacy Policy
TERMS OF USE
SITE MAP