DoDD 8140 is a new Department of Defense Directive that updates and further defines the policies and responsibilities for entities supporting and directing the DoD cyberspace workforce.  The official directive may be found here.  The original DoD cyber workforce improvement program directive is DoDD 8570.1.  DoDD 8570.1  “Information Assurance Training, Certification, and Workforce Management,” August 14 2004 set the precedent for DoDD8140 and was organized by the following categories:

  • Information Assurance – Technical (IAT)
  • Information Assurance – Management (IAM)

The categories were further divided into levels I-III.  The levels corresponded to the type of environment the cyber workforce professional was employed in.  The higher the number; the larger the environment, experience required to hold the position, and level of supervision required.  A chart of the current 8570 certifications is below:

Technical Workforce Requirements

IAT Requirements
  • IA Baseline Certification (8570 chart above) – within 6 months of employment
  • Background Investigation
  • Appointment Orders
  • Computing Environment Certificate – What’s this?
    • Computing Environment Certification must be maintained.
In addition to the IA baseline certification requirement for their level, IATs with privileged access must obtain appropriate Computing Environment (CE) certifications for the operating system(s) and/or security related tools/devices they support as required by their employing organization. If supporting multiple tools and devices, an IAT should obtain CE certifications for all the tools and devices they are supporting. At a minimum the IAT should obtain a certification for the tool or device he or she spends the most time supporting. For example, if an IAT is spending most of his or her time supporting security functions on a CISCO router, the IAT should obtain a CE certification for that equipment. This requirement ensures they can effectively apply IA requirements to their hardware and software systems. – DoD Directive 8570.01m



IAM Requirements

  • IA Baseline Certification (8570 chart above) – within 6 months of employment
  • Background Investigation
  • Appointment Orders
  • Continuous Education or Sustainment Training
    • Many Computing Environment Providers, but not all offer continuous education options to avoid retaking exams every 3 or 4 years (depending on the certificate provider).  This also allows the individual the ability to keep skills current and not be forced to continually take exams.

*The directive is currently under its 4th revision (11.10.15) and has become the technical manual for DoD cyber workforce requirements.*


Why Should I Care?

  • If you are concerned about DoD Directive 8140 you are most likely involved with IA/Cybersecurity positions within the DoD.  Whether you are a civilian, soldier, contractor, or leadership within a contracting firm that does Cybersecurity business with the DoD, you must understand this document and meet its requirements to be compliant with DoD policy.
  • If you desire to work with the DoD Cybersecurity workforce you must be compliant with this directive within 6 months of employment.