The Department of Defense (DoD) directive 8570 was created for the purpose of providing guidance for the training and certification of DoD workers who are in charge of information assurance functions and reporting metrics. The directive's main influence falls on the individuals and agencies who have access to DoD information systems, but ever since its inception, the 8570 standard has represented a skill set whose certification is greatly regarded in the IT world.
The DoD 8140 directive, also known as the Information Assurance Workforce Improvement Program, is a regulation that was implemented by the DoD for their information assurance personnel. The most common IT and security certifications which are compliant with 8140 are A+, Network+, Security+, CEH and CISSP.
Background on DoD 8570
Before the use of certifications for specialized work became the norm, the only way to judge a candidate's competency was through their resume. Employees who were expected to deal with sophisticated machines or new technologies were given on-the-job training to deal with their new duties.
Then in 2005, the DoD 8570 was published to deal with the very real possibility of having unqualified worker perform critical cyber functions poorly. The directive affected all personnel who had access to information systems, including system administrators, technicians, security managers and directors, and allowed companies to request funds for the training of personnel to deal with new job responsibilities. The earliest impact of this directive was seen in the military, where it became the new rule to ensure that members of a unit were properly trained and qualified before deploying them in a combat environment.
As the directive became popular and its use more widespread, it was broken down into several categories and certificates that became the standard for information certification. Five major categories that were created as result of the directive were:
1. Information Assurance Technician
2. Information Assurance Manager
3. Computer Network Defense
4. Information Assurance System Architecture and Engineering
5. Computing Environment
Each level of job requirements under the 8570 directive were assigned specific certifications. Some of the certificates also apply to multiple categories. To ensure the certificate bearers stay up-to-date on the knowledge front, candidates were required to acquire continuing credits and a recertification fee.
What does 8750 do for the Information Security Industry?
When the government started requiring certifications for their work, the concept was made popular within the private industry as well. As a result, companies had to raise their standards to match them. Less qualified IT personnel were weeded out, making way for their better-qualified successors, and suddenly an entire market sprang up to meet the demand for quality certification.
The move towards 8140
8570 had certain limitations. There were jobs like that of a software programmer that did not fall under any of the categories specified by the directive. Smartphones, web servers, the cloud, and wireless services had replaced the technology that had existed at the time when 8570 was created.
To accommodate the changing digital landscape, the DoD 8140 directive was conceived in 2012. The original 8570 directive was modified to add more categories and redefine others. The amount of tasks that the original directive included more than doubled.
The 8140 model was based on the National Institute of Standard and Technology and National Initiative for Cybersecurity Education standard. The tasks under each category are clearly defined. Each type of work that falls under categories are known as Special Areas. The categories included under 8140 are:
The jobs under this provision deal with architecture and engineering. The areas which fall under this category include information assurance compliance, software and security engineering, system development, tech research and testing.
Operate and Maintain
The jobs that are specified under this category are customer service, tech support, data administration, knowledge management, network service and security analysis.
Protect and Defend
Jobs under this category center about defense against cyber attacks, defense analysis, incident report, defense infrastructure support, response management, vulnerability assessment and management.
This category deals with network analysis, resource intelligence, exploitation analysis, targets which might be vulnerable to attacks, threat analysis and mitigation strategies for preventing future attacks.
Operate and Collect
Cyber operations and planning are specified under this sector, which includes collection operations, planning and implementation of the different security measures.
Oversight and Development
This category deals with the legal aspects of the digital landscape, and focuses on planning and educating the workforce on the technicalities of lawful cyber engagement.
Dealing with cybercrime, this branch takes care of the investigative aspects and forensics of computer asset management. Personnel under this category are taught how to detect and fend off cyber attacks that the company suffers from, and how to gather information about the attack that would apply in court.
If you're interested in meeting DoD information assurance standards, Infotec is here to help! We offer a variety of certification classes and bootcamps, both in person and virtual. Connect with a helpful Infotec employee today to see what certifications are right for your company.
For more information about Infotec or any of our programs click here: http://www.infotectraining.com/ or https://ops.infotecpro.com/course_schedule/course_schedule.cfm.