Home > Blogs > DoD 8570 Gives Way to DoD 8140, Specifies Security Certs for Government Workers

DoD 8570 Gives Way to DoD 8140, Specifies Security Certs for Government Workers

In August 2015, representatives of the United States Department of Defense (aka DoD, pronounced "Dee-oh-Dee") signed the 8140 directive. It replaces the now-outmoded (but not forgotten, for reasons I'll explain soon) 8570 directive. Both 8570 and 8140 require DoD personnel and contractors to obtain certifications in their work area specializations, particulary for IT-related job roles. This means that active duty military and DoD civilians who work in and around IT must obtain a variety of security credentials based on NIST's definition for the National Initiative for Cybersecurity Education (aka NICE). The devil, as always, is in the details, so let's look at some of them more closely.

This NICE diagram comes from the Cybersecurity Workforce Framework app home page.

The 8140 framework shown above has been a long time coming, and it will still be some time before an 8140 manual is completed (the process usually takes about two years, if history and the experience with 8570 provide any guidance). In the meantime, the 8570 manual (aka DoD 8570.01-M, PDF format) will continue to provide the blueprint for DoD employees and civilians. The new emphasis is on practical "live fire" training (based on hands-on, real-world derived, simulations of scenarios and situations that individuals seeking certification must be able to recognize and handle properly and effectively), and the development of critical knowledge, skills and abilities to match. That's what the preceding diagram seeks to identify at a high level.

Relevant certifications include the CISA, CISSP, CEH, various computer forensics credentials, and more. As this directive unfolds and becomes better understood, expect these already-popular certs to get "kicked up a notch" -- or two, or three -- as they become a form of credentialing that's necessary for DoD workers and contractors to do their jobs. Then look for a few more notches after the rest of the Feds, plus state and municipal governments and law enforcement agencies pick up and run with the same framework and requirements as they invariably do.