Navigating The DoD 8570 8140 Directive

The Department of Defense document DoD 8140 represents an advancement from DoD 8570, offering updated guidance, training, certification, and management protocols for the DoD cyber workforce. According to the DoDM 8140.03 document, this policy extends to multiple branches and entities within the Department of Defense, including the Office of the Secretary of Defense (OSD), Military Departments, the Chairman of the Joint Chiefs of Staff, Combatant Commands, the Office of the Inspector General, Defense Agencies, DoD Field Activities, and all other organizational entities under the DoD umbrella.

It might seem complex, but essentially, DoD 8140 aims to establish a unified approach to how individuals are responsible for safeguarding the security and integrity of critical information resources. This document emphasizes the importance of individual accountability in maintaining the department’s cybersecurity posture.

Specifically, the policy targets the DoD Global Information Grid (GIG), focusing on enhancing its security measures to protect against unauthorized access while ensuring that only those with the proper authorization can access the information. The overarching goal is to exclude malicious actors while ensuring that legitimate, authorized personnel can operate securely within the system.

Among its main objectives, the policy:

• Fosters a shared comprehension of cyberspace operations’ concepts, principles, and applications to boost interoperability among different DoD entities. Understanding these common standards is crucial for seamless collaboration and defense against cyber threats.

• Transitions from the “Information Assurance Workforce Improvement Program” to the more adaptable “Cyberspace Workforce Qualification & Management Program”. This change reflects a move towards a more dynamic and inclusive approach to managing cybersecurity talent within the DoD.

• Implements a unified, role-based method for cultivating skilled cyber professionals by utilizing the DoD Cyberspace Workforce Framework (DCWF). This framework ensures that training and certifications are aligned with specific job roles, enhancing the effectiveness of cybersecurity measures.

• Introduces proficiency levels for various work roles, offering a broader spectrum of qualification options for the workforce. This flexibility allows professionals to meet necessary standards through diverse pathways, accommodating different career stages and backgrounds.

The impact of this certification extends to military personnel, civilian employees, contractors, and any individual responsible for protecting the DoD’s computers, networks, or information systems. Even if your primary employment is outside of DoD-related organizations, possessing an 8140 certification or another recognized qualification is essential for any work involving the Department of Defense, ensuring all participants meet the stringent security requirements.

The Department of Defense is transitioning from the DoD 8570 to the DoD 8140 policy to adapt to the evolving cybersecurity environment. The earlier 8570 directive primarily concentrated on information assurance (IA) and the technical roles associated with it.

However, DoD 8140 offers a broader and more detailed framework, encompassing a wider array of specific cyber roles, acknowledging a greater variety of credentials, and streamlining certification processes. This expansion allows for a more tailored approach to training and qualification, addressing the diverse needs of modern cyber threats.

This move from 8570 to 8140 signifies the DoD’s forward-thinking strategy to develop a cyber workforce that is not only technically proficient but also adaptable to the multifaceted security challenges of today. By broadening the scope and enhancing flexibility, the DoD aims to ensure that its personnel are equipped to handle an increasingly complex digital battleground.

The DoD 8140 policy is closely aligned with the DoD Cyberspace Workforce Framework (DCWF). According to the FAQ on the DoD Cyber Exchange, 8140 “establishes the DCWF as the definitive guide for identifying, tracking, and reporting DoD cyberspace roles, serving as the foundation for establishing standardized qualifications across the cyber workforce.”

A significant difference from previous policies is that DoD 8140 encourages continuous professional development. This focus on ongoing training ensures that DoD personnel are equipped with the latest skills and knowledge needed to counter evolving cyber threats and protect the Department’s information systems effectively.

DoD 8140 establishes a comprehensive framework dedicated to the development and management of cybersecurity teams within the Department of Defense. This policy serves as an extensive blueprint for all individuals tasked with safeguarding the DoD’s digital infrastructure, ensuring they possess the requisite skills and certifications.

The document goes beyond mere guidelines, providing a structured approach to skill enhancement in the face of a rapidly evolving cyber threat environment. By focusing on specific competencies and qualifications, DoD 8140 helps in building a robust defense against sophisticated cyber attacks, thereby securing the department’s critical information assets.

The federal government’s DoD 8140 policy is designed to complement the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. The Cybersecurity & Infrastructure Security Agency (CISA) clarifies that “the NICE Framework lays the groundwork for expanding and enhancing the U.S. cybersecurity workforce.” This framework offers a standardized definition of cybersecurity, alongside a complete catalog of tasks involved in cybersecurity, detailing the essential knowledge, skills, and abilities needed to execute these responsibilities effectively.

The DoD Cyberspace Workforce Framework (DCWF) defines a range of roles that are more comprehensive than the individual knowledge, skills, and abilities detailed in the NICE Framework. Essentially, the DCWF specifies these roles, and DoD 8140 verifies that candidates are equipped to take them on. These roles are segmented into seven distinct workforce elements:

• Cybersecurity
• Cyberspace Effects
• Cyberspace Enablers
• Intelligence (Cyberspace)
• IT (Cyberspace)
• Software Engineering
• Data/AI

The “IT (Cyberspace)” category encompasses individuals responsible for constructing IT systems, whereas “Cybersecurity” covers professionals tasked with safeguarding networks and related assets.

For instance, a role in designing and implementing secure data-sharing environments would fall under “IT (Cyberspace).” Conversely, a position where the job includes monitoring databases for signs of data theft or unauthorized access would be categorized under “Cybersecurity.” This division helps in clearly defining responsibilities and ensuring that personnel are trained and certified for their specific roles within the DoD’s cyber operations.

Many organizations and individuals looking to work with the Department of Defense (DoD) might not initially recognize that they need to meet the standards set by DoD 8140, in addition to general government contracting rules.

For example, a software company developing cybersecurity solutions for military use. Such a company would require access to the DoD’s network security systems, potentially including sensitive data logs and incident response protocols, which could pose risks if not properly secured.

The DoD strictly enforces compliance with 8140, viewing it as essential self-protection. Therefore, even if you operate primarily in the private sector, failing to comply with these requirements when your product or service is relevant to the DoD can disqualify you from lucrative contracts and income opportunities.

Certifications are crucial for professionals whose careers might involve working with the Department of Defense (DoD). They serve as proof of one’s understanding of critical cybersecurity concepts and practices, making them a fundamental requirement for roles related to digital security within the DoD.

For a comprehensive view of all DCWF roles and their associated qualifications, including education, training, and personnel certification, the DoD Cyber Exchange public website is an invaluable resource. For instance, consider the System Administrator role, which lists the following certifications at various proficiency levels:

Basic: A+, Network+, CND
Intermediate: Cloud+, Security+, GISCP, SSCP, GSEC
Advanced: SecurityX (formerly CASP+), CCSP, CCNP Security, FITSP-O, GFACT

CompTIA certifications are well-regarded for fulfilling many of the DoD 8140 requirements. Currently, CompTIA has 8 certifications that are recognized across 31 different work roles:

Software Engineer (1 role)
Work role (DCWF code): Certifications 

Systems Security Analyst (461): SecurityX (formerly CASP+), CySA+, Security+

Cyberspace Effects (2 roles)
Work role (DCWF code): Certifications

Warning Analyst (141): CySA+
Exploitation Analyst (121): PenTest+

Intelligence (Cyberspace) (1 role)
Work role (DCWF code): Certifications

All-Source Analyst (111): CySA+

IT (Cyberspace): 8 roles
Work role (DCWF code): Certifications

System Testing and Evaluation Specialist (671): Security+
Technical Support Specialist (411): A+, Network+, Security+
Knowledge Manager (431): Security+
Network Operations Specialist (441): Cloud+, Network+, Security+
System Administrator (451): A+, Cloud+, Network+, Security+
Systems Requirements Planner (641): SecurityX (formerly CASP+), Security+
Enterprise Architect (651): SecurityX (formerly CASP+), Cloud+
Research & Development Specialist (661): SecurityX (formerly CASP+)

Cyberspace Enablers (8 roles)
Work role (DCWF code): Certifications

IT Program Auditor (805): SecurityX (formerly CASP+), Security+
Cyber Policy and Strategy Planner (752): Security+
Forensics Analyst (211): CySA+
Cyber Crime Investigator (221): SecurityX (formerly CASP+), CySA+
Program Manager (801): SecurityX (formerly CASP+), Security+
IT Project Manager (802): SecurityX (formerly CASP+), Security+
Product Support Manager (803): SecurityX (formerly CASP+)
IT Investment/Portfolio Manager (804): SecurityX (formerly CASP+), Security+

Cybersecurity: 12 roles
Work role (DCWF code): Certifications 

 COMSEC Manager (723): SecurityX (formerly CASP+), Security+
Cyber Defense Forensics Analyst (212): CySA+, PenTest+ 
Cyber Defense Analyst (511): SecurityX (formerly CASP+), CySA+, Security+ 
Cyber Defense Infrastructure Support Specialist (521): A+, Security+ 
Cyber Defense Incident Responder (531): SecurityX (formerly CASP+), CySA+, Security+ 
Vulnerability Assessment Analyst (541): SecurityX (formerly CASP+), CySA+, Security+ 
Security Control Assessor (612): SecurityX (formerly CASP+), CySA+, Security+ 
Secure Software Assessor (622): SecurityX (formerly CASP+), Security+
Information Systems Security Developer (631): SecurityX (formerly CASP+)
Security Architect (652): SecurityX (formerly CASP+), Cloud+ 
Information Systems Security Manager (722): SecurityX (formerly CASP+), Security+

The need for security professionals continues to grow, ensuring a promising career path for those in cybersecurity. The Department of Defense’s ongoing emphasis on cybersecurity, as evidenced by the DoD 8140 policy, opens up numerous job opportunities within this sector.

Obtaining a certification that aligns with these requirements can significantly enhance your resume’s appeal. Earning a professional cybersecurity certification through Accumentum® not only demonstrates your expertise but also provides hiring managers and recruiters with concrete evidence of your qualifications.

Any of our certification training courses can elevate your job application above others, particularly for positions linked to the DoD’s digital systems. We can help set you apart in a competitive field, potentially leading to new employment or advancement opportunities.

Accumentum® is the leading training provider for a vast array of technology vendors including AWS, Cisco, CompTIA, EC-Council, Fortinet, HRCI, ISACA, ITIL, Microsoft, Palo Alto, PMI, Scrum, ServiceNow, SHRM, Veritas, VMWare, and more.