8570 Certification: A Comprehensive Guide

8570 Certification: A Comprehensive Guide

The DoD Directive 8570.01-M establishes the policies and procedures for the training, certification, and management of the Department of Defense (DoD) workforce conducting Information Assurance (IA) functions in assigned duty positions. This policy applies to all authorized users with privileged access to DoD Information Systems (IS).

Understanding 8570 Certification

DoD Directive 8570.01-M categorizes Information Assurance (IA) roles and mandates specific certifications for each category to ensure personnel possess skills necessary to protect the systems. The directive establishes three major IA workforce categories:

• IAT (Information Assurance Technical)
• IAM (Information Assurance Management)
• CSSP (Cybersecurity Service Provider)

Levels within Each Category

Each IA category is further divided into levels that delineate the experience and responsibilities expected of personnel. For example, the IAT category is divided into three levels: IAT Level I, IAT Level II, and IAT Level III. As levels increase, so do the responsibilities and required expertise.

IAT (Information Assurance Technical)

IAT Level I represents entry-level positions primarily responsible for basic systems support such as ensuring hardware and software functionality. Certifications like CompTIA A+ and Network+ are common for this level.

IAT Level II focuses on intermediate-level tasks, usually including administration and the implementation of security measures. CompTIA Security+ and the Cisco Certified Network Associate (CCNA) are frequently sought after certifications.

IAT Level III involves advanced, comprehensive roles where professionals oversee extensive layered defense mechanisms and maintain advanced system security. Certifications such as Certified Information Systems Security Professional (CISSP) are typical.

IAM (Information Assurance Management)

IAM Level I includes roles like IA Managers, who oversee and implement security protocols. Certifications for this level often include CompTIA Security+ and GIAC Security Essentials (GSEC).

IAM Level II professionals are responsible for managing an information assurance (IA) program, including training and providing oversight. Relevant certifications include Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM).

IAM Level III involves higher-level management of IA functions, typically within large organizations or enterprises. CISSP and CISM are examples of certifications sought at this level.

CSSP (Cybersecurity Service Provider)

CSSP roles encompass specialized security duties, including incident response, threat analysis, and security system management. These roles often require specialized and advanced certifications like Certified Ethical Hacker (CEH) and Certified Information Systems Security Professional (CISSP).

Benefits of 8570 Certification

Certification mandated by DoD Directive 8570.01-M ensures that IA professionals are equipped with the knowledge and capabilities to perform their duties effectively. Some of the main benefits include:

• Standardized training and knowledge
• Assurance of skill levels
• Meeting DoD regulatory requirements
• Increased credibility and career advancement opportunities
• Enhanced security for DoD systems

Path to Certification

Earning a DoD 8570 certification involves identifying the necessary certification level for your role, fulfilling the required training, and passing the respective certification exams. Here are steps to achieve certification:

• Identify the appropriate certification for your IA role and level.
• Enroll in and complete training for the desired certification.
• Study the exam blueprint and understand the content areas.
• Register for the certification exam through the certification provider’s website.
• Take and pass the certification exam.

Maintaining Certification

Maintaining your 8570 certification involves ongoing professional development, which ensures that professionals stay current with evolving threats and technological advancements. Continuing education programs and periodic recertification are part of the criteria to maintain active certification status.

Common Certifications and Their Requirements

CompTIA Security+

Security+ is a global certification validating the baseline skills necessary to perform core security functions. It covers topics such as network security, compliance, operational security, threats and vulnerabilities, and application security.

Prerequisites: No formal prerequisites, but CompTIA recommends having two years of experience in IT with a security focus.

CISSP (Certified Information Systems Security Professional)

CISSP is an advanced level certification for IT pros serious about careers in information security. It tests competence in eight domains of the (ISC)² Common Body of Knowledge (CBK).

Prerequisites: Five years of cumulative paid work experience in two or more of the eight domains.

CISM (Certified Information Security Manager)

CISM is a pivotal certification for information security management roles, focusing on risk management, program development and management, and incident management.

Prerequisites: Five years of experience in information security, with at least three years in security management.

CEH (Certified Ethical Hacker)

CEH is designed to certify individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. It assesses ethical hacking skills and methodologies.

Prerequisites: Two years of work experience in the Information Security domain and formal CEH training.

By adhering to the Directive 8570.01-M, the DoD ensures its workforce is highly qualified and capable of safeguarding critical information infrastructure. The certifications required under this directive are benchmarks for knowledge and skills in the IA field, reflecting both competence and commitment to ongoing development.

“`