If you’ve ever thought about working for the Department of Defense (DoD), or a company that supports the government, you may have heard about the DoD 8570 compliance.
So, just what is DoD 8570 compliance, and who needs it?
In short, DoD 8570 compliance refers to a set of cybersecurity qualifications that IT professionals are required to have when they work for government agencies. To ensure the security of sensitive information and networks, the DoD has established the Information Assurance Workforce Improvement Program, also known as DoD 8570.01-M.
To help clarify how DoD 8570 compliance could impact your career, today we are exploring what it means to be compliant with the DoD 8570.01-M program, the differences between the IAT and IAM levels, and how many ASEC positions require this compliance.
Who DoD 8570 Compliance Is For
DoD 8570.01-M states that all individuals in charge of information assurance for department IT systems must be 8570 compliant to do their jobs effectively.
The manual also lists basic identification requirements to help determine whether positions fall under one of two subcategories – IAT (Information Assurance Technical) certifications &
IAM (Information Assurance Management) certifications – or one of two specialties – IASAE (Information Assurance architecture and engineering): and CSSP (Cyber Security Service Provider).
The Difference Between IAT and IAM
IAT and IAM are both categories of personnel who are responsible for information assurance and cybersecurity.
IAT
IAT (Information Assurance Technician) refers to personnel who perform hands-on technical work related to the security of information systems.
This includes tasks such as configuring firewalls, implementing security controls, and responding to security incidents. IAT personnel typically work at the operational level, and their primary focus is on implementing and maintaining technical security measures.
IAM
IAM (Information Assurance Manager) refers to personnel who are responsible for overseeing the overall security of an organization’s information systems.
This involves tasks such as developing security policies and procedures, managing security risks, and ensuring compliance with relevant security standards and regulations. IAM personnel typically work at the strategic level, and their primary focus is on managing and coordinating the organization’s security efforts.
While both IAT and IAM personnel are responsible for information assurance and cybersecurity, the main difference is that IAT personnel focus on technical implementation and maintenance of security controls, while IAM personnel focus on strategic management and oversight of an organization’s security efforts.
What It Means To Be Compliant With DoD 8570
To become DoD 8570 compliant, individuals must obtain certifications that are recognized by the DoD as meeting specific knowledge and skill requirements for different job roles within the DoD’s information assurance workforce.
The specific training and certification requirements depend on the job role that an individual holds or wishes to pursue within the DoD’s IA workforce.
The DoD 8570 Manual organizes IA job roles into several categories, including:
- Information Assurance Technical (IAT) Level 1, 2, and 3
- Information Assurance Management (IAM) Level 1, 2, and 3
- Information Assurance System Architecture and Engineering (IASAE) Level 1, 2, and 3
Each level has a set of functions within it. For example:
- Level 1 – Install and operate IT systems, apply security procedures, enter assets into a vulnerability management system
- Level 2 – Provide end user support, manage user accounts, analyze system performance
- Level 3 – Lead teams and support actions to mitigate problems, direct operational structures and processes
These levels then build on each other, meaning you will need to certify for each of the levels before the one you are hoping to attain.
What Are Examples of DoD 8570.01-M Approved Certifications
For each job role, the DoD 8570 Manual identifies the certification or certifications required to meet the baseline knowledge and skill requirements.
The specific certifications vary based on the job role, but may include vendor-neutral certifications such as CompTIA Security+, as well as job-specific certifications such as the Certified Information Systems Security Professional (CISSP) for IAM Level 3.
In addition to certification, DoD 8570 also requires that individuals receive Continuing Education (CE) in order to maintain their certification.
CE activities may include attending training courses, participating in conferences or workshops, or completing online training modules. The specific CE requirements depend on the certification and job role.
Information Assurance Technical (IAT):
- CompTIA A+
- CompTIA Network+
- CompTIA Security+
- Cisco Certified Network Associate (CCNA) Security
- Microsoft Technology Associate (MTA) Security Fundamentals
- GIAC Security Essentials Certification (GSEC)
- Certified Ethical Hacker (CEH)
- Certified Information Systems Security Professional (CISSP) – IAT level 3
Information Assurance Management (IAM):
- CompTIA Security+
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- GIAC Security Leadership Certification (GSLC)
Information Assurance System Architecture and Engineering (IASAE):
- CompTIA Security+
- CISSP – IASAE Level 2
- GIAC Security Leadership Certification (GSLC)
It’s important to note that the specific certifications required for each job role may vary depending on factors such as the individual’s level of experience, the organization’s specific needs, and the scope of the job role.
Additionally, the DoD 8570.01-M is updated periodically to reflect changes in technology and job roles, so it’s important to check for updates and changes to the approved certification list.
On that note, read on for news about a recent update.
What To Know About The New DoD Manual 8140
In February 2023, the Department of Defense Chief Information Officer Honorable John Sherman issued DoD Manual (DoDM) 8140.03 Cyberspace Workforce Qualification & Management Program, the third issuance of the DoD 8140 policy series.
If you are looking to potentially obtain a DoD 8570 certification, this is of particular interest because this DoD Manual 8140 replaces the DoD 8750 Manual.
You can read the full press release on the DoD CIO Issues DoD Manual 8140 here.
The ASEC Positions That Require DoD 8570 Compliance
So, just how important is DoD 8750 compliance for careers at ASEC?
The majority of ASEC’s Information Technology positions, corporate and direct government customer support positions require some level of 8570 compliance.
As an ASEC employee, you’ll work closely with the US Department of Defense to ensure the security of sensitive information and networks, using your expertise and certifications to stay ahead of cyber threats.
If you’re looking to work in a cybersecurity role that requires DoD 8570.01-M compliance, ASEC could be the right fit for you. For more on careers at ASEC, you can find our open positions here.