Chat with us, powered by LiveChat

NEWS

The DoD 8140 Directive Explained

May. 27, 2020

The DoD 8140 Directive Explained

The Department of Defense created the 8140 directives to identify, tag, track, and manage the cybersecurity workforce. This directive lays down baseline certification requirements for technical, management, servicing, and engineering job roles while working for the U.S government or for a government contractor. The directive also updates policies and requirements regularly to account for new technologies and changes in the industry and allows for DoD workforce management to ensure that all requirements of the directive are met. Overall, the DoD 8140 covers 7 broad categories and 54 work roles and outlines which cybersecurity certifications are approved by the DoD.

 

DoD 8140 Job Categories

The DoD 8140 directive is an update of the 8570 DoD directive and uses work roles from the NICE framework. There are 7 job categories that are involved in the 8140 directives and it uses the Defense Cybersecurity Workforce Framework (DCWF) to identify job roles and add additional work roles. In addition to the 7 job categories, there are 33 different specialty areas that accompany each role.

 

The 7 Job Categories and specialty areas are:

 

  1. Securely Provision – Risk management, software development, systems architecture, technology R&D, systems requirements planning, and test and evaluation.
  2. Operate and Maintain – Data administration, knowledge management, customer service and technical support, network services, systems administration, and systems analysis.
  3. Oversee and Govern – Legal advice and advocacy, training and education, cybersecurity management, strategic planning and policy, executive cyber leadership, project management.
  4. Protect and Defend – Cyberdefense analysis, cyber defense infrastructure support, incident response, and vulnerability assessment.
  5. Analyze – Threat analysis, exploitation analysis, all-source analysis, targets, and language analysis.
  6. Collect and Operate – Collection operations, cyber operational planning, and cyber operations.
  7. Investigate – cyber investigations and digital forensics.

 

 

DoD 8140 Compliance

Most government divisions and contractors will require information security personnel must obtain one of the IT certifications listed in the DoD 8570.01 mandate. In order to become compliant, you will have to earn specific baseline certifications, and in order to earn those certifications, you must follow a specific set of instructions.

The DoD Cyber Exchange outlines the four steps for earning baseline certifications.    

  1. Contact your IAM (Information Assurance Manager) and identify your position, level, and IT requirements needed for compliance.
  2. Obtain training for the certification and follow your organization's procedure.
  3. Request an exam voucher from your IAM for the certification and complete the exam.
  4. Notify your IAM once you have completed all required training and have received your certification.

 

                              DoD Baseline Certifications

 DoD 8570 Approved Certifcations

 

Currently, the DoD only requires an individual to obtain any of the approved certifications based on their role and specialty areas. As you can see from the chart most IA levels within a category or specialty have more than one approved certification and certification may apply to more than level. Also, an individual only needs to obtain one of the approved certifications for their specific category to meet the minimum requirement. Higher-level certifications will also satisfy lower-level requirements. For example, certifications in level 2 or level 3 areas can satisfy level 1 requirements. More information such as certification vendors and specific requirements and procedures can be found on the DoD cyber exchange public site.

 

Start training with SecureNinja today to satisfy all your DoD 8140 compliance training needs online! Call 703-535-8600 today for a special offer!

 

SecureNinja is an award-winning training and certification school, and SecureNinja has a proven track record of assisting Fortune 100, Government, and Military organizations. For more information on how SecureNinja can benefit you or your organization fill out the form to the right of this post or call 703-535-8600.

 

Sources

 

*For a more detailed break down on each job categories and specialty area please see the NICE official website - https://www.nist.gov/itl/applied-cybersecurity/nice/nice-cybersecurity-workforce-framework-resource-center  

*Information on baseline certifications - https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/

*Additional resources - https://www.comptia.org/blog/what-is-dod-8140-cybersecurity-certifications-and-requirements

https://www.comptia.org/blog/difference-dod-8570-dod-8140-dod-8570.01-m

https://secureninja.com/news/dod-announces-new-cybersecurity-framework.html