Categories

Get Started Now

Roadmap to Success: DOD 8570 and 8140 Compliance

Roadmap to Success is a series of posts designed to help learners better understand certification pathways, career opportunities associated with those certifications, and next steps beyond certification.

IT pros hoping to work for the Department of Defense (DOD) or other federal government agencies, even on a contractual or temporary basis, must meet a variety of compliance regulations in order to be eligible for employment. At this time, DOD Directive 8140 provides the regulations, but it is closely aligned to its predecessor, DOD Directive 8570. IT pros can serve in a variety of roles under the federal government, but most typically include network administrator, systems administrator, security specialist, and more.

Department of Defense Directive 8140 and 8570

The Department of Defense Directive (DoDD) 8140 recently replaced Directive 8570, creating a larger initiative and framework that provides Information Assurance workforce qualification requirements. Though DoDD 8140 is the current policy, it adopted the DoDD 8750 manual until an updated manual is produced. As a result, learners who are interested in working with the federal government or the DOD must be compliant with DoDD 8750 regulations.

DoDD 8140 and 8750 Workforce Qualification Requirements basically establish the minimum qualifications IT pros must meet in order to be eligible to work with the DOD or other federal government agencies. DoDD 8140/8750 identifies a variety of levels of Information Assurance Technical (IAT), Information Assurance Management (IAM), Information Assurance System Architect and Engineer (IASAE), and Cyber Security Service Provider (CSSP) for which IT pros must earn industry certifications to qualify for employment.

DoD-approved 8140 (DoDD 8570) Baseline Certifications (IAT, IAM, and IASAE)

IAT Level I IAT Level II IAT Level III
IAM Level I IAM Level II IAM Level III
  • (ISC)2 Certified Authorization Professional (CAP)
  • GIAC Security Leadership (GSLC)
  • CompTIA Security+
IASAE I IASAE II IASAE III
  • (ISC)2 Certified Information Systems Security Professional – Architecture (CISSP-ISSAP)
  • (ISC)2 Certified Information Systems Security Professional – Engineering (CISSP-ISSEP)

DoD-approved 8140 (DoDD 8570) Baseline Certifications (CSSP)

CSSP Analyst CSSP Infrastructure Support CSSP Incident Responder CSSP Auditor CSSP Manager
  • EC-Council Certified Ethical Hacker (CEH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Global Industrial Cyber Security Professional (GICSP)
  • Cisco Cybersecurity Specialist (SCYBER)

DOD 8140/8750 baseline certifications come from a variety of vendors across the IT industry including:

      • CAP
        Certification provides eligibility for IAM Level I and IAM Level II
      • CISSP (learn more from the Roadmap to Success: CISSP)
        Certification provides eligibility for IAT Level III, IAM Level II, IAM Level III, IASAE Level I, and IASAE Level II
      • CISSP-ISSAP
        Certification provides eligibility for IASAE Level III
      • CISSP-ISSEP
        Certification provides eligibility for IASAE Level III
      • CISSP-ISSMP
        Certification provides eligibility for IASAE Level III
      • CSSLP
        Certification provides eligibility for IASAE Level I and IASAE Level II
      • SSCP
        Certification provides eligibility for IAT Level I, IAT Level II, and CSSP Infrastructure Support
  • Cisco
  • GIAC
    • GCED
      Certification provides eligibility for IAT Level III
    • GCFA
      Certification provides eligibility for CSSP Incident Responder
    • GCIA
      Certification provides eligibility for CSSP Analyst
    • GCIH
      Certification provides eligibility for IAT Level III, CSSP Analyst, and CSSP Incident Responder
    • GICSP
      Certification provides eligibility for IAT Level II, CSSP Analyst, and CSSP Infrastructure Support
    • GSEC
      Certification provides eligibility for IAT Level II
    • GSNA
      Certification provides eligibility for CSSP Auditor
    • GSLC
      Certification provides eligibility for IAM Level I, IAM Level II, and IAM Level III
  • ISACA
    • CISA (learn more from the Roadmap to Success: ISACA CISA)
      Certification provides eligibility for IAT Level III and CSSP Auditor
    • CISM
      Certification provides eligibility for IAM Level II, IAM Level III, and CSSP Manager

Exam Details

DoDD 8570 and 8140 compliance draws from a diverse range of vendors, certifications, and exams. There may be some exceptions to the generalizations regarding the following overview of relevant exams.

(ISC)2 Exams
(ISC)2 Steps for Certification:

  1. Document required experience to earn eligibility to sit for many (ISC)2 exams.
  2. Schedule and pass appropriate exam(s).
  3. Complete the endorsement process within nine (9) months of passing the certification exam(s).

Time allotted for exam: 3-6 hours, depending on the exam
Number of questions: 125-250, depending on the exam
Passing score: 700 out of 1,000 points
Exam registration: Pearson Vue testing centers
Exam cost: $250-549 (USD)*, depending on the exam
*Learn more about 2017 (ISC)2 exam pricing
Exam outlines: Available by request on the (ISC)2 website (free resource)

Cisco Exams
Time allotted for exam: 1.5 hours (90 minutes) per exam
Number of questions: 40-60 questions per exam
Passing score: Cisco does not publish the passing score for its exams
Question types: Multiple choice/single answer; Multiple choice/multiple answer; Drag and drop; Fill-in-the-blank; Simulation; Testlet; Simlet
Exam registration: Pearson VUE
Exam cost: $165-300 (USD)*, depending on the exam
*Learn more about exam fees from Pearson VUE
Exam topics: Freely available from Cisco

CompTIA Exams
Time allotted for exam: 90-165 minutes, depending on the exam
Number of questions: Maximum of 90 questions
Passing score: 675-750* (on a scale of 100-900), depending on exam
*The CASP exam is a pass/fail exam with no scaled score.
Question types: Multiple choice and performance-based
Exam registration: Pearson Vue
Exam cost: $205-426 (USD), depending on exam
Exam objectives: Freely available from CompTIA

EC-Council Exams
Time allotted for exam: 4 hours (240 minutes)
Number of questions: 125
Passing score: 70%
Question types: Multiple choice
Exam registration: Pearson Vue
Exam cost: $500 (USD) for an exam voucher; $100 (USD) for the exam eligibility fee
Exam Blueprint: CEH Exam Blueprint v2.0

GIAC Exams
Time allotted for exam: 3-5 hours, depending on the exam
Number of questions: 115-180*, depending on the exam
Please note that GIAC exams are open-book.
Passing score: 68-74%, depending on the exam
Question types: Multiple choice; Application and analysis; RealSkillTest™ questions
Exam registration: GIAC Proctored Exam Registration or Pearson VUE
Exam cost: $429-2,199 (USD), depending on the exam*
*Learn more about GIAC certification pricing
Exam Certification Objectives & Outcome Statements: Freely available from GIAC

ISACA Exams
Time allotted for exam: 4 hours
Number of questions: 15
Question types: Multiple choice
Passing score: 450
Exam registration: ISACA
Exam cost: Early registration for ISACA members: $525  —  for non-ISACA members: $710
Standard registration for ISACA members: $575  —  for non-ISACA members: $760
*Fees for exam registrations submitted by mail or fax increase by $75
Exam Objectives: Freely available from ISACA

Career Considerations

There are a variety of valuable resources available to help learners determine appropriate pay scales for job opportunities associated with DOD 8570 and DoDD 8140, including:

  • OPM.gov – This is probably the best resource for governmental salary information, including pay and leave information, rates of pay based on states and geographic regions, fact sheets, and more.
  • CPMS.OSD.mil – Civilian Personnel Policy and the Defense Civilian Personnel Advisory Service (CPP/DCPAS) is responsible for all wage and personnel policies for any individual or organization that contracts with the DOD.
  • Payscale.com – One of our favorites for finding salary information, salary ranges, and fascinating demographic information for the IT roles you care about.
  • Indeed.com – Use keywords to find the specific role or company you’re interested in, or use this resource to compare civilian and government salaries.
  • Simplyhired.com – Similar to Indeed.com, but with a slightly slicker interface, this is a good resource for finding salary information for specific IT roles.

Keep in mind that as a government role, it’s likely that the salary for the particular role you are considering is public information. Apply a little Google-fu and you should be able to dig up the budget information that will reveal the specific salary information you need.

Concluding Thoughts

When considering DOD or other federal government IT career opportunities, it’s critical to understand how IAT, IAM, IASAE, and CSSP levels work and which certifications you must have to be eligible for employment. Earning the right certifications can set you up for a long-term career, even as a civilian, working for the government to support the IT infrastructure, security, and systems that run our government and society.

Watch. Learn. Conquer DOD 8570 and DoDD 8140!

Not a CBT Nuggets subscriber? Start your free week now.

CBT Nuggets has everything you need to learn new IT skills and advance your career — unlimited video training and practice exams, virtual labs, validated learning with in-video quizzes, accountability coaching, and access to our exclusive community of professionals.

Learn more about the CBT Nuggets Learning Experience.

Comments are closed.