Let's answer some questions.

What is DoD Directive 8570.1?

DoD Directive 8570.01 provides the basis for an enterprise-wide solution to train, certify, and manage the DoD Information Assurance (IA) workforce. The policy requires Information Assurance technicians and managers to be trained and certified to a DoD baseline requirement. The Directive's accompanying Manual identifies the specific certifications mandated by the Directive's enterprise-wide certification program. Much of the Directive addresses workforce management issues. Components must identify and document in personnel and manpower databases, IA personnel and positions and make certain that IA personnel meet training and certification requirements related to their job functions.

The ultimate vision of the Directive is a sustained, professional IA workforce with the knowledge and skills to effectively prevent and respond to attacks against DoD information, information systems, and information infrastructures. This effort will enable DoD to put the right people with the right skills in the right place.

What is the status of the Manual (DoD 8570.01M)?

The Manual has been approved by the Assistant Secretary of Defense for Networks and Information Integration (ASD NII)/DoD Chief Information Officer (CIO) and is now mandatory for all DoD organizations to comply with its requirements.

A copy of the Manual is available on the DoD Publications website located at http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf.

Do I need any special training on how to implement DoD 8570.1?

(I have received e-mails from commercial activities stating that I must attend a mandatory training session on implementing DoD 8570.1) No. Neither you, nor your organization needs special training regarding the implementation of DoD 8570. Furthermore, the DoD has not sponsored or required any commercial 8570.1 implementation training or planning sessions.

You should disregard any direct messages from vendors indicating a requirement to complete their course or information session as part of DoD 8570.1 implementation.

Who has to pay for Certifications?

For DoD military and civilian IA Workforce members, the DoD Component must budget for and pay for an individual's required certification. The Component must also ensure appropriate training is provided for the position and preparation for the certification exam.

Who needs to be certified?

Information Assurance Technical (IAT) and IA Management (IAM) personnel must be fully trained and certified to baseline requirements to perform their IA duties. The policy defines IAT workforce members as anyone with privileged information system access performing IA functions. IAM personnel perform management functions for DoD operational systems described in the Manual. See the question below on "How can I Identify the IA Workforce?" later in this FAQ document.

The training, certification, and workforce management requirements of 8570.1 apply to all members of the DoD IA workforce including military, civilians, foreign nationals, local nationals, Non-appropriated fund (NAF), and contractors. They apply whether the duties are performed full-time, part-time, or as an embedded duty. Future updates to the Manual will incorporate additional portions of the IA workforce. A chapter on "System Architecture and Engineering" is currently under development, which will establish certification requirements for members of the workforce who perform system design functions, such as requirements gathering, that are not currently covered by the manual.

Additional Chapters will be drafted for "Certification and Accreditation" and "Vulnerability Analysts." Until these chapters are published positions/personnel performing these functions with privileged access for the Computing, Network, or Enclave Environment should be included as IAT or IAM Levels I - III based on the environment they are working in.

Ready to get certified?
Register for Boot Camp