PCI
PCI

What is DoD 8570, who does it apply to, and how it works

In the 21st century, cyberspace gradually transformed into a battlefield in which DoD assets are the epicenter for success. As a result, DoD 8570 is a necessary certification. It is especially relevant for any commercial contractor and military/civilian or personal requirements for the Information Assurance professionals.

What is DoD 8570?

Department of Defense Directive 8570 is more of a policy than a certification. One earns DoD 8570 compliance after earning several certifications. Therefore, there is no single certification known as “8570”. Further, you will find a description of the certifications essential for DoD 8570 compliance. Specifically, DoD IT employees pursue CCNA Security and A Network+ CE.

DoD 8570

Who Does 8570 Apply to?

8570 applies to some people notwithstanding their job and occupational series. Mostly, participants include local nationals, full-time or part-time military service members. These are people with access to the DoD information system. Additionally, these individuals are actively engaged in conducting information security functions. In short, contractors and government employees need DoD 8570.

The Department of Defense has a five-year plan as stated in the 8570.01 manual. This plan will integrate into their system Information Assurance professionals. The Defense Information Assurance Program further splits its Information Assurance profession into six categories. The manual further makes it clear about the credentials that qualify for any of these categories.

DoD 8570

The Past and Future of DoD 8570

DoD 8570 was particularly published to deal with the fear of unqualified personnel continually taking up cyber-security roles. That was in 2005; little over a decade ago. The directive touched on all persons with access to information systems. Similarly. it conducted vital security functions.

The targets for the publication included:

  • help desk technicians,
  • computer repair technicians,
  • information security managers and
  • system administrators

The guideline brought significant changes in the government. Furthermore, units received the privilege to request for resources to up the skills of the current staff. There was a change in the kind of training done as well. Additionally, new military personnel was assigned Information Assurance (IA) jobs. This move ascertained that new recruits were at their best before deployment into the battlefield. Most noteworthy, 8570 introduced categorization and certifications further defining the necessary standards needed for a long time.

What lies ahead for DoD 8570? All things considered, with the directive converting to DoD 8140, additional high standard requirements are expected. Certainly, things will remain as they are; at least for the next three years. All organizations and contractors will, as a result, remain bound to follow the guidelines enlisted in 8570 manual. Similarly, they ought to have a certification for the same.

How DoD 8570 works

DoD 8570 is clear that all persons in charge of information assurance for department systems must meet the certifications for them to handle the job. Moreover, the Defense Department Directive issued a manual that describes the different job categories, both technical and managerial positions.

Furthermore, DoD trains and certifies its employees under its own bill. Check out the following commercial certifications approved by DoD. This section has cost information, as well as a detailed description of the certifications:

Job Category Example Certification Provider Time and Cost
Incident Responder CERT Carnegie Mellon Software Engineering Institute Three course training with each course lasting for 5 days

Exam costs $200

Information Assurance Technical A+ CompTIA Is a five-day course

CompTIA members pay $132

Non-members pay $168

Computer Network Defense Auditor Certified Information Systems Auditor Information Systems Audit and Control Association 2 ½ hour per week for 14 weeks

Members pay $300

Non-members pay $325

DoD employees pay $400 for the exam

Certifications Required for DoD 8570 Compliance

Meanwhile, we have created a classification table to help you have a better view of the required certifications. This table guides what certification commensurate with personal job duties.

The certifications can be categorized into:

  • Technical-level certifications that require the Information Assurance Technical (IAT) certifications.
  • Management-level certifications that require the Information Assurance Management (IAM) Certifications

DoD 8570

The following tiers and certifications are necessary for technical-level personnel
IAT Level I

Network+

A+

SSCP

IAT Level II

SSCP

SCNP

Security+

GSEC

IAT Level III

CISA

SCNA

CISSP

GSE

The following tiers and certifications are necessary for Management-level personnel
IAM Level I

GSLC

CAP

Security+

IAM Level II

CISM

GSLC

CISSP (or Associate)

CAP

IAM Level III

GSLC

CISM

CISSP (or Associate)

However, CAP applies to individuals actively involved in formalizing risk-assessing processes and creating security requirements. They establish a balance between the information systems security and the potential risk and damage.

Security+

Security+ certification handles the vital network security principles. It is a significant boost to a career in IT security. The certification is approved by the Department of Defense as it meets the Directive 8570 requirements. Additionally, it complies with government regulations through the Federal Information Security Management Act (FISMA).

Security+ certification has global recognition. This is most of all because it is developed and maintained by top IT experts. The exam is also designed after detailed consultation and feedback from the industry-wide survey. Areas covered by the Security+ exam include network security, data and host security, threats and vulnerabilities.

Conclusively, DoD 8570 integrates this certification as it proves ones’ qualification to secure a network and detect hacker activities.

Certified Authorization Professional (CAP)

CAP certification objectively measures one’s knowledge and skills in authorizing and maintaining information systems. Specifically, individuals in charge of making formal processes and assessing risk for security assurance are the main pursuers of this credential. They make decisions that determine whether or whether not the IS commensurate with the risks and threats.

The Department of Defense (DoD) considers CAP as a vital consideration to prove one’s skills. Similarly, other U.S. Federal government wings and State Departments value its worthiness. Besides, Local governments, civilians, and commercial markets are the most appropriate candidates for these credentials.

Meanwhile, vital skills to possess before enrolling include IT security, systems administration, and information security policy and information assurance.

Network+

Elsewhere, the Network+ certification validates that you have what it takes to troubleshoot, design, manage and configure networks. Additionally, the certification covers both wired and wireless. At this point, there is an increased demand for Network+ certified personnel worldwide.

Trainees for this program are subjected to dynamic networks, software and hardware activities to up their skills. This particularly allows them to integrate their talent with IT requirements. The certification gives an in-depth analysis of the modern technologies.

Even so, there are no prerequisites set for any person wishing to take the Network+ certification exam. However, meeting the following requirements before the course is of great importance. Some of these may become acquired as the study proceeds.

  • Basic PC operation knowledge
  • Understanding the basics of networking technology
  • Experience of one or more of the following operating systems – Linux, Novel; Netware or Windows

A+

DoD 8570

Next, the A+ certification validates that PC service personnel has a deeper understanding of the following: operating, installing, customizing and maintaining the personal computers. Initially, A+ certification was a lifetime award. However, as from 2011, the A+ certificate is renewed every three years by taking a test. The other alternative is to pay Continuing Education Units fee to maintain the certificate.

The A+ exam covers identification, traditional and situational type of questions. Trainees are provided with multiple-choice questions from which only one answer is correct. Besides, anybody can take the exam. However, it is most recommended for service technicians with six months of experience.

Systems Security Certified Practitioner (SSCP)

Every organization values systems security and strives to hire the right people. The SSCP certification, for this reason, helps information security staff to stand out as the best in the market. It is a necessary certification for personnel with proven technical skills in IT roles.

Moreover, SSCP assists professionals in different scenarios. It lets you demonstrate technical ability earned from hands-on technical roles. Similarly, it confirms in-depth knowledge on security testing; incident response, intrusion detection, authentication, attacks and countermeasures and most of all code countermeasures.

For the organization, SSCP helps bolster security posture through the implementation of standard procedures. As a result, it enhances security coherence all over the organization since practitioners have a common security language. Additionally, it ups organizational integrity as viewed by clients and stakeholders.

The following is the best fit for SSCP but the certification is not limited to them:

  • Systems Engineer
  • Security Analyst
  • Security Consultant
  • Systems Analyst
  • Network Security Engineer
  • Systems Administrator
  • Database Administrator

Security Certified Network Professional (SCNP)

On the other hand, the SCNP certification offers networks administrator with hands-on skills necessary for advanced organization protection. Enrolled students are taken through prevention techniques, risk analysis as well as policy creation in a technology-intensive environment. The certification ensures professionals are up-to-par with real-world security threats using the latest security lessons

Furthermore, SCNP handles the elements that ensure a network is safe. These include protecting the commercial operating systems like Linux and Windows. Foundational skills validated include ethical hacking, hardening the OS, securing the Internet and creating organization security policy.

However, candidates are required to complete SCNS before enrolling for SCNP. This is because the latter picks from where SCNS left off.

GSEC

Moving forward, the GSEC certification is necessary for IT Security Professionals who want to validate their hands-on ability when it comes to security tasks. The enrolled students have to prove a deeper understanding of IS just beyond the general concepts and terminology. The exam tests various areas including the network protocol, IP packets, IPv6, DNS, UDP among others.

Additionally, candidates must demonstrate their versatility in detecting a malicious code and its propagation. Also, they should be capable of giving a detailed description of how to avert its expensive effects.

GSEC certifications are renewable after every four years. Thus, candidates are required to accumulate 36 CPEs so as to renew.

Certified Information Systems Auditor (CISA)

Further, CISA is a worldwide recognized certification for professionals who can monitor, control, and audit and assess business systems and information technology. Candidates can use the CISA certification to showcase their audit skills, experience and knowledge to assess vulnerabilities.

As a result, any person interested in information systems security, audit and control is invited to take the CISA examination. Successful exam applicants receive the relevant information they need regarding the passing score. Moreover, CISA Exam Review Courses has all the resources one may require for preparation.

Candidates submit their CISA application for certification upon completing the exam and meeting all the requirements. Even more, one needs a minimum of 5years experience in auditing, security, and control of information systems.

SCNA

The program advances one’s security and technological skills required in building trusted networks. SCNA fosters skills and knowledge such as Wireless Securing, Biometrics, Forensics, Digital Signatures, Digital Certificates, Strong Authentication, as well as Cryptography. Candidates get a chance to experience applications in a teaching environment courtesy of the hands-on labs.

Networks continue to evolve, thus, making it necessary to develop trusted networks. Professionals with the ambition to remain the best in the market must have knowledge of these changes. These are the kinds of professionals with the understanding that IDS and firewall protection is not enough.

Also, an exam is mandatory for one to attain the SCNA certification. The program is split into two exams for which candidates must meet the minimal pass mark. These exams include Enterprise Security Implementation Exam and TSE exam that touches on SCNP and SCNA facets.

Certified Information Systems Security Professional (CISSP)

CISSP is one of the main prerequisites for any person with ambitions of advancing a career in information security will certainly. CISSP offers IS professionals global recognition of their competence measured on the most standard basis. Suitable candidates for this program include both middle and senior managers.

5 years’ experience in the IS field is one major qualification requirement for the CISSP certification. Similarly, candidates must pass the CISSP exam and continually maintain this certification through CPE credits.

Most noteworthy, CISSP examinations entail class intensive training. The course is designated to ensure smooth following throughout the study period. Information security professionals also have to complete an essential manual. The manual prepares them for the examination.

GSE

Any person with interest in keeping their information security skills high must consider the GIAC GSE certification. GIAC GSE is not just an ordinary test. This is because one must have three GIAC tests to qualify for the certification. The prerequisite certs are HCIH, GCIA, and GSEC.

A multiple choice examination precedes the GSE exam. One will only seat for the final test upon passing the multiple choice one. The different aspects tested are IDS tools, capture, analyze and interpret traffic. Candidates are also taken through malware, common attacks, IH process and preserving evidence.

GIAC Security Leadership Essentials for Managers (GSLC)

GIAC GSLC certification qualifies one’s skills in security systems from a manager’s or a supervisor’s perspective. The GSLC exam is particularly your pathway into managerial roles within the security industry.

GSLC does not enlist specific pre requisites for Qualification to join. But as much as such pre requisites are non-existent, it is significant that a candidate has hands-on experience in security management and deeper insight in information security.

The examination includes 115 questions with a time frame of 3 hours’ time. The minimum passing score is 68 seconds. The certification is also not for a lifetime. It is renewed after every four years.

CISM

If you are interested in security management, then this certification will fulfill your dream. Enrolling demands that you satisfy the following requirements:

  • Pass the CISM exam
  • Follow the ISACA Code of Ethics
  • Follow the CEP at workplace
  • Meet the minimum field work experience
  • Apply for the CISM certification

On passing the CISM exam, the score is valid for a maximum of 5 years. If one does not meet the other CISM certification requirements before this period ends, then, the score becomes invalid.

Individual employers must independently verify all the enlisted experience. Moreover, it must be experience garnered within the ten years preceding the date for applying or within five years of CISM exam.

However, there is room for appealing if the certification application is denied.

References

https://www.giac.org/certification/security-leadership-gslc

https://www.isc2.org/cap/default.aspx

https://news.clearancejobs.com/2015/04/23/dod-8570/

https://www.giac.org/certifications/dodd-8570#ia

http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Apply-for-certification/Pages/default.aspx

http://resources.infosecinstitute.com/dod-8570-requirements/#gref

Elsewhere, please take a look at my other post on PCI and MFA.

LEAVE A REPLY

Please enter your comment!
Please enter your name here