UNDERSTANDING DOD 8570 TRAINING REQUIREMENTS

If you’re an information systems security professional, it’s important to be familiar with the DoD 8570. If you’re not sure what this is or aren’t clear on some aspects of it, this guide is here to walk you through what you need to know.
We’ll go over:

 

  • What DoD 8570 is
  • Who it applies to
  • Why it’s important to know about DoD 8570
  • What’s involved in becoming DoD 8570 compliant
  • Options for certification.

 

By the end, you should have a more solid understanding of what it is, and some concrete ideas for what to do next.

Let’s get started!

What is DoD 8570?

DoD 8570 stands for Department of Defense (DoD) Directive 8570, also known as the Information Assurance Workforce Improvement Program. One of the first important things to note about the DoD 8570 is that it isn’t actually a qualification or certification — it’s a policy.

That means your goal won’t be to get ‘qualified’ for the DoD 8570, instead, you should be aiming to become compliant with it. This is done by getting a range of separate certifications, which we’ll cover in more depth later in the post.

You may have heard that the DoD 8570 is in the process of being replaced by the DoD 8140, which is correct. However, it’s expected to be a few years before this is complete, so the 8570 will be the relevant directive until then.

Where did DoD 8570 come from?

The DoD 8570 was established in 2005 to address the problem of unqualified workers doing cybersecurity work for the DoD. For obvious reasons, having staff working on issues of national security without proper training was a big concern for the federal government.

The DoD 8570 ensures all staff working with information security within the DoD are properly qualified. This is done by requiring members of staff to attain certain respected certifications.

These required certifications are divided into categories based on the kind of work the person will be doing. We’ll get into this in more detail later on.

Who does it apply to?

DoD employees involved in information security, such as anyone in the Office of the Secretary of Defense or Office of the DoD Inspector General

Part- and full-time military staff

Defense agencies

Part- or full-time contractors for the DoD

DoD Field Activities

Any local national with private access to a DoD system performing information security functions

Anyone working in the above jobs will need to become DoD 8570 compliant. In addition to that, anyone hoping to work for the DoD at some point should also consider getting the relevant qualifications.

In that sense, becoming DoD 8570 compliant comes with a lot of potential career options, such as the ability to work in defense and use your skills to make a real difference to national security.

How Do You Become DoD 8570 Compliant?

Your road to DoD compliance is going to depend on the kind of work you do. As mentioned above, the required qualifications are grouped into categories. The two main categories are Information Assurance Technical (IAT) and Information Assurance Management (IAM). Let’s dive into those a little deeper.

  • Information Assurance Technical (IAT) certifications are aimed at those who work in more technical roles
  • Information Assurance Management (IAM) certifications are aimed at more managerial positions

These categories are further broken down into three levels based on the responsibilities of the job.

In the rest of the guide, we’ll take you through each of the levels for each category. We’ll look at the jobs you need each level for, the options for certification, some training advice, and the skills you’ll gain at each level.

Only one certificate is needed at each level to become compliant. The good news here is that there are several options for certifications at each stage.

Let’s start with the IAT levels, for technical-level staff. If the IAM applies to you instead, you can skip this part and scroll down to that section below.

 

IAT Levels and Certifications

Level 1

The first level of the IAT category is for personnel with 0-5 years of experience. Their role is to fix flaws, implement IAT controls, and perform basic security controls.

What are the functions involved?

According to the DoD 8570, these are some of the functions that level 1 IAT personnel will be expected to perform:

 

  • Recognize a potential security violation, take appropriate action to report the incident as required by regulation, and mitigate any adverse impact
  • Apply instructions and pre-established guidelines to perform IA tasks within CE
  • Provide end user IA support for all CE operating systems, peripherals, and applications
  • Support, monitor, test, and troubleshoot hardware and software IA problems pertaining to their CE
  • Apply CE specific IA program requirements to identify areas of weakness.
  • Apply appropriate CE access controls
  • Conduct tests of IA safeguards in accordance with established test plans and procedures
  • Apply established IA security procedures and safeguards and comply with the responsibilities of the assignment
  • Comply with system termination procedures and incident reporting requirements related to potential CE security incidents or actual breaches

 

What jobs does this apply to?

 

  • Security Analyst
  • System Administrator
  • Application Administrator
  • Network Administrator
  • Computer Technician

What are the certification options?

CompTIA A+

this is a solid base for any IT career, focusing on IT operations, problem-solving, troubleshooting, and networking. It includes operating systems and mobile devices. The exam contains 90 multiple choice questions and is 90 minutes long.

The CompTIA A+ would be a good fit for jobs such as support specialist and field service technician.

CompTIA Network+

This is another fundamental IT qualification, with a sharper focus on networks. Skills gained here include how to troubleshoot, manage, and configure networks, and how to design and implement functional networks. It covers basic networking concepts and infrastructure, with some focus on security.

The exam contains 90 multiple choice questions and is 90 minutes long.

The CompTIA Network+ is a good choice for computer technicians, IS consultants, systems engineers, and network analysts.

(ISC)² Systems Security Certified Practitioner (SSCP)

The Systems Security Certified Practitioner from (ISC)² is focused on operation security. It teaches students how to implement, monitor, and administer IT infrastructure with security best practices. The exam consists of 125 multiple choice questions with a time limit of 3 hours

This qualification applies best to job titles like network security engineer, security consultant, and security analyst.

Cisco Certified Network Associate Security

With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.

Level 2

Level 2 of the IAT generally applies to people with at least 3 years experience in information assurance technology or a similar area. It requires mastery of the IAT level 1 functions.

At this level, personnel tend to focus more on security-related duties like intrusion detection, finding and fixing vulnerabilities, and improving the security of systems.

What are the functions involved?

According to the DoD 8570, these are some of the functions that level 2 IAT personnel will be expected to perform:

  • Demonstrate expertise in IAT Level I computing environment (CE) knowledge and skills
  • Examine potential security violations to determine if the network environment (NE) policy has been breached, assess the impact, and preserve evidence
  • Support, monitor, test, and troubleshoot hardware and software IA problems pertaining to the NE
  • Recommend and schedule IA related repairs in the NE
  • Perform IA related customer support functions including installation, configuration, troubleshooting, customer assistance, and/or training, in response to customer requirements for the NE
  • Provide end user support for all IA related applications for the NE
  • Analyze patterns of non-compliance and take appropriate administrative or programmatic actions to minimize security risks and insider threats
  • Manage accounts, network rights, and access to NE systems and equipment
  • Analyze system performance for potential security problems

 

What jobs does this apply to?

Jobs for IAT level 2 professionals include:

 

  • System Administrator
  • IT Security Specialist
  • Information Security Analyst

What are the certification options?

GIAC Security Essentials (GSEC)

This certification is aimed at security professionals. It requires candidates to demonstrate an understanding of information security beyond basic concepts and terminology, covering areas like active defense, contingency plans, endpoint security, threat hunting, and wireless network security. The exam contains 180 questions with a time limit of 5 hours.

It’s a pathway to jobs like Information Security Systems Officer, Information Security Engineer, Information Security Analyst, and Senior Cyber Security Engineer.

Global Industrial Cyber Security Professional (GICSP)

GICSP will assess a base level of knowledge and understanding across a diverse set of professionals who engineer or support control systems and share responsibility for the security of these environments.

CompTIA Security+

CompTIA Security+ focuses on baselines skills for core security functions. It’s made up of performance based questions, with an emphasis on practical skills, and comprises some of the latest trends and techniques. The exam consists of 90 multiple choice questions with a 90-minute time limit.

This is a good fit for jobs like Systems Administrator, Network Administrator, Security Specialist, Security Consultant, and Junior IT Auditor/Penetration Tester.

CompTIA Cybersecurity Analyst (CySA+)

CompTIA Cybersecurity Analyst (CySA+) is an IT workforce certification that applies behavioral analytics to networks and devices to prevent, detect and combat cybersecurity threats.

SCP Security Certified Network Professional (SCNP)

The SCNP stands for Security Certified Network Professional and covers hands-on information security skills. For this qualification, you’ll need to already have the SCNS certification.

The SCNP demonstrates prevention techniques, risk analysis, and security policy creation among other things, and builds on foundational skills like cryptography, ethical hacking techniques, and creating a security policy. The exam takes the form of multiple choice questions.

Jobs the SCNP qualifies students for include Security Analyst, Information Security Consultant, and Systems Administrator.

(ISC)² Systems Security Certified Practitioner (SSCP)

(Covered in the above section)

Level 3

Level 3 of the IAT concerns professionals with at least seven years experience in information assurance who have expert knowledge of the IAT level 2 and 3 functions.

Professionals at this level are expected to fulfill high-level, possibly leadership roles and be responsible for secure integration and operation of systems.

What are the functions involved?

According to the DoD 8570, these are some (but not all) of the functions that level 3 IAT personnel will be expected to perform:

  • Mastery of IAT Level I and IAT Level II CE/NE knowledge and skills
  • Coordinate and/or provide support for all enclave applications and operations
  • Formulate or provide input to the enclave’s IA/IT budget
  • Identify and/or determine whether a security incident is indicative of a violation of law that requires specific legal action
  • Provide direction and/or support to system developers regarding correction of security problems identified during testing
  • Examine enclave vulnerabilities and determine actions to mitigate them
  • Analyze IA security incidents and patterns to determine remedial actions to correct vulnerabilities
  • Implement vulnerability countermeasures for the enclave

What jobs does this apply to?

Jobs for IAT level 3 professionals include high-level technical roles like Chief Information Security Officer, Information Technology Manager, and PCI Security Specialist.

What are the certification options?

ISACA Certified Information Systems Auditor (CISA)

The Certified Information Systems Auditor certification is aimed at high-level IT professionals and demonstrates the ability to audit, monitor, access, and control data. It concerns IT government systems and infrastructure lifecycle management.

The exam is four hours long and features 200 multiple choice questions.

Jobs for CISA certified professionals include Internal Auditor, Public Accounts Auditor, Information Security Analyst, IT Audit Manager, and PCI Security Specialist.

(ISC)² Certified Information Systems Security Professional (CISSP)

CISSP is aimed at information security professionals with deep experience in senior level roles, with at least five years on the job.

It demonstrates the ability to design, implement, and manage a security program and is one of the most highly respected certifications in the field.

Jobs for a CISSP include Chief Information Security Officer, Security Systems Administrator, Information Assurance Analyst, and Senior IT Security Consultant.

Although the CISSP exam is challenging with a minimum of 100 questions and a 3-hour time limit, the Beyond20 CISSP Bootcamp is a great way to prepare and give yourself the best possible chance of success.

GIAC Security Expert (GSE)

The GIAC Security Expert qualification was developed by infosec industry leaders and experts. It focuses on the assessment of hands-on skills and practical knowledge, and candidates are expected to demonstrate advanced ability and knowledge of security functions.

Topics covered in the exam include incident handling skills, intrusion detection and analysis, and general security skills. The assessment is split into a 3-hour multiple choice exam and a 2-day hands-on lab.

It’s tough and highly respected, and candidates need a GSEC, GCIA, and GHIC certificate to even begin. However, the GSE qualifies you for some of the top jobs in information security.

GIAC Certified Enterprise Defender (GCED)

The GIAC Certified Enterprise Defender (GCED) certification builds on the security skills measured by the GIAC Security Essentials certification. It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. GCED certification holders have validated knowledge and abilities in the areas of defensive network infrastructure, packet analysis, penetration testing, incident handling and malware removal.

SCP Security Certified Network Architect (SCNA)

The Security Certified Network Architect certification is the top qualification in the SCP program. It requires an SCNP certificate and focuses on the skills and technology required to build trusted networks.

Topics include legal issues, wireless security, biometrics, digital certificates and signatures, and PKI policy and architecture. The exam is 2 hours long.

The SCNA is relevant for leadership roles such as Security Administrator and Information Technology Manager.

Cisco Certified Network Professional Security (CCNP Security)

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically for security in routers, switches, networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

GIAC Certified Incident Handler (GCIH)

A GCIH, or Certified Incident Handler, is trained to manage security incidents. They do this through understanding the threats to an organization and having the skills necessary to defend against an attack.

The exam is 4 hours long with 100-150 questions, and requires 73% to pass. Jobs for GCIH professionals include Cybersecurity Analyst and SOC Analyst.

CompTIA Advanced Security Practitioner (CASP+)

The CompTIA Advanced Security Practitioner (CASP+) certification is designed for technical professionals who wish to remain immersed in technology as opposed to strictly managing. It’s a hands-on, performance-based cert for practitioners (not managers necessarily) with advanced skill levels. Essentially, this certification equips practitioners with the skills necessary to figure out how to implement solutions within the policies and frameworks implemented by management.

The CASP+ exam covers risk management, enterprise security operations and architecture, research and collaboration, and integration of enterprise security. The maximum of 90 performance-based questions must be completed within 165 minutes – and CompTIA recommends about 10 years of experience in IT administration, including at least five years of hands-on technical experience, prior to sitting for it.

IAM Levels and Certifications

Level 1

Level 1 of the IAM category contains professionals with 0-5 years of experience. They’re expected to apply knowledge of IA policy, procedures, and structure to develop, implement, and maintain a secure computing environment.

Compared to the IAT group, this category is more focused on managerial and leadership skills, and the required qualifications reflect that.

What are the functions involved?

According to the DoD 8570, these are some (but not all) of the functions that level 1 IAM personnel will be expected to perform:

  • Use federal and organization-specific published documents to manage operations of their computing environment (CE) system(s)
  • Support and administer data retention and recovery within the CE
  • Validate users’ designation for IT Level I or II-sensitive positions, per Reference (bc)
  • Recognize a possible security violation and take appropriate action to report the incident, as required
  • Ensure that system security configuration guidelines are followed
  • Ensure that IA requirements are integrated into the Continuity of Operations Plan (COOP) for that system or DoD Component
  • Ensure that IA security requirements are appropriately identified in computer environment operation procedures

What jobs does this apply to?

IAM level 1 qualifications generally relate to junior-level management jobs in infosec, such as:

  • Cybersecurity analyst
  • IA manager
  • Information systems security officer (ISSO)
  • Information systems security manager (ISSM)

What are the certification options?

GIAC Information Security Fundamentals (GISF)

The GIAC Information Security Fundamentals certification requires candidates to demonstrate key concepts of information security, understand threats and risks, and be aware of how to defend against these.

Topics on the exam include application security, computer math, cryptography, and network attacks. It’s aimed at professionals who want to get familiar with information assurance. The exam is 2 hours long and contains 75 questions.

Jobs for GISF certified professionals include Information Security Officer, Managers, and System Administrators.

GIAC Cyber Security Leadership Certification (GSLC)

The GIAC Security Leadership certification focuses on leadership and management skills in information security. This includes managing security operation centers, managing application security, managing security policy, managing system security, and vulnerability management.

It’s a single 3-hour exam with 115 questions. A GSLC certification can be a route to a range of managerial and supervisory roles in information security.

CompTIA Security+

(Covered in the previous section)

(ISC)² Certified Authorization Professional (CAP)

The (ISC)² Certified Authorization Professional (CAP) certification covers the advanced technical skills and knowledge needed to authorize and maintain information systems within the RMF using best practices, policies and procedures established by the cybersecurity experts at (ISC)².

Level 2

Level 2 of the IAM category concerns professionals with at least 5 years of management experience. It focuses on knowledge of IA policy, procedures, and workforce structure to develop, implement, and maintain a secure network environment.

What are the functions involved?

According to the DoD 8570, these are some (but not all) of the functions that level 2 IAM personnel will be expected to perform:

  • Develop, implement, and enforce policies and procedures reflecting the legislative intent of applicable laws and regulations for the network environment (NE)
  • Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations
  • Recommend resource allocations required to securely operate and maintain an organization’s NE IA requirements
  • Develop security requirements for hardware, software, and services acquisitions specific to NE IA security programs
  • Assist in the gathering and preservation of evidence used in the prosecution of computer crimes
  • Review IA security plans for the NE
  • Identify alternative functional IA security strategies to address organizational NE security concerns
  • Review the selected security safeguards to determine that security concerns identified in the approved plan have been fully addressed
  • Evaluate the presence and adequacy of security measures proposed or provided in response to requirements contained in acquisition documents

What jobs does this apply to?

Level 2 IAM includes high-level management and leadership roles in information security.

 

What are the certification options?

ISACA Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) certification is aimed at those looking for leadership and management roles in the information security industry. Candidates should demonstrate how to build, design, and implement enterprise infosec programs.

The exam contains 150 multiple choice questions in a time limit of 4 hours. Candidates must have 5 years of experience in infosec, although this time can be lower if supplemented with other qualifications such as the CISSP. Learn more about CISM exam prep.

Jobs for CISM professionals include Senior Cybersecurity Manager, Senior IT Security Analyst, and Network Security Consultant.

GIAC Security Leadership Certification (GSLC)

(Covered in the above section)

(ISC)² Certified Information Systems Security Professional (CISSP)

(Covered in the above section)

(ISC)² Certified Authorization Professional (CAP)

(Covered in the section above)

CompTIA Advanced Security Practitioner (CASP+)

(Covered in the previous section)

Certified Chief Information Security Officer

Bringing together all the components required for a C-Level positions, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program.

Level 3

Level 3 of IAM features professionals with at least 10 years of management experience. They’re expected to apply their knowledge of IA policy, procedures, and workforce structure to develop, implement, and maintain a secure enclave environment.

What are the functions involved?

According to the DoD 8570, these are some (but not all) of the functions that level 3 IAM personnel will be expected to perform:

  • Securely integrate and apply Department/Agency missions, organization, function, policies, and procedures within the enclave
  • Ensure IAT Levels I – III, IAM Levels I and II, and anyone with privileged access performing IA functions receive the necessary initial and sustaining IA training and certification(s) to carry out their IA duties
  • Ensure information ownership responsibilities are established for each DoD IS and implement a role based access scheme
  • Evaluate proposals to determine if proposed security solutions effectively address enclave requirements, as detailed in solicitation documents
  • Evaluate cost benefit, economic and risk analysis in decision-making process
  • Interpret patterns of non-compliance to determine their impact on levels of risk and/or overall effectiveness of the enclave’s IA program
  • Ensure that security related provisions of the system acquisition documents meet all identified security needs
  • Evaluate and approve development efforts to ensure that baseline security safeguards are appropriately installed

What jobs does this apply to?

Level 3 IAM and the associated certifications apply to the highest-level management roles in information security.

What are the certification options?

ISACA Certified Information Security Manager (CISM)

(Covered in the previous section)

GIAC Cyber Security Leadership Certification (GSLC)

(Covered in the previous section)

(ISC)² Certified Information Systems Security Professional (CISSP)

(Covered in the previous section)

Certified Chief Information Security Officer (CCISO)

(Covered in the section above)

IASAE Levels and Certifications

Level 1

Level 1 of IASAE is typically entry-level. According to the DoD, professionals in this bracket are expected to apply knowledge of IA policy, procedures, and structure to design, develop, and implement CE system(s), system components, or system architectures.

What functions are involved?

According to the DoD 8570, these are some (but not all) of the functions that level 1 IASAE personnel will be expected to perform:

  • Identify information protection needs for CE system(s) and network(s)
  • Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents
  • Design and develop IA or IA-enabled products for use within a CE
  • Design, develop, and implement security designs for new or existing CE system(s)
  • Ensure that the design of hardware, operating systems, and software applications adequately address IA security requirements for the CE
  • Develop and implement specific IA countermeasures for the CE
  • Develop interface specifications for CE system(s).
  • Ensure that system designs support the incorporation of DoD-directed IA vulnerability solutions, e.g., IAVAs
  • Develop IA architectures and designs for systems processing Sensitive Compartmented Information (SCI) that will operate at Protection Level 1 or 2 as defined in Reference (vu)
  • Identify, assess, and recommend IA or IA-enabled products for use within a CE; ensure recommended products are in compliance with the DoD evaluation and validation requirements

What jobs does it apply to?

Jobs for level I IASAE professionals include entry level positions in roles like IT systems engineer, systems engineer, or data architect.

What are the certification options?

(ISC)² Certified Information Systems Security Professional (CISSP)

(Covered above)

(ISC)² Certified Secure Software Lifecycle Professional (CSSLP)

The Certified Secure Software Lifecycle Professional (CSSLP) certification recognizes leading application security skills. It shows employers and peers you have the advanced technical skills and knowledge necessary for authentication, authorization and auditing throughout the SDLC using best practices, policies and procedures established by (ISC)².

Jobs for CSSLPs include software architect, software engineer, application security specialist, IT Director/Manager, and many other leadership-level cybersecurity positions.

The certification exam is focused on the 8 CSSLP domains and consists of 175 multiple choice questions to be completed within 4 hours. To sit for the exam, you must have 4 years of cumulative paid full-time software development lifecycle professional work experience in 1 or more of the 8 domains with a 4-year degree or equivalent in computer science, IT, or related fields.

CompTIA Advanced Security Practitioner (CASP+)

(Covered above)

Level 2

Level II of the IASAE concerns those with at least 5 years of IASAE experience. Their duties include the design, development, implementation, and/or integration of a DoD IA architecture, system, or system component for use within the network environment.

What functions are involved?

According to the DoD 8570, these are some (but not all) of the functions that level II IASAE personnel will be expected to perform:

  • Identify information protection needs for the NE
  • Provide system related input on IA security requirements to be included in statements of work and other appropriate procurement documents
  • Design and develop IA or IA-enabled products for use within a NE
  • Develop and implement security designs for new or existing network system(s). Ensure that the design of hardware, operating systems, and software applications adequately address IA security requirements for the NE
  • Design, develop, and implement specific IA countermeasures for the NE
  • Develop approaches to mitigate NE vulnerabilities and recommend changes to network or network system components as needed
  • Develop IA architectures and designs for DoD IS with medium integrity and availability requirements, to include MAC II systems as defined in References (bc) and (h), systems with a medium Level-of-Concern for availability or integrity in accordance with Reference (vu), and other DAA designated systems
  • Assess threats to and vulnerabilities of the NE
  • Ensure that the implementation of security designs properly mitigate identified threats
  • Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate DAA or authorized representative
  • Participate in an IS risk assessment during the C&A process and design security countermeasures to mitigate identified risks
  • Recognize a possible security violation and take appropriate action to report the incident
  • Ensure the implementation of NE IA policies into system architectures

What jobs does it apply to?

Jobs for level II IASAE professionals include Data architect, cybersecurity engineer, cybersecurity architect, and information system security engineer (ISSE).

What are the certification options?

(ISC)² Certified Information Systems Security Professional (CISSP)

(Covered above)

(ISC)² Certified Secure Software Lifecycle Professional (CSSLP)

(Covered above)

CompTIA Advanced Security Practitioner (CASP+)

(Covered above)

Level 3

Level III of the IASAE focuses on professionals with at least 10 years of IASAE experience. According to the DoD 8570, they are responsible for the design, development, implementation, and/or integration of a DoD IA architecture, system, or system component for use within CE, NE, and enclave environments. They ensure that the architecture and design of DoD IS are functional and secure. This may include designs for program of record systems and special purpose environments with platform IT interconnectivity.

What functions are involved?

According to the DoD 8570, these are some (but not all) of the functions that level III IASAE personnel will be expected to perform:

  • Identify information protection needs for the enclave environment
  • Provide input on IA security requirements to be included in statements of work and other appropriate procurement documents
  • Design security architectures for use within the enclave environment
  • Design, develop, and implement security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation for the enclave environment
  • Develop approaches to mitigate enclave vulnerabilities and recommend changes to system or system components as needed
  • Ensure security deficiencies identified during security/certification testing have been mitigated, corrected, or a risk acceptance has been obtained by the appropriate DAA or authorized representative

What jobs does it apply to?

IASAE level III applies to the highest level jobs in the field. These include positions like senior systems engineer, information assurance systems engineer, chief technology officer, and system and network designer.

What are the certification options?

(ISC)² CISSP-ISSAP - Information Systems Security Architecture Professional

The CISSP-ISSAP is a qualification aimed at chief security architects and analysts. The certification demonstrates your ability to develop, design and analyzing security solutions, It also covers advising and providing security guidance to help the organization.

The exam can be up to 3 hours long and contains 125 multiple-choice questions. Candidates need a score of at least 700/1000 to secure a pass.

Jobs for CISSP-ISSAP certified professionals include System architect, chief technology officer, and system and network designer, among others.

(ISC)² CISSP-ISSEP - Information Systems Security Engineering Processional

The CISSP-ISSEP qualification is aimed at security engineering professionals. It demonstrates the candidate’s ability to incorporate security into every level of the business and a range of different operations.

The exam is up to 3 hours long with 150 multiple-choice questions. To pass, you’ll need a score of at least 700/1000.

The CISSP-ISSAP certification is geared towards jobs like Senior systems engineer, information assurance systems engineer, information assurance officer, and information assurance analyst.

CSSP

Analyst

The CSSP Analyst is usually expected to have around 2 years of experience. Responsibilities revolve around using data from a range of sources and tools to analyze events within the environment.

What functions are involved?

According to the DoD 8570, these are some (but not all) of the functions that CSSP Analyst personnel will be expected to perform:

  • Mastery of IAT Level I and IAT Level II CE and/or NE knowledge and skills with applicable certification
  • Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources
  • Assist in the construction of signatures which can be implemented on CSSP network tools in response to new or observed threats within the NE or enclave

What are the certification options?

EC Council Certified Ethical Hacker (CEH)

The Certified Ethical Hacker certification is essentially aimed at teaching hacking skills to the ‘good guys’. A CEH uses the same skills and expertise as a hacker to identify vulnerabilities and help protect organizations.

The exam is 4 hours long and consists of 125 multiple-choice questions. Jobs for CEH professionals include Security Operations Analyst, Cyber Threat Analyst, and CSOC Analyst.

GIAC Certified Intrusions Analyst (GCIA)

A certified GCIA Certified Intrusions Analyst will be qualified to configure and monitor intrusion detection systems. They’ll have the skills and experience to analyze and interpret network files and log traffic.

The exam has a time limit of 4 hours, with 100-150 questions and a passing score of 67%. Jobs for GCIA professionals include IT Security Analyst and Associate Engineer.

GIAC Certified Incident Handler (GCIH)

(Covered above)

GIAC Global Industrial Cyber Security Professional (GICSP)

Global Industrial Cyber Security Professionals are expected to secure Industrial Control Systems, by combining knowledge of IT, cybersecurity, and engineering.

The exam is made up of 115 questions with a time limit of 3 hours and a required passing score of 71%. Jobs include Industrial Security Specialist, Industrial Security Engineer, and Industrial Cybersecurity Expert.

CompTIA Cybersecurity Analyst (CySA+)

(Covered above)

Cisco Certified Network Associate (CCNA) | Security

(Covered above)

Cisco Certified Network Associate (CCNA) | Cyber Ops

The CCNA Cyber Ops certification prepares candidates to begin a career working with associate-level cybersecurity analysts within security operations centers.

CyberSec First Responder (CFR)

The CyberSec First Responder cybersecurity certification program prepares security professionals to become the first responders who defend against cyber attacks by teaching students to analyze threats, design secure computing and network environments, proactively defend networks, and respond/investigate cyber security incidents.

Infrastructure Support

The CSSP Infrastructure Support level requires at least four years’ experience supporting CSSP and/or network systems and technology. Duties are based around handling the infrastructure systems required to manage the network and resources.

What functions are involved?

According to the DoD 8570, these are some (but not all) of the functions that CSSP Infrastructure Support personnel will be expected to perform:

  • Mastery of the appropriate IAT Level I and IAT Level II CE and/or NE knowledge and skills with applicable certification
  • Perform system administration on specialized applications and systems (e.g., anti-virus, or Audit/Remediation) to include installation, configuration, maintenance, and backup/restore
  • Identify potential conflicts with implementation of any tools within the area of responsibility (e.g., tool/signature testing and optimization)

What are the certification options?

EC Council Certified Ethical Hacker (CEH)

(Covered above)

CompTIA Cybersecurity Analyst (CySA+)

(Covered above)

GICSP

(Covered above)

CyberSec First Responder (CFR)

(Covered above)

EC-Council Computer Hacking Forensic Investigator (CHFI)

The purpose of the CHFI credential is to validate the candidate’s skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute in the court of law. The tools and techniques covered in EC-Council’s CHFI program will prepare the student to conduct computer investigations using the latest digital forensics technologies.

(ISC)² Certified Information Systems Security Professional (SSCP)

(Covered above)

Incident Responder

CSSP Incident Responders are expected to have five years of experience in CSSP technology or a similar field. Their role involves investigating and analyzing response activities related to cyber incidents.

What functions are covered?

According to the DoD 8570, these are some (but not all) of the functions that CSSP Incident Responder personnel will be expected to perform:

  • Mastery of the appropriate IAT Level I, IAT Level II, or IAT Level III CE, NE, or enclave knowledge and skills with applicable certification
  • Perform initial, forensically sound collection of images and inspect to discern possible mitigation/remediation on enclave systems
  • Track and document incidents from initial detection through final resolution
  • Correlate incident data and perform trend analysis and reporting
  • Coordinate with intelligence analysts to correlate threat assessment data.
  • Serve as technical experts and liaisons to law enforcement personnel and explain incident details, provide testimony, etc.

What are the certification options?

GIAC Certified Forensic Analyst (GCFA)

The GCFA focuses on the skills required to collect and analyze data from Windows and Linux systems. Professionals will be able to investigate and handle a range of security incidents.

The exam contains 115 questions with a time limit of 3 hours and a passing score of 71%. Jobs for GCFA professionals include Security Analyst and Incident Response Analyst.

EC Council Certified Ethical Hacker (CEH)

(Covered above)

GIAC Certified Incident Handler (GCIH)

(Covered above)

(Covered above)

(Covered above)

(Covered above)

(Covered above)

(Covered above)

(Covered above)

(Covered above)

Auditor

CSSP Auditors generally have two years’ experience in CSSP or a related field. Their job involves assessing different systems and networks and identifying where they deviate from what’s acceptable.

What functions are involved?

According to the DoD 8570, these are some (but not all) of the functions that CSSP Auditor personnel will be expected to perform:

  • Mastery of the appropriate IAT Level I, IAT Level II, or IAT Level III CE, NE, or enclave knowledge and skills with applicable certification
  • Perform vulnerability assessments within the enclave
  • Conduct authorized penetration testing of enclave network assets
  • Prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions

What are the certification options?

ISACA Certified Information Systems Auditor (CISA)

The Certified Information Systems Auditor is qualified in areas related to audit control, assurance and security. It’s designed to prepare candidates to audit and control within organizations and assess vulnerabilities.

The exam is 4 hours long with 150 multiple choice questions. Jobs for CISA certified professionals include Director of Internal Auditing, Director of Cybersecurity, and Security Analyst.

GIAC Systems and Network Auditor (GSNA)

GIAC Systems and Network Auditors are certified to audit information systems and conduct risk analysis.

The exam has a time limit of 3 hours with 115 questions and a passing score of 73%. Jobs for GSNA certified professionals include Cybersecurity Analyst and Defense Assessment Analyst.

EC Council Certified Ethical Hacker (CEH)

(Covered above)

(Covered above)

(Covered above)

Manager

CSSP Managers typically have at least four years of experience in CSSP or a related field. Their job involves overseeing CISSP operations within the organization and helping with risk assessments and management.

What functions are involved?

According to the DoD 8570, these are some (but not all) of the functions that CSSP Manager personnel will be expected to perform:

  • Mastery of the appropriate IAM Level I or IAM Level II CE and/or NE knowledge and skills with applicable certification
  • Manage the publishing of guidance for the enclave constituency
  • Manage threat or target analysis of information and production of threat or target information within the network or enclave environment
  • Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other information
  • Track compliance audit findings, incident after-action reports, and recommendations to ensure appropriate mitigation actions are taken

What are the certification options?

(ISC)² CISSP-ISSMP - Certified Information Systems Security Professional

The CISSP-ISSMP certification demonstrates leadership skills and the ability to establish and manage information security programs.

The exam is up to 3 hours long with 125 multiple choice questions. Candidates need 700/1000 to pass. Jobs for CISSP-ISSMP professionals include high level management roles like Chief Security Officer.

CISM

(Covered above)

(Covered above)

Computing Environment Qualifications

If you’re going to be working with specific software or operating systems, the DoD 8570 also requires some further qualifications. These are:

  • GCWN. This certifies candidates to secure Microsoft Windows clients and servers and protect Windows against a range of threats. It’s an exam with 75 questions and a time limit of two hours.
  • The GCUX certification qualifies candidates to audit and defend UNIX and LINUX systems. As with the GCWN, it takes the form of a two-hour exam with 75 questions.

Becoming DoD 8570 compliant is an important step if you’re working with the DoD or planning to do so. The good news is there are plenty of routes you can take and a lot of support out there, regardless of your current level.