DoD 8570 requires two certifications for compliance, an approved IA certification based on your assigned IAT level and a Computing Environment (CE) certification based on the equipment and software you work with for your primary duties. The DoD 8570 Information Assurance Workforce Improvement Program website has a good FAQ section that answers many questions regarding the requirements. The specific FAR clause for contractors, which references the requirement, is displayed below along with direct links to the DoD source. Show
DISA 8570 IAWIP Frequently Asked Questions: http://iase.disa.mil/eta/iawip/iaetafaq.html#G6 "252.239-7001 Information Assurance Contractor Training and Certification. As prescribed in 239.7103(b), use the following clause: INFORMATION ASSURANCE CONTRACTOR TRAINING AND CERTIFICATION (JAN 2008) (a) The Contractor shall ensure that personnel accessing information systems have the proper and current information assurance certification to perform information assurance functions in accordance with DoD 8570.01-M, Information Assurance Workforce Improvement Program. The Contractor shall meet the applicable information assurance certification requirements, including—
(b) Upon request by the Government, the Contractor shall provide documentation supporting the information assurance certification status of personnel performing information assurance functions. (c) Contractor personnel who do not have proper and current certifications shall be denied access to DoD information systems for the purpose of performing information assurance functions. (End of clause)" Source Link: http://farsite.hill.af.mil/reghtml/regs/far2afmcfars/fardfars/dfars/dfars252_237.htm#P503_29044 8570 IA Baseline Certification Requirement:Source Link: https://iase.disa.mil/iawip/Pages/iabaseline.aspx 8570 Computing Environment (CE) Certification Requirement:The official requirement can be found on page 23 of the current approved DoD 8570.01-M DoD 8570.01-M, December 19, 2005 "C3.2.4.8.3. In addition to the IA baseline certification requirement for their level, IATs with privileged access must obtain appropriate Computing Environment (CE) certifications for the operating system(s) and/or security related tools/devices they support as required by their employing organization. If supporting multiple tools and devices, an IAT should obtain CE certifications for all the tools and devices they are supporting. At a minimum the IAT should obtain a certification for the tool or device he or she spends the most time supporting. For example, if an IAT is spending most of his or her time supporting security functions on a CISCO router, the IAT should obtain a CE certification for that equipment." Source Link: http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf As an extension of Appendix 3 to the DoD 8570.01-Manual, the following certifications have been approved as IA baseline certifications for the IA Workforce. Personnel performing IA functions must obtain one of the certifications required for their position category or specialty and level. Refer to Appendix 3 of 8570.01-M for further
implementation guidance. Approved Baseline Certifications
The above table provides a list of DoD approved IA baseline certifications aligned to each category and level of the IA Workforce. Personnel performing IA functions must obtain one of the certifications required for their position, category/specialty and level to fulfill the IA baseline certification requirement. Most IA levels within a category or specialty have more than one approved certification and a certification may apply to more than one level. An individual needs to obtain only one of the “approved certifications”; for his or her IA category or specialty and level to meet the minimum requirement. For example, an individual in an IAT Level II position could obtain any one of the four certifications listed in the IAT Level II cell. Higher level IAT and IAM certifications satisfy lower level requirements. Certifications listed in Level II or III cells can be used to qualify for Level I. However, Level I certifications cannot be used for Level II or III unless the certification is also listed in the Level II or III cell. For example:
Higher level CSSP and IASAE certifications do not satisfy lower level requirements 1. This certification is equivalent to the CND-SP certification cited in the DoD 8570.01-M. The name was changed from CND-SP to CCSP to reflect current terminology in the DoD Instruction 8530.01 “Cybersecurity Activities Support to DoD Information Network Operations. The table below lists the Certification Providers associated with each approved certification. IA Workforce Certification Providers
The GIAC GSE and GISF were removed from the approved list on 25 January 2013. Individuals holding one of these certifications to qualify for their current IA position will remain qualified. However, a different certification may be required once the GIAC GSE or GISF expires or if the individual changes positions requiring a different certification. * This organization is the sole propriety owner of the memberships, site licenses, preassessments, test vouchers, and all other materials related to this certification and their association. ** CySA+ is a CompTIA certification formerly listed as CSA+. The exam and the official name of the certification remain the same, only the acronym has changed. What is 8140 DoD Directive?DoD 8140 Defined
Reissues and renumbers DoD 8570 to update and expand established DoD policies and assigned responsibilities for managing the DoD cyberspace workforce. Authorizes the establishment of a DoD cyberspace workforce management council to ensure that the requirements of this directive are met.
What DoD Directive requires that information?What DoD directive requires that information security professionals in the government earn professional certifications? The (ISC) 2 Systems Security Certified Practitioner (SSCP) credential covers the seven domains of best practices for information security.
What is the main purpose of DoD Directive 8570.01 quizlet?The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information.
What is the primary focus of US DoD Directive 8570 quizlet?What is the main purpose of DoD Directive 8570? A. It requires that the DoD workforce including contractors have a minimum level of training and certifications to perform their job duties.
Which of the following types of certifications validates the holders have met the baseline of understanding required by all cybersecurity job positions?CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career.
|