 |
 |
 |
 |
 |
|
|
|
|
|
DoD Directive 8570 Questions and AnswersCertifications Table
What is DoD Directive 8570.1?Department of Defense Directive 8570 provides guidance and procedures for the Training, Certification, and Management of all government employees who conduct Information Assurance functions in assigned duty positions. These individuals are required to carry an approved certification for their particular job classification as well as Operating system certification for the operating system they support. The ultimate vision of the Directive is a sustained, professional IA workforce with the knowledge and skills to effectively prevent and respond to attacks against DoD information, information systems, and information infrastructures. This effort will enable DoD to put the right people with the right skills in the right place. Who needs to be certified?Information Assurance Technical (IAT) and IA Management (IAM) personnel must be fully trained and certified to baseline requirements to perform their IA duties. The policy defines IAT workforce members as anyone with privileged information system access performing IA functions. IAM personnel perform management functions for DoD operational systems described in the Manual. How long until I have to become certified?Components are required to have all identified IA personnel certified to the baseline requirement within five fiscal years of the Manual’s publication date (19 Dec 2005). FY 06 is the planning year to develop Component and local IA Workforce Improvement Program (IA WIP) implementation plans. The Manual requires 10 percent of the IA workforce to become certified in FY07 and an additional 30 percent each fiscal year following. By the end of FY 2010, all personnel performing IA functions described in the DoD 8570.01-M should be certified. What can I do now to prepare for certification requirements?Information Assurance Technical (IAT) and IA Management (IAM) personnel are strongly encouraged to complete DoD internally available training (e.g., Service Schoolhouse IA courses, DISA web based training) or external training currently supported by your Component for courses with learning objectives directly aligned to baseline certifications outlined in the Manual. What can my Component do to prepare for requirements?Components should identify IA workforce positions and personnel based on the categories, levels, and functions for IAT and IAM levels I – III described in DoD 8570.01-M. Positions/personnel performing specialized functions for the Computing, Network, or Enclave Environment should be included as IAT or IAM Levels I – III based on the environment within in which they are working. Specialized IA positions include Certification and Accreditation, Computer Network Defense, Vulnerability Analysts, and Information System Architects and Engineers (defined below) (see question on “Identifying the IA Workforce” below and “Who needs to be certified?” above for more information): Certification and Accreditation: Personnel who support the documentation and compliance with the standard process, set of activities, general tasks, and management structure to certify and accredit DoD information systems that will maintain the information assurance and security posture of the Defense Information Infrastructure (DII). Computer Network Defense: Computer Network Defense (CND) personnel provide CND situational awareness, implement CND protect measures, monitor and analyze network alerts in order to detect unauthorized activity, and implement CND operational direction. CND Services are commonly provided by Computer Emergency or Incident Response Teams (CERT/CIRT) and may be associated with a Network Operations Center (NOSC). Information System Architecture and Engineering: Personnel who design, develop, implement, and/or integrate a DoD IA architecture, system, or system component for use in IA level I, II, or III environments. They may perform these tasks at either Technical or Management levels depending on whether they have privileged access or perform management type tasks. Vulnerability Analysts (VA): Provide on site information system analysis to develop and provide a site “security profile”. Vulnerability Analysts travel to various sites to collect and analyze system configuration data to provide an accurate security profile to the local IAM. If I fail a certification can I retake the exam?Yes. The 8570.1 and 8570.01-M do not set a limit on the number of times a person may attempt to qualify for certification. However, Components must support at least one retest attempt but may set a limit on the number of additional retests they will support. Remember, until a DoD military or civilian employee completes the requirements of the IA WIP, to include becoming fully certified, they are not authorized to fill an IAT or IAM billet (after the 4 year implementation phase). If the member’s Component has set a limit on the number of retest attempts, an individual may take a subsequent test at their own expense. If they qualify for certification, then they would qualify to fill an IAT or IAM position (assuming they meet the other requirements such as background investigation, OJT, etc.). I already hold a certification listed in DoD 8570.01-M, what more will I need to do?Make certain that your certification status is documented in the appropriate personnel database of record. Also, you will need to maintain your certification status by completing continuous learning requirements as defined by your respective certification provider (e.g., ISC2, ISACA, CompTIA, etc.). Note that all certifications included in the Manual currently do require or will require in the near future, continuous learning as part of their certification requirements. You are encouraged to monitor current certification provider activity to see if they have imposed additional continuous learning requirements. What are the contractor certification implementation requirements?Contractors performing IA functions on a DoD system must meet the certification requirements established in the DoD 8570.01-M for the category and level functions in which they are performing. As with the military and civilian IA workforce, contractors have until 2010 to meet the requirements of the 8570.01-M. The requirement is for 10% to be certified in 2007 and 30% each year following. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||