DoDD 8140 | SANS Institute

What is DoDD 8140?

DoD Directive 8140, signed August 2015, establishes a definition for the cyber workforce and outlines Component roles and responsibilities for the management of the DoD cyber workforce. This was a replacement of 8570.01-M whose guidance and procedures is still in effect until such a time it is replaced for the training, certification, and management of all government employees and contractors who conduct cybersecurity functions. The individuals who hold these work roles are required to carry an approved certification for their job classification. GIAC Certifications are among those required for Technical, Management, CSSP, and IASAE classifications.

Who is Affected by DoDD 8140

Any full or part-time military service member, contractor, or local nationals with privileged access to a DoD information system performing information assurance (security) functions -- regardless of job or occupational series.

Office of the Secretary of Defense
Military Departments
Chairman of the Joint Chiefs of Staff
Combatant Commands
Office of the Inspector General of the DoD
Defense Agencies
DoD Field Activities
All other organizational entities in the DoD

DoDD 8140 Requires:

All personnel performing IAT and IAM functions must be certified.
All personnel performing CSSP and IASAE roles must be certified.
All IA jobs will be categorized as 'Technical' or 'Management' Level I, II, or III, and to be qualified for those jobs, you must be certified.

GIAC Certifications Approved for DoDD 8140 - Baseline Information Assurance

TECH I	N/A
TECH II	GSEC^†GICSP
TECH III	GCIH^† GCED
MGT I	GSLC^†
MGT II	GSLC^†
MGT III	GSLC^†
Computer Environment (CE)	GCWN^† GCUX^†
CSSP	GCIA GCIH GICSP
CSSP Incident Responder	GCIH GCFA
CND Auditor	GSNA
CSSP Infrastructure Support	GICSP

SANS Courses Aligning with GIAC 8140 Certifications

TECHNICAL LEVEL	GIAC CERTIFICATION and COORDINATING SANS COURSE
IAT Level II	GSEC: GIAC Security Essentials Certification: SEC401: Security Essentials - Network, Endpoint, and Cloud GICSP: Global Industrial Cyber Security Professional: ICS410: ICS/SCADA Security Essentials
IAT Level III	GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits & Incident Handling GCED: GIAC Certified Enterprise Defender: SEC501: Advanced Security Essentials - Enterprise Defender
MANAGEMENT LEVEL	GIAC CERTIFICATION and COORDINATING SANS COURSE
IAM Level I	GSLC: GIAC Security Leadership Certification: LDR512: Security Leadership Essentials for Managers
IAM Level II	GSLC: GIAC Security Leadership Certification: LDR512: Security Leadership Essentials for Managers
IAM Level III	GSLC: GIAC Security Leadership Certification: LDR512: Security Leadership Essentials for Managers
Computer Environment (CE)	GIAC CERTIFICATION and COORDINATING SANS COURSE
--	GCWN: GIAC Certified Windows Security Administrator: SEC505: Securing Windows with PowerShell and the Critical Security Controls
CSSP Level	GIAC CERTIFICATION and COORDINATING SANS COURSE
CSSP Analyst	GCIA: GIAC Certified Intrusion Analyst: SEC503: Intrusion Detection In-Depth GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits and Incident Handling GICSP: Global Industrial Cyber Security Professional: ICS410: ICS/SCADA Security Essentials
CSSP Incident Responder	GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits and Incident Handling GCFA: GIAC Certified Forensic Analyst: FOR508: Advanced Computer Forensic Analysis and Incident Response
CSSP Auditor	GSNA: GIAC Systems and Network Auditor: AUD507: Auditing Systems, Applications, and the Cloud
CSSP Infrastructure Support	GICSP: Global Industrial Cyber Security Professional: ICS410: ICS/SCADA Security Essentials

Additional SANS Courses Under DOD 8140

LDR414: SANS Training Program for the CISSP Certification
CISSP - IAT Level III, IAM Level II, III

Over the past 4 years, 98% of all respondents, who studied our SANS Training Program for the CISSP Certification and then took the exam passed; compared to a national average of around 70% for other prep courses.

CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.

DoD Approved 8140 Baseline Certifications

IAT Level I	A+ CE CCNA-Security Network+ CE SSCP
IAT Level II	CCNA-Security GICSP GSEC Security+ CE SSCP
IAT Level III	CASP CE CISA CISSP (or Associate) GCED GCIH
IAM Level I	CAP GSLC Security+ CE
IAM Level II	CAP CASP CISM CISSP (or Associate) GSLC
IAM Level III	CISM CISSP (or Associate) GSLC
IASAE Level I	CASP CE CISSP (or Associate) CSSLP
IASAE Level II	CASP CE CISSP (or Associate) CSSLP
IASAE Level III	CISSP-ISSAP CISSP-ISSEP
CSSP Analyst	CEH GCIA GCIH GICSP SCYBER
CSSP Infrastructure Support	CEH GICSP SSCP
CSSP Incident Responder	CEH GCFA GCIH SCYBER
CSSP Auditor	CEH CISA GSNA
CSSP Manager	CISM CISSP-ISSMP

DoDD 8140 - The Future of DoDD 8570

More details on what will be changing, part of DoD8140, will be posted on this page as it becomes available which will be expanded to include personnel assigned to the areas of Cyber Effect, Cybersecurity, Cyber IT, and portions of the Intelligence Workforce. The work roles within the initiative will be based on the NICE Framework.

Additional Information Can Be Found at:

- The DoD Cyber Workforce Framework (DCWF)

- DoD Cyber Workforce Framework Tool

The DoD Cyber Workforce Framework DoD Cyber Workforce Framework Tool

Reviews

Read what others have to say about SANS Training.

Training offered by SANS pertains to best practices so rubber hits the road.

Michael Emmons

- USMC

As our C4 systems become netcentric and more linked with our weapons systems, it is essential that our IA workforce be up to the task of securing our networks. I am proud to be on the cyber defense line with such a competent industry partner that understands the needs of the defense department and is willing to work with us to help accomplish this difficult task.

Mike Knight

- Naval NetWar Command

As part of the Raytheon IIS Information Security Engineering group, we send nearly all of our new hires through the SANS Security Essentials Bootcamp training classes to ensure they have the fundamental skills necessary to work in our environment. We view GIAC certifications as an essential part of this process. GIAC Certification helps ensure both our management and our customers that our employees understand how to build secure systems.

Monty McDougal

- Raytheon

Want to Learn More?

Complete the form to learn more about DoDD 8140.

First Name

Last Name

Phone

Organization

Industry

Accounting

Agriculture

Automotive

Banking/Finance

Business Services/Consulting

Chemicals

Computer Services/Consulting

Computer Software

Consumer Electronics

Consumer Package Goods

Education

Energy - Nuclear

Energy - Oil & Gas

Engineering & Construction

Food & Beverage

Govt - Canada - Civilian - Federal

Govt - Canada - Civilian - Reg or Local

Govt - Canada - Law Enforcement

Govt - Canada - Military

Govt - Contractor

Govt - EMEA Region - Civilian

Govt - EMEA Region - Law Enforcement

Govt - EMEA Region - Military

Govt - Other Regions - Civilian

Govt - Other Regions - Law Enforcement

Govt - Other Regions - Military

Govt - US - Civilian - Federal

Govt - US - Civilian - State or Local

Govt - US - Law Enforcement

Govt - US - Military

Health Care

Hospitality

Insurance - Health

Insurance - Other

Legal

Logistics & Supply Chain

Manufacturing - Aerospace

Manufacturing - Defense

Manufacturing - Industrial

Manufacturing - Other

Media & Entertainment

Metals & Mining

Nonprofit

Other

Pharmaceutical/Biotechnology

Real Estate

Retail Trade

Software

Technology

Telecommunications

Transportation

Travel & Tourism

Utilities - Other

Utilities - Power

Utilities - Water

Wholesale Trade

Country

United States

Canada

United Kingdom

Spain

Belgium

Denmark

Norway

Netherlands

Australia

India

Japan

Singapore

Afghanistan

Aland Islands

Albania

Algeria

American Samoa

Andorra

Angola

Anguilla

Antarctica

Antigua and Barbuda

Argentina

Armenia

Aruba

Austria

Azerbaijan

Bahamas

Bahrain

Bangladesh

Barbados

Belarus

Belize

Benin

Bermuda

Bhutan

Bolivia

Bonaire, Sint Eustatius, and Saba

Bosnia And Herzegovina

Botswana

Bouvet Island

Brazil

British Indian Ocean Territory

Brunei Darussalam

Bulgaria

Burkina Faso

Burundi

Cambodia

Cameroon

Cape Verde

Cayman Islands

Central African Republic

Chad

Chile

China

Christmas Island

Cocos (Keeling) Islands

Colombia

Comoros

Cook Islands

Costa Rica

Croatia (Local Name: Hrvatska)

Curacao

Cyprus

Czech Republic

Democratic Republic of the Congo

Djibouti

Dominica

Dominican Republic

East Timor

Ecuador

Egypt

El Salvador

Equatorial Guinea

Eritrea

Estonia

Ethiopia

Falkland Islands (Malvinas)

Faroe Islands

Fiji

Finland

France

French Guiana

French Polynesia

French Southern Territories

Gabon

Gambia

Georgia

Germany

Ghana

Gibraltar

Greece

Greenland

Grenada

Guadeloupe

Guam

Guatemala

Guernsey

Guinea

Guinea-Bissau

Guyana

Haiti

Heard And McDonald Islands

Honduras

Hong Kong

Hungary

Iceland

Indonesia

Iraq

Ireland

Isle of Man

Israel

Italy

Jamaica

Jersey

Jordan

Kazakhstan

Kenya

Kiribati

Korea, Republic Of

Kosovo

Kuwait

Kyrgyzstan

Lao People's Democratic Republic

Latvia

Lebanon

Lesotho

Liberia

Liechtenstein

Lithuania

Luxembourg

Macau

Madagascar

Malawi

Malaysia

Maldives

Mali

Malta

Marshall Islands

Martinique

Mauritania

Mauritius

Mayotte

Mexico

Micronesia, Federated States Of

Moldova, Republic Of

Monaco

Mongolia

Montenegro

Montserrat

Morocco

Mozambique

Myanmar

Namibia

Nauru

Nepal

Netherlands Antilles

New Caledonia

New Zealand

Nicaragua

Niger

Nigeria

Niue

Norfolk Island

North Macedonia

Northern Mariana Islands

Oman

Pakistan

Palau

Palestine

Panama

Papua New Guinea

Paraguay

Peru

Philippines

Pitcairn

Poland

Portugal

Puerto Rico

Qatar

Reunion

Romania

Russian Federation

Rwanda

Saint Bartholemy

Saint Kitts And Nevis

Saint Lucia

Saint Martin

Saint Vincent And The Grenadines

Samoa

San Marino

Sao Tome And Principe

Saudi Arabia

Senegal

Serbia

Seychelles

Sierra Leone

Sint Maarten

Slovakia

Slovenia

Solomon Islands

South Africa

South Georgia and the South Sandwich Islands

South Sudan

Sri Lanka

St. Helena

St. Pierre And Miquelon

Suriname

Svalbard And Jan Mayen Islands

Swaziland

Sweden

Switzerland

Taiwan

Tajikistan

Tanzania

Thailand

Togo

Tokelau

Tonga

Trinidad And Tobago

Tunisia

Turkey

Turkmenistan

Turks And Caicos Islands

Tuvalu

Uganda

Ukraine

United Arab Emirates

United States Minor Outlying Islands

Uruguay

Uzbekistan

Vanuatu

Vatican City

Venezuela

Vietnam

Virgin Islands (British)

Virgin Islands (U.S.)

Wallis And Futuna Islands

Western Sahara

Yemen

Zambia

Zimbabwe

Message

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Additional Information

Why is SANS the Best source for Cybersecurity Training?

DODD Brochure

SANS Courses

Purchasing Options:

- SANS accepts Government Purchase Cards, Credit Cards, Purchase Orders, and Checks.

- SANS Group Purchasing Program

For More Information About DoDD 8140:

- The DoD8140 Information Assurance Workforce Improvement Program

- The US Department of Defense Chief Information Officer Workforce

- All DoD Cyberspace Workforce-related inquiries and questions should be sent to: OSD.CyberspaceWorkforce-TAG@mail.mil

- Call the Defense Information Assurance Program (DIAP) Office at 1-800-490-1643

Free Course Demos

New Cyber Trends & Training in 2023

2023 Security Awareness Report

Security Policy Templates

Join the Community

Our Mission

Cyber Programs for the U.S. Military