What is DoDD 8140?
DoD Directive 8140, signed August 2015, establishes a definition for the cyber workforce and outlines Component roles and responsibilities for the management of the DoD cyber workforce. This was a replacement of 8570.01-M whose guidance and procedures is still in effect until such a time it is replaced for the training, certification, and management of all government employees and contractors who conduct cybersecurity functions. The individuals who hold these work roles are required to carry an approved certification for their job classification. GIAC Certifications are among those required for Technical, Management, CSSP, and IASAE classifications.
Who is Affected by DoDD 8140
Any full or part-time military service member, contractor, or local nationals with privileged access to a DoD information system performing information assurance (security) functions -- regardless of job or occupational series.
- Office of the Secretary of Defense
- Military Departments
- Chairman of the Joint Chiefs of Staff
- Combatant Commands
- Office of the Inspector General of the DoD
- Defense Agencies
- DoD Field Activities
- All other organizational entities in the DoD
DoDD 8140 Requires:
- All personnel performing IAT and IAM functions must be certified.
- All personnel performing CSSP and IASAE roles must be certified.
- All IA jobs will be categorized as 'Technical' or 'Management' Level I, II, or III, and to be qualified for those jobs, you must be certified.
SANS Courses Aligning with GIAC 8140 Certifications
TECHNICAL LEVEL | GIAC CERTIFICATION and COORDINATING SANS COURSE |
IAT Level II | GSEC: GIAC Security Essentials Certification: SEC401: SANS Security Essentials Bootcamp Style GICSP: Global Industrial Cyber Security Professional: ICS410: ICS/SCADA Security Essentials |
IAT Level III | GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits & Incident Handling GCED: GIAC Certified Enterprise Defender: SEC501: Advanced Security Essentials - Enterprise Defender |
MANAGEMENT LEVEL | GIAC CERTIFICATION and COORDINATING SANS COURSE |
IAM Level I | GSLC: GIAC Security Leadership Certification: MGT512: SANS Security Leadership Essentials For Managers with Knowledge Compression™ |
IAM Level II | GSLC: GIAC Security Leadership Certification: MGT512: SANS Security Leadership Essentials For Managers with Knowledge Compression™ |
IAM Level III | GSLC: GIAC Security Leadership Certification: MGT512: SANS Security Leadership Essentials For Managers with Knowledge Compression™ |
Computer Environment (CE) | GIAC CERTIFICATION and COORDINATING SANS COURSE |
-- | GCWN: GIAC Certified Windows Security Administrator: SEC505: Securing Windows with PowerShell and the Critical Security Controls |
CSSP Level | GIAC CERTIFICATION and COORDINATING SANS COURSE |
CSSP Analyst | GCIA: GIAC Certified Intrusion Analyst: SEC503: Intrusion Detection In-Depth GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits and Incident Handling GICSP: Global Industrial Cyber Security Professional: ICS410: ICS/SCADA Security Essentials |
CSSP Incident Responder | GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits and Incident Handling GCFA: GIAC Certified Forensic Analyst: FOR508: Advanced Computer Forensic Analysis and Incident Response |
CSSP Auditor | GSNA: GIAC Systems and Network Auditor: AUD507: Auditing Networks, Perimeters, and Systems |
CSSP Infrastructure Support | GICSP: Global Industrial Cyber Security Professional: ICS410: ICS/SCADA Security Essentials |
Additional SANS Courses Under DOD 8140
MGT414: SANS +S Training Program for the CISSP Certification
CISSP - IAT Level III, IAM Level II, III
Over the past 4 years, 98% of all respondents, who studied our SANS® +S™ Training Program for the CISSP® Certification Exam and then took the exam passed; compared to a national average of around 70% for other prep courses.
CISSP® exams are not hosted by SANS. You will need to make separate arrangements to take the CISSP® exam.
DoD Approved 8140 Baseline Certifications
IAT Level I | A+ CE CCNA-Security Network+ CE SSCP |
IAT Level II | CCNA-Security GICSP GSEC Security+ CE SSCP |
IAT Level III | CASP CE CISA CISSP (or Associate) GCED GCIH |
IAM Level I | CAP GSLC Security+ CE |
IAM Level II | CAP CASP CISM CISSP (or Associate) GSLC |
IAM Level III | CISM CISSP (or Associate) GSLC |
IASAE Level I | CASP CE CISSP (or Associate) CSSLP |
IASAE Level II | CASP CE CISSP (or Associate) CSSLP |
IASAE Level III | CISSP-ISSAP CISSP-ISSEP |
CSSP Analyst | CEH GCIA GCIH GICSP SCYBER |
CSSP Infrastructure Support | CEH GICSP SSCP |
CSSP Incident Responder | CEH GCFA GCIH SCYBER |
CSSP Auditor | CEH CISA GSNA |
CSSP Manager | CISM CISSP-ISSMP |
DoDD 8140 - The Future of DoDD 8570
More details on what will be changing, part of DoD8140, will be posted on this page as it becomes available which will be expanded to include personnel assigned to the areas of Cyber Effect, Cybersecurity, Cyber IT, and portions of the Intelligence Workforce. The work roles within the initiative will be based on the NICE Framework.
Additional Information Can Be Found at:
Reviews
Additional Information
Why is SANS the Best source for Cybersecurity Training?
Purchasing Options:
- SANS accepts Government Purchase Cards, Credit Cards, Purchase Orders, and Checks.
- SANS Group Purchasing Program
For More Information About DoDD 8140:
- The DoD8140 Information Assurance Workforce Improvement Program
- The US Department of Defense Chief Information Officer Workforce
- All DoD Cyberspace Workforce-related inquiries and questions should be sent to: OSD.CyberspaceWorkforce-TAG@mail.mil
- Call the Defense Information Assurance Program (DIAP) Office at 1-800-490-1643