DoD 8140 | SANS Institute

Download Your Comprehensive Guide to the DoD 8140 Directive

The updated DoD 8140 Qualification Program provides a comprehensive approach to managing cyber workforce talent. It establishes baseline standards for qualifications that directly support operational needs and workforce readiness. With the expansion of the DoD 8140 Cyber Workforce Qualification Program, around 225,000 military, civilian, and contractor positions will have foundational and residential qualification criteria for each DoD Cyber Workforce Framework role.

GIAC offers the largest range of DoD-approved certifications. In this at-a-glance guide to 8140, discover compliance timelines, practical implications, a list of work roles mapped to qualifying GIAC Certifications, and more.

Download the Guide

Who is Affected by DoD 8140

All DoD personnel assigned to positions requiring the performance of cyberspace work, in accordance with the DoD Cyberspace Workforce Framework (DCWF). This includes Service members, DoD civilian employees (including non-appropriated fund employees), personnel who provide contracted services (referred to in this issuance as "contractors"), and foreign nationals.

Office of the Secretary of Defense
Military Departments
Chairman of the Joint Chiefs of Staff
Combatant Commands
Office of the Inspector General of the DoD
US Coast Guard
Defense Agencies
DoD Field Activities
All other organizational entities in the DoD

DoD 8140 Requires:

Foundational Qualification
- Proficiency Levels - Basic, Intermediate and Advanced
- Options - Certification (GIAC), Training (SANS) and Education (SANS EDU)
Residential Qualification
- On the Job Qualification - Always Required
- Environment-Specific Requirements - Component Discretion
Annual Maintenance
- Certification CPE's (Keep Current) or 20 Hours Annually

Compliance Timeline:

DoD Cybersecurity Workforce
- Foundational - 15 February 2025
- Residential - 15 February 2026
DoD Cyberspace IT, Cyberspace Effects, Intelligence (Cyberspace), and Cyberspace Enabler Workforce Elements
- Foundational - 15 February 2026
- Residential - 15 February 2027

8140 Framework Categories

The 8140 Framework Categories are a high-level grouping of common cybersecurity functions. Select a category below to help you identify the right certifications and affiliate training for your current or desired cybersecurity role.

Cyber IT

Personnel who design, build, configure, operate, and maintain IT, networks, and capabilities. This includes actions to prioritize implement, evaluate, and dispose of IT as well as information resource management; and the management, storage, transmission, and display of data and information.

Learn More

Cybersecurity

Personnel who secure, defend, and preserve data, networks, net-centric capabilities, and other designated systems by ensuring appropriate security controls and measures are in place, and taking internal defense actions. This includes access to system controls, monitoring, administration, and integration of cybersecurity into all aspects of engineering and acquisition of cyberspace capabilities.

Learn More

Cyber Enablers

Personnel who perform work roles to support or facilitate the functions of cyber IT, cybersecurity, cyberspace effects, or intelligence workforce (cyberspace) work roles. This includes actions to support acquisition, training and leadership activities.

Learn More

Cyber Effects

Personnel who plan, support, and execute cyberspace capabilities where the primary purpose is to externally defend or conduct force projection in or through cyberspace.

Learn More

Intelligence (Cyberspace)

Personnel who collect, process, analyze, and disseminate information from all sources of intelligence on foreign actors' cyberspace programs, intentions, capabilities, research and development, and operational activities.

Learn More

Software Engineering

Learn More

Data/AI

Coming Soon!

Download Your Comprehensive Guide to the DoD 8140 Directive

First Name

Last Name

Phone

Organization

Industry

Accounting

Agriculture

Automotive

Banking/Finance

Business Services/Consulting

Chemicals

Computer Services/Consulting

Computer Software

Consumer Electronics

Consumer Package Goods

Education

Energy - Nuclear

Energy - Oil & Gas

Engineering & Construction

Food & Beverage

Govt - Canada - Civilian - Federal

Govt - Canada - Civilian - Reg or Local

Govt - Canada - Law Enforcement

Govt - Canada - Military

Govt - Contractor

Govt - EMEA Region - Civilian

Govt - EMEA Region - Law Enforcement

Govt - EMEA Region - Military

Govt - Other Regions - Civilian

Govt - Other Regions - Law Enforcement

Govt - Other Regions - Military

Govt - US - Civilian - Federal

Govt - US - Civilian - State or Local

Govt - US - Law Enforcement

Govt - US - Military

Health Care

Hospitality

Insurance - Health

Insurance - Other

Legal

Logistics & Supply Chain

Manufacturing - Aerospace

Manufacturing - Defense

Manufacturing - Industrial

Manufacturing - Other

Media & Entertainment

Metals & Mining

Nonprofit

Other

Pharmaceutical/Biotechnology

Real Estate

Retail Trade

Software

Technology

Telecommunications

Transportation

Travel & Tourism

Utilities - Other

Utilities - Power

Utilities - Water

Wholesale Trade

Country

United States

Canada

United Kingdom

Spain

Belgium

Denmark

Norway

Netherlands

Australia

India

Japan

Singapore

Afghanistan

Aland Islands

Albania

Algeria

American Samoa

Andorra

Angola

Anguilla

Antarctica

Antigua and Barbuda

Argentina

Armenia

Aruba

Austria

Azerbaijan

Bahamas

Bahrain

Bangladesh

Barbados

Belarus

Belize

Benin

Bermuda

Bhutan

Bolivia

Bonaire, Sint Eustatius, and Saba

Bosnia And Herzegovina

Botswana

Bouvet Island

Brazil

British Indian Ocean Territory

Brunei Darussalam

Bulgaria

Burkina Faso

Burundi

Cambodia

Cameroon

Cape Verde

Cayman Islands

Central African Republic

Chad

Chile

China

Christmas Island

Cocos (Keeling) Islands

Colombia

Comoros

Cook Islands

Costa Rica

Cote D'ivoire

Croatia (Local Name: Hrvatska)

Curacao

Cyprus

Czech Republic

Democratic Republic of the Congo

Djibouti

Dominica

Dominican Republic

East Timor

Ecuador

Egypt

El Salvador

Equatorial Guinea

Eritrea

Estonia

Eswatini

Ethiopia

Falkland Islands (Malvinas)

Faroe Islands

Fiji

Finland

France

French Guiana

French Polynesia

French Southern Territories

Gabon

Gambia

Georgia

Germany

Ghana

Gibraltar

Greece

Greenland

Grenada

Guadeloupe

Guam

Guatemala

Guernsey

Guinea

Guinea-Bissau

Guyana

Haiti

Heard And McDonald Islands

Honduras

Hong Kong

Hungary

Iceland

Indonesia

Iraq

Ireland

Isle of Man

Israel

Italy

Jamaica

Jersey

Jordan

Kazakhstan

Kenya

Kiribati

Korea, Republic Of

Kosovo

Kuwait

Kyrgyzstan

Lao People's Democratic Republic

Latvia

Lebanon

Lesotho

Liberia

Liechtenstein

Lithuania

Luxembourg

Macau

Madagascar

Malawi

Malaysia

Maldives

Mali

Malta

Marshall Islands

Martinique

Mauritania

Mauritius

Mayotte

Mexico

Micronesia, Federated States Of

Moldova, Republic Of

Monaco

Mongolia

Montenegro

Montserrat

Morocco

Mozambique

Myanmar

Namibia

Nauru

Nepal

Netherlands Antilles

New Caledonia

New Zealand

Nicaragua

Niger

Nigeria

Niue

Norfolk Island

North Macedonia

Northern Mariana Islands

Oman

Pakistan

Palau

Palestine

Panama

Papua New Guinea

Paraguay

Peru

Philippines

Pitcairn

Poland

Portugal

Puerto Rico

Qatar

Reunion

Romania

Russian Federation

Rwanda

Saint Bartholemy

Saint Kitts And Nevis

Saint Lucia

Saint Martin

Saint Vincent And The Grenadines

Samoa

San Marino

Sao Tome And Principe

Saudi Arabia

Senegal

Serbia

Seychelles

Sierra Leone

Sint Maarten

Slovakia

Slovenia

Solomon Islands

South Africa

South Georgia and the South Sandwich Islands

South Sudan

Sri Lanka

St. Helena

St. Pierre And Miquelon

Suriname

Svalbard And Jan Mayen Islands

Sweden

Switzerland

Taiwan

Tajikistan

Tanzania, United Republic Of

Thailand

Togo

Tokelau

Tonga

Trinidad And Tobago

Tunisia

Turkey

Turkmenistan

Turks And Caicos Islands

Tuvalu

Uganda

Ukraine

United Arab Emirates

United States Minor Outlying Islands

Uruguay

Uzbekistan

Vanuatu

Vatican City State

Venezuela

Vietnam

Virgin Islands (British)

Virgin Islands (U.S.)

Wallis And Futuna Islands

Western Sahara

Yemen

Zambia

Zimbabwe

Job Title

By providing this information, you agree to the processing of your personal data by SANS as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Additional Information

DoD 8140 Cyber Workforce Qualification Provider Marketplace DoD CIO Cyber Workforce Recording

Reviews

Read what others have to say about SANS Training.

As our C4 systems become netcentric and more linked with our weapons systems, it is essential that our IA workforce be up to the task of securing our networks. I am proud to be on the cyber defense line with such a competent industry partner that understands the needs of the defense department and is willing to work with us to help accomplish this difficult task.

Mike Knight

- Naval NetWar Command

Training offered by SANS pertains to best practices so rubber hits the road.

Michael Emmons

- USMC

As part of the Raytheon IIS Information Security Engineering group, we send nearly all of our new hires through the SANS Security Essentials Bootcamp training classes to ensure they have the fundamental skills necessary to work in our environment. We view GIAC certifications as an essential part of this process. GIAC Certification helps ensure both our management and our customers that our employees understand how to build secure systems.

Monty McDougal

- Raytheon

Courses

Hands-On Simulations

Certifications

Ways to Train

Training Events & Summits

Free Training Events

Security Awareness

Featured: Solutions for Emerging Risks

Discover tailored resources that translate emerging threats into actionable strategies

By Focus Area

By NICE Framework

DoDD 8140 Work Roles

By European Skills Framework

By Skills Roadmap

New to Cyber

Leadership

Degree and Certificate Programs

Featured

New to Cyber resources

Watch & Listen

Read

Download

SANS Community Benefits

CISO Network

Team Development

Leadership Development

Security Awareness

Public Sector Partnerships

Sponsorship Opportunities

US Department of Defense 8140 Mandate

Download Your Comprehensive Guide to the DoD 8140 Directive

Who is Affected by DoD 8140

DoD 8140 Requires:

8140 Framework Categories

Download Your Comprehensive Guide to the DoD 8140 Directive

Additional Information

Reviews