DoD 8570 IAM Certification – Level I

What is the DoD IAM Level 1?

The Department of Defense (DoD) directive 8570 provides guidance on how the DoD workforce manages and executes Information Assurance (IA) functions. IA Technical (IAT) and IA Management (IAM) personnel are DoD workers that support certification and accreditation (C&A) or assessment and authorization (A&A) activities for DoD information systems.

IAT and IAM personnel are expected to be trained and certified in order to perform their job duties. Depending on their job duties, they are required to be Level 1, Level 2 or Level 3 certified. DoD 8570.01-M defines the requirements for DoD IA personnel.

Cloud Native Now

What are the DOD IAM Level 1 Certifications?

The IAM Level 1 certifications include:

  • Certified Authorization Professional (CAP)
  • CompTIA Security+ CE

The Certified Authorization Professional (CAP) is an (ISC)2 certification that proves experience with the Risk Management Framework (RMF). The RMF is the authorization process for government information systems. Unless there is an exception or waiver requested, only systems that have successfully gone through the RMF process are authorized to operate in government spaces and/or connect to government provided networks. IAM personnel are responsible for authorizing or approving RMF policy and procedure documents, so it is important they know and understand the RMF. That is why this is a valued certification.

The CompTIA Security+ CE certification assesses baseline cybersecurity skills and may be the most popular of the IAM Level 1 certifications for DoD 8570 compliance. It is vendor neutral and ensures the receiver has basic networking, encryption, risk management and risk mitigation skills.

What are Common IAM Level 1 Job Positions?

IAM personnel are responsible for the implementation and secure operation of information systems. It is important for IAM personnel to understand the entire lifecycle of IT systems to help them better manage the infrastructures of which they (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Tyra Appleby. Read the original post at: