DoD 8570 IAT Certification and Requirements [Updated 2020]


The US Department of Defense (DoD) hosts a number of directives that set out the requirements of their workforce. DoD 8570, titled “Information Assurance Workforce Improvement Program,” describes the expectations of the DoD in terms of required training, certification and management of DoD workforce members carrying out information assurance (IA) duties.

The directive is specific to those individuals or agencies who have privileged access to DoD systems. Persons who come under the directive include contractors and consultants as well as part-time or full-time military personnel who perform information assurance roles and functions. Personnel affected by DoD 8570 have to be trained according to the directive and also certified against specific skills sets and roles. The types of roles that DoD 8570 describes are those responsible for the protection of vital information that is in the nation’s interests.  

NOTE: DoD 8570 will eventually be replaced by DoD 8140. However, at the time of writing, the manual for DoD 8140 is yet to be published. Creation of manuals for DoD directives often takes several years, and until such a time as the directive is documented, DoD 8570 will remain the key directive for the information assurance workforce at the DoD.

What is the DoD IAT?

The DoD is a highly structured organization with a distinct hierarchy. The overarching structure for IA at the DoD is called the “Information Assurance Workforce, Workforce Improvement Program” (IA WIP). Within this workforce umbrella are two separate categories called Information Assurance Technical (IAT) and Information Assurance Management (IAM).

What are the DoD IAT levels?

There are three category levels within the IAT category:

  • Level 1: Computing environment information assurance
  • Level 2: Network environment information assurance
  • Level 3: Enclave, advanced network and computer information assurance

The category levels reflect the system architecture (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: