The Ultimate Guide to DoD 8570

If you are either a systems security engineer or an IT security contractor who is interested in working for the DoD (Department of Defense), then you need to know about DoD Directive 8570. It is a baseline criterion for operating Department of Defense’s IT systems. Specifically put, it’s a policy designed by DoD’s Information Assurance Workforce Improvement program (AI WIP) that requires all DoD personnel with privileged access to DoD systems, including defense contractors, military service personnel, foreign and civilian employees, to hold certain Information Assurance certifications and training.

The aim of the directive is a skilled, uniform Information Assurance workforce with the ability and knowledge to effectively identify and mitigate attacks against the Department of Defense’s information infrastructures, information systems, and information.

AWS Builder Community Hub

DoD 8570 applies to any part or full-time contractor, member of the military, or local nationals with private access to a DoD system executing information assurance functions, regardless of role or branch of occupation. Hence, defense agencies, combatant commands, military departments, Office of the Secretary of Defense, Office of the DoD Inspector General, and all other organizational bodies within DoD are subjected to its requirements.

DoD Components must individually budget and cover DoD civilian and military IA Workforce members’ recommended certifications. These requirements include the AI WIP period from FY07 to FY10. Also, Components should consist of the sustainment requirements of IA WIP in their budget plans. Also, Services are permitted to utilize appropriated funds to pay for commercial tests (certifications) for uniformed personnel. Whether or not appropriate funding for commercial certifications is available to the service is up to each component.

When it comes to contractors, Components should not pay for them to retain/obtain necessary certifications. However, Components are free to offer additional training on DoD specific or local system procedures.

Signed December 19, 2005, DoD (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dan Virgillito. Read the original post at: