More on the DoD Directive 8570 Program
In my last post I educated you as to what the Department of Defense (DoD) Directive 8570 is and why you as an IT professional might care. Today I would like to provide you with a little bit more information on the program.
The bottom line, according to the DoD, is that if you plan to have access to sensitive information systems technologies that are hosted by the DoD (as an employee, contractor, etc.), then you need to become Directive 8570-compliant by attaining one or more IT security certification credentials. Here are the specific program requirements [source]:
- 100% of the IA (Information Assurance--another term for "IT security") professionals in DoD and DoD contractors must be certified within the next 3 years
- 40% must be certified by the end of 2008
- All IA jobs will be categorized as 'Technical' or 'Management' Level I, II, or III, and to be qualified for those jobs, you must be certified
Again, in my last post I outlined the vendor-neutral IT security certifications that fulfill the DoD Directive 8570 requirements; please take a look at that article in order to get current with those guidelines.
To answer the question "Okay, I see that I need for and I now want to become certified for DoD 8570. Which certification should I undertake?" you must remember that IT certification is largely a for-profit enterprise.
For instance, the Global Information Assurance Corporation (GIAC) proclaims their certification programs as being the superior solution for DoD Directive 8570 compliance.
On the other hand, ISC(2), I am certain, would love for you to pay for one or more of their IA certification offerings to help you attain your DoD Directive 8570 compliance.
In sum, you need to spend your hard-earned time, money, and effort on the program that best fits with your skills, interests, and professional goals and not get swayed by marketing.
Here is my suggestion as to which direction to take with regard to pursuing your Directive 8570 compliance:
- Review the Directive 8570 certification requirement breakdown and determine if you fit into the Information Assurance Technical (IAT) or Information Assurance Management level, and which level within that tier applies to your job description
- Try to maximize the coverage provided by your chosen security credential. For instance, the Certified Information Systems Security Professional (CISSP) credential maps to several tiers simultaneously
I hope that this brief essay helps clear up some confusion you might have regarding this admittedly cumbersome program.
Related Pearson Resources:
- CISSP Exam Cram 2
- CISSP Training Guide
- Security Warrior
- Maximum Security, Fourth Edition
- The New School of Information Security
- InformIT: Strategic Security
Commentscomments powered by Disqus
Become an InformIT Member
Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.