About the DoD 8570
The table provides a list of DoD approved IA baseline certifications aligned to each category and level of the IA Workforce. Personnel performing IA functions must obtain one of the certifications required for their position, category/specialty and level to fulfill the IA baseline certification requirement. Most IA levels within a category or specialty have more than one approved certification and a certification may apply to more than one level.
An individual needs to obtain only one of the “approved certifications”; for his or her IA category or specialty and level to meet the minimum requirement. For example, an individual in an IAT Level II position could obtain any one of the four certifications listed in the IAT Level II cell.
Higher level IAT and IAM certifications satisfy lower level requirements. Certifications listed in Level II or III cells can be used to qualify for Level I. However, Level I certifications cannot be used for Level II or III unless the certification is also listed in the Level II or III cell. For example:
- The A+ or Network+ certification qualify only for Technical Level I and cannot be used for Technical Level II positions.
- The System Security Certified Practitioner (SSCP) certification qualifies for both Technical Level I and Technical Level II. If the individual holding this certification moved from an IAT Level I to an IAT Level II position, he or she would not have to take a new certification.
Higher level CSSP and IASAE certifications do not satisfy lower level requirements
1. This certification is equivalent to the CND-SP certification cited in the DoD 8570.01-M. The name was changed from CND-SP to CCSP to reflect current terminology in the DoD Instruction 8530.01 “Cybersecurity Activities Support to DoD Information Network Operations.
The DoD CIO has approved an enterprise waiver for DoD Manual 8570 qualification requirements to accommodate personnel facing COVID-19 related restrictions. The attached waiver addresses an expanding need across Components with personnel who are unable to maintain their DoDM 8570 qualifications because of closed testing centers and other COVID-19 related restrictions. The waiver allows Component personnel to continue performing essential cybersecurity functions. See attached waiver here.
Approved Baseline Certifications
Certification Provider & Certification Name
CertNexus * CyberSec First Responder (CFR)
Cisco * Cisco Certified Network Associate-Security (CCNA-Security)
Cisco * Cisco Certified Network Professional-Security (CCNP-Security)
Cisco * Cybersecurity Specialty Certification (SCYBER)
CompTIA * A+ Continuing Education (CE)
CompTIA * Cloud Plus (Cloud+)
CompTIA * Security+ Continuing Education (CE)
CompTIA * CompTIA Advanced Security Practitioner (CASP) (CE)
CompTIA * Network+ Continuing Education (CE)
CompTIA * Cybersecurity Analyst (CySA+ **)
CompTIA * PenTest+
EC-Council * Certified Ethical Hacker (CEH)
EC-Council * Certified Chief Information Security Officer (CCISO)
EC-Council * Computer Hacking Forensics Investigator (CHFI)
EC-Council * Certified Network Defender (CND)
International Information Systems Security Certifications Consortium
(ISC)2 * Certified Information Systems Security Professional (CISSP)
(ISC)2 * Certified Secure Software Lifecycle Professional (CSSLP)
(ISC)2 * Certification Authorization Professional (CAP)
(ISC)2 * Information Systems Security Architecture Professional (ISSAP)
(ISC)2 * Information Systems Security Engineering Professional (ISSEP)
(ISC)2 * Information Systems Security Management Professional (ISSMP)
(ISC)2 * System Security Certified Practitioner (SSCP)
ISACA *Certified Information Security Manager (CISM)
ISACA * Certified Information Systems Auditor (CISA)
GIAC * GIAC Certified Intrusion Analyst (GCIA)
GIAC * GIAC Certified Enterprise Defender (GCED)
GIAC * GIAC Certified Forensic Analyst (GCFA)
GIAC * GIAC Certified Incident Handler (GCIH)
GIAC * GIAC Global Industrial Cyber Security Professional (GICSP)
GIAC * GIAC Security Essentials Certification (GSEC)
GIAC * GIAC Security Leadership Certificate (GSLC)
GIAC * GIAC Systems and Network Auditor (GSNA)
Logical Operations, Inc. * CyberSec First Responder (CFR)