Cybersecurity Certifications Are Approved for DoD 8570?

DoD Directive 8570 did not specify which cybersecurity certifications meet the policy requirements. Instead, 8570.01-m was established to provide them. 8570.01-m is still used and actively managed by the DoD. An 8140 manual is expected to be released in the next year.

Personnel required to obtain specific cybersecurity certifications for their position category may need training. DoD Directive 8570.01-m does not specify training requirements, so IT pros need to decide what training options will best prepare them for certification.
How to Become DoD 8570.01-m Compliant

DoD Directive 8570 and 8140 use 8570.01-m to outline cybersecurity certification requirements for specific job categories. Most DoD-related organizations are required to comply. Examples include cybersecurity workers in the Air Force and workers performing DoD work with defense contractors, such as General Dynamics IT (GDIT).

Personnel receive a position category, such as IAT II. The category determines which certifications will satisfy the requirement. For example, someone in an IAT II role could earn CompTIA Security+ for DoD 8570 compliance. You will learn more about position categories in the next article of this series.

For more information on how to comply with DoD 8570.01-m, read Steps to Obtain a DoD 8570 Baseline Certification at the DoD Cyber Exchange.
What’s the Difference Between 8570 vs. 8570.01-m vs. 8140?

Directive 8140 is the updated version of Directive 8570; it was created to expand work roles. Directive 8140 leverages workforce frameworks, such as the Defense Cybersecurity Workforce Framework (DCWF) (based off the National Initiative for Cybersecurity Education (NICE) framework) to identify seven broad categories, 33 specialty areas and 54 work roles.

DoD Directive 8570.01-m has accompanied both Directives 8570 and 8140 and lists cybersecurity job position categories and certification requirements. The 8140 manual is expected to identify new requirements including cybersecurity certifications, training and on-the-job experience, but those won’t be known until the new manual is released.

Stay tuned for two more articles that dive further into these DoD directives. In the next article, we’ll tackle the rationale for DoD 8140 and discuss its goals in more detail.
More Info: jobs you can get with a+ certification

Comments

Post a Comment

Popular posts from this blog

DDoS Attack Mean for My Security?

You need to prepare and plan to manage a DDoS attack against your systems. You need to monitor, generate alerts, and quickly diagnose a DDoS attack in progress. The next step is shutting down the attack quickly without affecting your users. You can block the IP addresses using your Next-Gen Firewall, or close inbound traffic to the targeted system and failover to a backup. There are other response plans you can implement, make sure to have one. Some CDNs, like Cloudflare, also act as a reverse proxy which can further protect your WordPress site from DDoS attacks. An HTTP Flood attack, for example, is an application layer attack that targets a web server on the target and uses many fast HTTP requests to bring the server down. Think of it as pressing the refresh button in rapid-fire mode on your game controller. That kind of traffic from many thousands of computers at once will quickly drown the webserver. Who should consider using a CDN: Most websites can benefit from integrating a CDN
Read more

Profiling Hackers in the MITRE ATT&CK Navigator

Using the MITRE ATT&CK Navigator or similar tools, organizations can categorize attacks by specific threat groups and threat actors. It is even possible to profile the technologies and the procedures attackers use. In short, you will have a strong idea of the next move your opponents are going to make. Notice that each of the technologies is categorized into a version of the hacker lifecycle. The top of the page reads Initial access, Execution, Persistence, Privilege Escalation and so forth. These are the general steps that attackers take as they compromise a network. The MITRE ATT&CK Navigator then allows you to profile specific attack groups. Each group profiles an actual group of cyberattackers. Using this model, you can quickly identify how each group operates. Going back to my baseball analogy, imagine if you knew that a group of pitchers behaved a certain way. Now, you can profile that behavior and train your batters to best address how those pitchers are trying to defea
Read more

The Importance of Post-Attack Analysis

Comprehensive visibility into an organization’s network activity is essential not only to quickly combat DDoS threats, but also to enable compliance reporting and archive security event data that enables security audits and forensic analysis of past threats. Organizations can learn from past attacks to uncover hidden patterns of data and identify emerging vulnerabilities within the massive streams of security event data Without this level of visibility, it is impossible to determine how effectively an attack was mitigated and whether there were any false-positives which led to collateral damage that substantiates any service level agreement (SLA) claims. For over a decade, Corero has been providing state-of-the-art, highly-effective, automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall®  DDoS mitigation solutions  protect on-premise, cloud, virtual and hybrid environments.   Moreover, cloud-based DDoS defenses a
Read more