Security Certification
Security Training
Internet Storm Center
Cyber Security Graduate School
Security Awareness Training
ICS/SCADA
Penetration Testing
Cyber Defense Foundations
IT Audit
Computer Forensics
Software SecurityWhat is DoDD 8570?
Department of Defense Directive 8570 (DoDD 8570) provides guidance and procedures for the training, certification, and management of all government employees who conduct Information Assurance functions in assigned duty positions. These individuals are required to carry an approved certification for their particular job classification. GIAC certifications are among those required for Technical, Management, CND, and IASAE classifications. SANS courses prepare you to take a GIAC exam.
List of Certification and Training Courses
Who is Affected by DoDD 8570?
Any full or part-time military service member, contractor, or local nationals with privileged access to a DoD information system performing information assurance (security) functions -- regardless of job or occupational series.
- Office of the Secretary of Defense
- Military Departments
- Chairman of the Joint Chiefs of Staff
- Combatant Commands
- Office of the Inspector General of the DoD
- Defense Agencies
- DoD Field Activities
- All other organizational entities in the DoD
DoDD 8570 Requires:
- By the end of CY 2010, all personnel performing IAT and IAM functions must be certified.
- By the end of CY 2011 all personnel performing CND-SP and IASAE roles must be certified.
- All IA jobs will be categorized as 'Technical' or 'Management' Level I, II, or III, and to be qualified for those jobs, you must be certified.
For More Information About DoDD 8570:
- The DoD8570 Information Assurance Workforce Improvement Program Office at http://iase.disa.mil/eta/iawip/
- Call the Defense Information Assurance Program (DIAP) Office at 1-800-490-1643
- Contact 8570@sans.org or call Customer Support at 301-654-7267.
Take a GIAC Short Assessment for DoDD & 8570
| TECH I | TECH II | TECH III |
|---|---|---|
| GSEC† | GCIH† | |
| MGT I | MGT II | MGT III |
| GSLC† | GSLC† | GSLC† |
| Computer Environment (CE) | ||
| GCWN† | ||
| GCUX† | ||
| CNDSP | CNDSP Incident Responder |
CND Auditor |
| GCIA GCIH |
GCIH | GSNA |
Training offered by SANS pertains to best practices so rubber hits the road" - Michael Emmons, USMC
| TECHNICAL LEVEL | GIAC CERTIFICATION and COORDINATING SANS COURSE |
|---|---|
| IAT Level II | GSEC: GIAC Security Essentials Certification: SEC401: SANS Security Essentials Bootcamp Style |
| IAT Level III | GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits & Incident Handling |
| MANAGEMENT LEVEL | GIAC CERTIFICATION and COORDINATING SANS COURSE |
| IAM Level I | GSLC: GIAC Security Leadership Certification: MGT512: SANS Security Leadership Essentials For Managers with Knowledge Compression™ |
| IAM Level II | GSLC: GIAC Security Leadership Certification: MGT512: SANS Security Leadership Essentials For Managers with Knowledge Compression™ |
| IAM Level III | GSLC: GIAC Security Leadership Certification: MGT512: SANS Security Leadership Essentials For Managers with Knowledge Compression™ |
| CND Level | GIAC CERTIFICATION and COORDINATING SANS COURSE |
| CNDSP | GCIA: GIAC Certified Intrusion Analyst: SECEC503: Intrusion Detection In-Depth GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits and Incident Handling |
| CNDSP Incident Responder | GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits and Incident Handling |
| CND Auditor | GSNA: GIAC Systems and Network Auditor: AUD507: Auditing Networks, Perimeters, and Systems |
| IAT Level I | IAT Level II | IAT Level III |
|---|---|---|
| A+ CE Network+ CE SSCP |
GSEC Security+ CE SSCP |
GCIH CISA CISSP (or Associate) |
| IAM Level I | IAM Level II | IAM Level III |
| GSLC CAP Security+ CE |
GSLC CAP CISM CISSP (or Associate) CASP |
GSLC CISM CISSP (or Associate) |
| CNDSP Analyst | CNDSP Infrastructure SUpport | CNDSP Incident Responder | CNDSP Auditor | CNDSP Manager |
|---|---|---|---|---|
| GCIA GCIH CEH |
SSCP CEH |
GCIH CEH CSIH |
GSNA CEH CISA |
CISM CISSP-ISSMP |
| IASAE I | IASAE II | IASAE III |
|---|---|---|
| CISSP (or Associate) CASP |
CISSP (or Associate) CASP |
CISSP-ISSEP CISSP-ISSAP |
DoDD 8140 - The Future of DoDD 8570
DoDD 8570 will be converting to DoDD 8140 in 2013. More details on what will be changing as part of DoDD 8140 will be posted as it becomes available.
Why is GIAC the best certification for 8570?
The GIAC (Global Information Assurance Certification) Program provides assurance to employers that their employees and contractors can actually do the job they are assigned to do. GIAC goes beyond theory and terminology and tests the pragmatics of Audit, Security, Operations, Management and Software Security.
The family of GIAC certifications target actual job-based skill sets, rather than taking a one-size fits all approach to IT Security. GIAC offers more than 20 specialized information security certifications, many of GIAC's certifications are recognized under the DoDD 8570 program.
The GIAC certification process validates the specific skills of security professionals and developers with standards that were developed using the highest benchmarks in the industry. There are over 22,000 GIAC certified professionals in the IT Security industry.
Benefits of GIAC Certification for Managers
- Increased confidence that GIAC certified individuals charged with securing your systems, networks, and software applications actually know how to do the job.
- As a proven indicator of job-related knowledge, GIAC certifications help mangers ensure they have the right people in the right positions.
- GIAC certification helps to ensure that system and network administrators have the actual technical skills sets needed to meet their security responsibilities.
Benefits of GIAC Certification for Individuals
- GIAC certified professionals possess a job-based skill set that favorably influences job security and advancement.
- GIAC certification identifies those individuals who know the tasks required to protect your systems and networks and who have the skills needed to perform those tasks.
- GIAC ensures that certified professionals can keep their skills and knowledge current through periodic recertification and access to the latest, most up-to-date information.
How GIAC Differs from Other Certifications
- Offers over 20 specialized information security certifications, rather than a one-size fits all approach
- Questions based on real scenarios and real data from real tools
- Validates real-world skills
- Ensures knowledge necessary to complete the task at hand
GIAC Exams
GIAC certification exams are administered in an open book and timed format. All GIAC exams are computer based and are required to be taken in a proctored environment. Proctored exam administration is offered through our testing partner, Pearson VUE. For more specific program information, please visit www.giac.org/proctor.
How to Prepare for GIAC Exams
How to Register for GIAC Exams
GIAC exams are not automatically included with SANS training courses. You may add a certification to your training order or you can register for an exam separately.
- To add a certification to your training order, make sure to check the GIAC certification box at the bottom of the registration page.
- If you want to add certification after you have registered, call 301-654-7267.
- To register for a GIAC certification exam not associated with SANS training, go to www.giac.org/reginfo/challenge.php.
If you have question, e-mail info@giac.org.
"As our C4 systems become netcentric and more linked with our weapons systems, it is essential that our IA workforce be up to the task of securing our networks. I am proud to be on the cyber defense line with such a competent industry partner that understands the needs of the defense department and is willing to work with us to help accomplish this difficult task." - Mike Knight, Naval NetWar Command
