What is DoDD 8570?

Department of Defense Directive 8570 has been replaced by the DoD CIO as DoDD 8140; DoDD 8570 is now part of a larger initiative that falls under the guidelines of DoDD 8140. DoDD 8140 provides guidance for the training and certification of government employees who conduct Information Assurance functions in assigned duty positions. These individuals must carry an approved certification for their particular job classification. GIAC certifications are among those required for Technical, Management, CSSP, and IASAE classifications.

Who is Affected by DoDD 8570?

Any full or part-time military service member, contractor, or local nationals with privileged access to a DoD information system performing information assurance (security) functions -- regardless of job or occupational series.

  • Office of the Secretary of Defense
  • Military Departments
  • Chairman of the Joint Chiefs of Staff
  • Combatant Commands
  • Office of the Inspector General of the DoD
  • Defense Agencies
  • DoD Field Activities
  • All other organizational entities in the DoD

DoDD 8570 Requires:

  • By the end of CY 2010, all personnel performing IAT and IAM functions must be certified.
  • By the end of CY 2011 all personnel performing CSSP and IASAE roles must be certified.
  • All IA jobs will be categorized as 'Technical' or 'Management' Level I, II, or III, and to be qualified for those jobs, you must be certified.

For More Information About DoDD 8570:

GIAC Certifications Approved for DoD 8570 Baseline Information Assurance

TECH I

TECH II

TECH III

GSEC
GICSP

GCIH
GCED

MGT I

MGT II

MGT III

GSLC

GSLC

GSLC

Computer Environment (CE)

GCWN

CSSP

CSSP
Incident Responder

CND Auditor

CSSP Infrastructure Support

GCIA
GCIH
GICSP

GCIH
GCFA

GSNA

GICSP

Training offered by SANS pertains to best practices so rubber hits the road" - Michael Emmons, USMC

SANS Courses Aligning with GIAC 8570 Certifications

TECHNICAL LEVEL

GIAC CERTIFICATION and COORDINATING SANS COURSE

IAT Level II

GSEC: GIAC Security Essentials Certification: SEC401: SANS Security Essentials Bootcamp Style
GICSP: Global Industrial Cyber Security Professional: ICS410: ICS/SCADA Security Essentials

IAT Level III

GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits & Incident Handling
GCED: SEC501: Advanced Security Essentials - Enterprise Defender

MANAGEMENT LEVEL

GIAC CERTIFICATION and COORDINATING SANS COURSE

IAM Level I

GSLC: GIAC Security Leadership Certification: MGT512: Security Leadership Essentials for Managers

IAM Level II

GSLC: GIAC Security Leadership Certification: MGT512: Security Leadership Essentials for Managers

IAM Level III

GSLC: GIAC Security Leadership Certification: MGT512: Security Leadership Essentials for Managers

Computer Environment (CE)

GIAC CERTIFICATION and COORDINATING SANS COURSE

--

GCWN: GIAC Certified Windows Security Administrator: SEC505: Securing Windows with PowerShell and the Critical Security Controls

CSSP Level

GIAC CERTIFICATION and COORDINATING SANS COURSE

CSSP Analyst

GCIA: GIAC Certified Intrusion Analyst: SEC503: Intrusion Detection In-Depth
GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits and Incident Handling
GICSP: Global Industrial Cyber Security Professional: ICS410: ICS/SCADA Security Essentials

CSSP Incident Responder

GCIH: GIAC Certified Incident Handler: SEC504: Hacker Techniques, Exploits and Incident Handling
GCFA: GIAC Certified Forensic Analyst: FOR508: Advanced Computer Forensic Analysis and Incident Response

CSSP Auditor

GSNA: GIAC Systems and Network Auditor: AUD507: Auditing Networks, Perimeters, and Systems

CSSP Infrastructure Support

GICSP: Global Industrial Cyber Security Professional: ICS410: ICS/SCADA Security Essentials

DoD Approved DoDD 8570 Baseline Certifications

IAT Level I

IAT Level II

IAT Level III

A+ CE
CCNA-Security
Network+ CE
SSCP

CCNA-Security
GICSP
GSEC
Security+ CE
SSCP

CASP CE
CISA
CISSP (or Associate)
GCED
GICSP
GCIH

IAM Level I

IAM Level II

IAM Level III

CAP
GSLC
Security+ CE

CAP
CASP
CISM
CISSP (or Associate)
GSLC

CISM
CISSP (or Associate)
GSLC

IASAE Level I

IASAE Level II

IASAE Level III

CASP CE
CISSP (or Associate)
CSSLP

CASP CE
CISSP (or Associate)
CSSLP

CISSP-ISSAP
CISSP-ISSEP

CSSP Analyst

CSSP Infrastructure Support

CSSP Incident Responder

CSSP Auditor

CSSP Manager

CEH
GCIA
GCIH
GICSP
SCYBER

CEH
GICSP
SSCP

CEH
GCFA
GCIH
SCYBER

CEH
CISA
GSNA

CISM
CISSP-ISSMP

DoDD 8140 - The Future of DoDD 8570

DoDD 8570 will be converting to DoDD 8140 in the future. More details on what will be changing as part of DoDD 8140 will be posted as it becomes available.

Why is GIAC the best cyber security certification for 8570?

The GIAC Certifications Program provides assurance to employers that their employees and contractors can actually do the job they are assigned to do. GIAC goes beyond theory and terminology and tests the pragmatics of Audit, Security, Operations, Management and Software Security.

The family of GIAC certifications target actual job-based skill sets, rather than taking a one-size fits all approach to IT Security. GIAC offers more than 40 specialized information security certifications, and many of GIAC's certifications are recognized under the DoDD 8570 program.

The GIAC certification process validates the specific skills of security professionals and developers with standards that were developed using the highest benchmarks in the industry. There are over 22,000 GIAC certified professionals in the IT Security industry.

Benefits of GIAC Certification for Managers

  • Increased confidence that GIAC certified individuals charged with securing your systems, networks, and software applications actually know how to do the job.
  • As a proven indicator of job-related knowledge, GIAC certifications help mangers ensure they have the right people in the right positions.
  • GIAC certification helps to ensure that system and network administrators have the actual technical skills sets needed to meet their security responsibilities.

Benefits of GIAC Certification for Individuals

  • GIAC certified professionals possess a job-based skill set that favorably influences job security and advancement.
  • GIAC certification identifies those individuals who know the tasks required to protect your systems and networks and who have the skills needed to perform those tasks.
  • GIAC ensures that certified professionals can keep their skills and knowledge current through periodic recertification and access to the latest, most up-to-date information.

How GIAC Differs from Other Certifications

  • Offers over 30 specialized information security certifications, rather than a one-size fits all approach
  • Questions based on real scenarios and real data from real tools
  • Validates real-world skills
  • Ensures knowledge necessary to complete the task at hand

"As our C4 systems become netcentric and more linked with our weapons systems, it is essential that our IA workforce be up to the task of securing our networks. I am proud to be on the cyber defense line with such a competent industry partner that understands the needs of the defense department and is willing to work with us to help accomplish this difficult task." - Mike Knight, Naval NetWar Command