DoD 8570 Clarification

MSP-ITMSP-IT Member Posts: 752 ■■■□□□□□□□
Does the directive only mandate that a single certification be earned in the category of work, or all certifications listed in that category?


  • cyberguyprcyberguypr Senior Member Mod Posts: 6,882 Mod
    Your numbers thew me off. 8570 is what you meant.

    The above table provides a list of DoD approved IA baseline certifications aligned to each category and level of the IA Workforce. Personnel performing IA functions must obtain one of the certifications required for their position, category/specialty and level to fulfill the IA baseline certification requirement. Most IA levels within a category or specialty have more than one approved certification and a certification may apply to more than one level.

    An individual needs to obtain only one of the "approved certifications"; for his or her IA category or specialty and level to meet the minimum requirement. For example, an individual in an IAT Level II position could obtain any one of the four certifications listed in the IAT Level II cell.

    Higher level IAT and IAM certifications satisfy lower level requirements. Certifications listed in Level II or III cells can be used to qualify for Level I. However, Level I certifications cannot be used for Level II or III unless the certification is also listed in the Level II or III cell. For example:

    The A+ or Network+ certification qualify only for Technical Level I and cannot be used for Technical Level II positions.
    The System Security Certified Practitioner (SSCP) certification qualifies for both Technical Level I and Technical Level II. If the individual holding this certification moved from an IAT Level I to an IAT Level II position, he or she would not have to take a new certification.

    Higher level CND-SP and IASAE certifications do not satisfy lower level requirements
  • wikigetwikiget Member Posts: 75 ■■□□□□□□□□
    Short answer: Just one... except CNDSP.

    Long answer:
    - For IAT and IAM: You need (at a minimum) one cert that is at the level (or higher than) the job requires. Therefore, a person with CISSP alone qualifies for any IAT I-III or IAM I-III position.
    - For IASAE: You must have (at a minimum) one cert that is at the level the job requires. You cannot use an IASAE III cert to qualify for IASAE I.
    - For CNDSP: You must have (at a minimum) one cert that applies to the category the job requires. You must also be certified as an IAT at the level required (usually II or III). The only exception is CNDSP-Manager, they require IAM III specifically.
    "Once upon a time, disks were floppy, administrators were electricians and computers were louder then jets. Then it all got complicated." -Anon

    Life of a Network Security Manager:
Sign In or Register to comment.