8570 - IAM III Prereqs

CISPhD · December 2012

TE,

A quick and simple question here that for whatever reason, I can't seem to google an answer to. When pursuing the IAM III DoD standard, are you required to obtain all certs from the IAM II and I categories as well, or can one simply obtain the GSLC, CISM, and CISSP certs without having to worry about the CAP, GISF, and Sec+ certs?

Thanks,
C

the_Grinch · December 2012

It is my understanding that you would only need the certs that fall under the IAM III level.

CISPhD · December 2012

Some additional information provided in the linked document indicates you need only one of the certs listed in the given category, and not all of them.

http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf

JDMurray · December 2012

Unless otherwise specified, you only need one certification from the one category you are trying to qualify for. Note that each IA category has a set of qualifications that must be met, and that obtaining specific certification(s) is only part of those qualifications. Appendix 3 os the PDF CISPhD linked has FAQ information on the IT certifications for 8570.01.

Psyco32 · December 2012

It's 1 certification from the category. So, IAM III would be either CISSP, GSLC, or CISM. The newest change is now you are also required to have a computing enviroment (CE) certification in the area you primarilly work. DoD Mandate 8570 states that in addition to the baseline IA certification requirement for their level, Information Assurance Technicians (IATs) with privileged access MUST OBTAIN APPROPRIATE COMPUTING ENVIRONMENT (CE) CERTIFICATIONS for the operating system(s) they support. (e.g. appropriate level of Microsoft certifications for Microsoft systems support technicians, Cisco certifications for Cisco technicians, and so on).

CISPhD · December 2012

Key excerpt as JD mentioned:

AP3.2.2. A certification may apply to more than one level.
AP3.2.3. Most IA levels within a category or specialty have more than one approved certification.
AP3.2.4. An individual needs to obtain only one of the “approved certifications” for his or her IA category or specialty and level to meet the minimum requirement. For example, an individual in an IAT Level II position could obtain any one of the four certifications listed in the corresponding cell.
AP3.2.4.1. Higher level IAT certifications satisfy lower level requirements. Certifications listed in Level II or III cells can be used to qualify for Level I. However, Level I certifications cannot be used for Level II or III unless the certification is also listed in the Level II or III cell. For example:
AP3.2.4.1.1. The A+ or Network+ certification qualify only for Technical Level I and cannot be used for Technical Level II positions.
AP3.2.4.1.2. The System Security Certified Practitioner (SSCP) certification qualifies for both Technical Level I and Technical Level II. If the individual holding this certification moved from an IAT Level I to an IAT Level II position, he or she would not have to take a new certification.
AP3.2.5. Higher-level IAM certifications satisfy lower level requirements. Certifications listed in Level II or III cells can be used to qualify for Level I. However, Level I certifications cannot be used for Level II or III unless the certification is also listed in the Level II or III cell.

the_hutch · December 2012

As others have already said, just the one cert from your category should be sufficient.

8570 - IAM III Prereqs

Comments