Demystifying DoD Directives 8140 and 8570

Demystifying DoD Directives 8140 and 8570

Getting your foot in the door as an IT professional with the Department of Defense (DoD) is no easy task. There are a lot of boxes to tick to even be considered. However, Veterans, with their service history and various levels of security clearances, are uniquely poised to leverage their military experience and skills when it comes to landing these lucrative roles.

The key to successfully securing an IT or tech-related job at the DoD lies in understanding and complying with Directives 8570 and 8140.

A DoD Directive Snapshot

In a nutshell, DoD Directives are policy documents outlining what is required by the legislation, President, or Secretary of Defense to initiate, govern or regulate the DoD’s actions and conduct. They spell out expectations, requirements, and all parameters needed for the agency to function.

Two of these Directives apply specifically to IT professionals: Directive 8570 and Directive 8140.

Directive 8570 was created in 2005 in response to the growing need for qualified cybersecurity professionals. It outlined what the DoD required in terms of cybersecurity training, certification, and workforce management.

Directive 8140 replaced Directive 8570 in 2015. It updated the existing Directive and incorporated information from the Defense Cybersecurity Workforce Framework and the DoD Joint Cyberspace Training and Certification Standards (JCT&CS) to:

  • Expand the roles covered by Directive 8570.
  • Update and expand the DoD’s policies and assigned responsibilities associated with managing the DoD cyberspace workforce.
  • Establish a DoD cyberspace workforce council to monitor requirement compliance.
  • Unify the DoD’s cyberspace workforce and establish standardized work roles, qualifications, and training requirements.

How Directive 8570/8140 impacts employment with the DoD

These Directives dictate that anyone accessing the DoD’s information systems must meet certain compliance requirements, including holding certifications accredited by the American National Standard Institute (ANSI). Whether you are working for the DoD full-time, part-time, as a military service member, as a contractor, or as a local national, it doesn’t matter. The Directives apply to everyone.

Per the Directives, there are three levels of certification for Information Assurance Technicians (IAT) and Information Assurance Management (IAM) professionals. (Information Assurance is synonymous with cybersecurity.) Anyone wishing to hold these kinds of positions at the DoD must obtain and maintain at least one of the certifications required for the relevant job level.

Which means if you want to work in IT at the DoD, you’ve got to be certified.

Where a DoD Certification comes from matters

Directives 8570 and 8140 were created to ensure that DoD tech employees meet consistent, standardized criteria. This means you can’t get training and certifications from just anywhere.

The DoD and ANSI vet training and certification programs to check whether they meet the Directives’ regulations. It’s important to know which vendors are approved and accepted to avoid spending your time and money in the wrong place.

CCS Learning Academy is a hub for this information. Our course catalog contains the right learning from the right sources and puts it all in one place. We partner with DoD-approved training and certification vendors like CompTIA, (ISC)2, ISACA, and others to provide certifications that are industry standard, globally recognized, and vendor neutral. Whether you work for the DoD or not, these certifications get employers’ attention and indicate high-level competency.

See our DoD-approved certification courses here.

Finding Your DoD Certification Path

The DoD’s digital and cybersecurity landscape is vast. Even current working IT professionals struggle to determine which trainings and certifications are needed for which DoD roles. If you’re a transitioning Veteran, figuring this out is a daunting task. Which roles should you even consider?

This is where CCS Learning Academy becomes a valuable resource.

Not only do we stay up-to-date on the current trends and demands in the tech sector as a whole, but we also stay apprised of the DoD’s ever-evolving menu of IT roles and the associated trainings and certifications needed to secure them.

As an organization that works with Veterans on a regular basis, we excel at connecting the dots between your past military experience and your future civilian IT career. For instance, we know that the skills needed to plan mission logistics for an entire squad can translate into a cybersecurity project management role or system administration position.

We work with you to clearly understand your capabilities, provide options, and help you map out a clear path that gets you going, saves you time, and gets you to your dream job as quickly as possible.

Download this guide to DoD-approved baseline certifications.

Earning These Certifications Opens A Lot of IT Doors

Complying with the Directives isn’t easy. The required training and certifications demand significant time and money commitments. However, the payoff for having them on your resume is huge.

Once you have the needed certification(s), you qualify for a wide range of DoD roles in the following categories:

  • Security Provision, including jobs related to architecture, engineering, operations that include information assurance compliance, software, security engineering, system development, research, etc.
  • Operate/Maintain, including jobs related to customer service, tech support, data administration, knowledge management, network service and security analysis.
  • Protect/Defend, including jobs related to cybersecurity prevention, defense analysis, incident reporting, vulnerability assessment and related areas.
  • Analysis, including jobs related to different types of network analysis, resource intelligence, exploitation analysis, threat analysis, etc.
  • Operate/Collect, including jobs related to cyber operations and planning, collection operations, planning and implementation.
  • Oversight and Development, including jobs related to the legal consequences of conducting operations in the digital realm, with emphasis on planning, education, and awareness.
  • Investigate, including jobs related to investigations and forensics work in online security or related issues.

These certifications also position you well for employment with major private companies, like Microsoft, Facebook, Wells Fargo, and others.

Discover our parent company’s Veteran Placement Program.


The tech sector, particularly cybersecurity, is booming. The DoD is just the tip of the iceberg when it comes to employers looking for experts. Getting the training and certifications required by Directives 8140/8570 is the gateway to all these opportunities and a vibrant career in tech. Let’s get you started!

Want to learn more about the training and certifications needed to work with the DoD? Need help mapping out your learning path? We’re here to help! Contact us to get started.