The dod 8570 chart is designed to provide guidance for government agencies (mainly in defense) to categorize and identify certification of personnel conducting Information Assurance (IA) functions.
Defense Information Assurance workforce is broken up into category, specialty, level, and function to for better protection of confidentiality, integrity and availability of DoD information, information systems, and networks.
Information Assurance Profiles DoD 8570:
| IA Management Level I | IAM Level I personnel are responsible for the implementation and operation of an Information System (IS) within their CE. Personnel ensure that IA related IS are functional and secure within the CE. |
| IA Management Level II | IAM Level II personnel are responsible for the IA program of an IS within the NE. Personnel in these positions perform a variety of security related tasks, including the development and implementation of system information security standards and procedures. They ensure that IS are functional and secure within the NE. |
| IA Management Level III | IAM Level III personnel are responsible for ensuring that all enclave IS are functional and secure. They determine the enclaves’ long term IA systems needs and acquisition requirements to accomplish operational objectives. They also develop and implement information security standards and procedures through the certification and accreditation process. |
| IA Technical Level I | IAT Level I personnel make the CE less vulnerable by correcting flaws and implementing IAT controls in the hardware or software installed within their operational systems. |
| IA Technical Level II | IAT Level II personnel provide network environment (NE) and advanced level CE support. They pay special attention to intrusion detection, finding and fixing unprotected vulnerabilities, and ensuring that remote access points are well secured. These positions focus on threats and vulnerabilities and improve the security of systems. IAT Level II personnel have mastery of the functions of the IAT Level I position. |
| IA Technical Level III | PIAT Level III personnel focus on the enclave environment and support, monitor, test, and troubleshoot hardware and software IA problems pertaining to the CE, NE, and enclave environments. IAT Level III personnel have mastery of the functions of both the IAT Level I and Level II positions. |
| CND-SP Analyst (CND-A) | CND-A personnel use data collected from a variety of CND tools (including intrusion detection system alerts, firewall and network traffic logs, and host system logs) to analyze events that occur with their environment. |
| CND-SP Infrastructure Support (CND-IS) | CND-IS personnel test, implement, deploy, maintain, and administer the infrastructure systems which are required to effectively manage the CND-SP network and resources. This may include, but is not limited to routers, firewalls, intrusion detection/prevention systems, and other CND tools as deployed within the NE or enclave. |
| CND-SP Incident Responder (CND-IR) | CND-IR personnel investigate and analyze all response activities related to cyber incidents within the NE or Enclave. These tasks include, but are not limited to: creating and maintaining incident tracking information; planning, coordinating, and directing recovery activities; and incident analysis tasks, including examining all available information and supporting evidence or artifacts related to an incident or event. |
| CND-SP Auditor (CND-AU) | CND-AU personnel perform assessments of systems and networks within the NE or enclave and identify where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. CND-AUs achieve this through passive evaluations (compliance audits) and active evaluations (penetration tests and/or vulnerability assessments). |
| CND-SP Manager (CND-SPM) | CND-SPMs oversee the CND-SP operations within their organization. CND-SPMs are responsible for producing guidance for their NE or enclave, assisting with risk assessments and risk management for organizations within their NE or enclave, and are responsible for managing the technical classifications within their organization. |
| IASAE I | Applies knowledge of IA policy, procedures, and structure to design, develop, and implement CE system(s), system components, or system architectures. |
| IASAE II | Applies knowledge of IA policy, procedures, and workforce structure to design, develop, and implement a secure NE. |
| IASAE III | Responsible for the design, development, implementation, and/or integration of a DoD IA architecture, system or system component for use within CE, NE, and enclave environments |
| General User | A user who is granted use of Government Information Systems (IS) and access to Government networks. This is not an IA position. |
| Power User | Personnel with limited administrative privileges to their PC only. This is not an IA position. |
DoD 8570 Chart is being replaced soon with DoDD 8140, Cyberspace workforce which will have 7 high level categories under a National Initiative for Cybersecurity Education framework:
Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.
These categories are broken down further into a sum total of 31 tasks. It was supposed to be released in 2013, but there is actually no telling when it will come out.
Your DoD8570 chart is WAY (2-3 years?) out of date. It should include CASP, CSSLP, GCFA, CEH
Yep. Thanks. Updated..
wow so now there is no reason for a IAT III to get a CISSP because you can get the CASP.
and they put CEH on the same level as GCIA??? wow
We should make cybersecurity harder not easier.. just my opinion, which don’t mean nada… double negatively speaking.