ConvoCourses

Cyber Security Compliance and IT Jobs

8140

dodd 8140 cyberspace workforce management

by Leave a Comment

What is the DoD Directive 8140?
DoD 8140, Cyberspace workforce will supersede DoD 8570 as the guide for selecting the personnel with the correct certifications, skills and experience.

Where is the DoDD 8140.01, Cyberworkforce going?
8140 manual may mirror an ongoing initiative that has a lot more categories. Those high level categories would be under a National Initiative for Cybersecurity Education (NICE) framework:

Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.

These categories are broken down further into a sum total of 31 tasks. It was supposed to be released in 2013, but there is actually no telling when it will come out.

http://diarmfs.com
niccs.us-cert.gov

DoDD Cyberspace Workforce Management 11 Aug 2015

by Leave a Comment

The Department of Defense finally released the Directive for Cyberspace workforce management on 11 Aug 2015.  This means that the DODI (instruction) is not far behind.  The instruction will be more in the weeds.  It is where the “magic happens”.  Directives are very high level policy that gives instructions their power to exist.

Cyberspace Workforce Management – http://www.dtic.mil/whs/directives/corres/pdf/814001_2015_dodd.pdf

The Cyberspace Workforce Management directive does the following:

  • Reissues and renumbers DoD Directive (DoDD) 8570.01 (Reference (a)) to update and expand established policies and assigned responsibilities for managing the DoD cyberspace workforce.
  • Authorizes establishment of a DoD cyberspace workforce management council to ensure that the requirements of this directive are met.
  • Unifies the overall cyberspace workforce and establishes specific workforce elements (cyberspace effects, cybersecurity, and cyberspace information technology (IT)) to align, manage and standardize cyberspace work roles, baseline qualifications, and training requirements.

Cyberspace Workforce Applies to:

  • Office of the Secretary of Defense (OSD)
  • Military Departments (Army, Navy, Air Force, Marines)
  • Office of the Chairman of the Joint Chiefs of Staff (CJCS) and the Joint Staff
  • Combatant Commands
  • Office of the Inspector General of the Department of Defense (IG DoD)
  • Defense Agencies
  • Field Activities
  • DoD Components

It is DoD policy does the following:

  • Maintains a total force management perspective to provide qualified cyberspace government civilian and military personnel to identified and authorized positions, augmented where appropriate by contracted services support. These personnel function as an integrated workforce with complementary skill sets to provide an agile, flexible response to DoD requirements.
  • [Make sure] the appropriate mix of military and government civilian positions and contracted support designated to perform cyberspace work roles is determined in accordance with DoD Instruction (DoDI) 1100.22 (Reference (b))
  • Civilian, military, and contracted support personnel assigned to perform cyberspace work roles must meet qualification standards established in supporting issuances, in addition to other existing workforce qualification and training requirements assigned to billets and position requirements (e.g., acquisition, intelligence, communications).
  • DoD Component compliance with this directive is monitored via authoritative manpower and personnel systems as an element of mission readiness and as a management review item.
  • Nothing in this directive replaces or infringes the responsibilities, functions, or authorities of the DoD Component heads or other OSD officials as prescribed by law or Executive order, assigned in chartering DoDDs, or detailed in other DoD policy issuances or, as applicable, in Director of National Intelligence policy issuances.
  • All authorized users of DoD IT receive initial cybersecurity and information assurance awareness orientation as a condition of access, and thereafter must complete annual cybersecurity and information assurance refresher awareness.

8570_to_8140_01_2015_dodd

USCYBERCOM, National Initiative for Cyberspace Education (NICE)

by Leave a Comment

DoD is using National Initiative for Cyberspace Education (NICE) to point their cyber security professionals in the right direction for training resources.  I wonder if this might hint at a DoDD 8140, Cyberwork force being inline with National Initiative for Cyberspace Education (NICE) National Cybersecurity Workforce Framework.

DISA has gathered inputs from USCYBERCOM, National Initiative for Cyberspace Education (NICE) and other partners to provide a catalog of training resources that are categorized by Cybersecurity work roles. The identified training resources will help DoD employees fulfill their knowledge or skill gaps and move from entry to advanced levels of proficiency in their assigned work roles. To learn more, and to view the training resources, please visit the Cybersecurity Role-Based Training Portal.

https://disa.deps.mil/ext/cop/iase/specialty_courses/ (DoD PKI Cert Required)

USCYBERCOM_NICE_roles
USCYBERCOM_NICE_roles

National Cybersecurity Workforce Framework (Workforce Framework) Version 2.0

by Leave a Comment

National Cybersecurity Workforce Framework (Workforce Framework) Version 1 has been replaced with Version 2.0.  The change was for adherence to the OPM Guide to Data Element Standards(link is external).

If you did not know the purpose of the National Cybersecurity Workforce:

The National Cybersecurity Workforce Framework (Workforce Framework) Version 2.0 is the foundation for increasing the size and capability of the US cybersecurity workforce. It can help solve some of the key cybersecurity workforce challenges. The Workforce Framework is a national resource for employers, trainers, and policy makers, providing a common cybersecurity lexicon. Creating uniformity in the field is critical to its organization and development and the Workforce Framework aims to categorize the different types of cybersecurity work.–http://niccs.us-cert.gov

“Oversight and Development” of NICE framework version 1 has become “Oversee & Govern” in version 2.  I noticed that version 2 also includes Risk Management type positions listed under Oversee and Govern:

Risk Management – Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to ensure new and existing information technology (IT) systems meet the organization’s information assurance (IA) and security requirements. Ensures appropriate treatment of risk, compliance, and monitoring assurance from internal and external perspectives.


 Workforce Framework Category Graphic

 

DoDD 8140 Round Up

by Leave a Comment

I have been hunting for information on the abominable “DoDD 8140”.  Some say that it does not exist, but you can see its footprints all over the InterWebs:

The DoDD 8140 (DoDD 8570.1 replacement) is in staffing (administrative and format correction by the DoD then legal review then for signature by the SecDef or DepSecDef. Tentative completion and release date 1st Qtr. FY 15 . The workforce manuals will stem from the signed DoDD 8140 – Army CIO/G6, Cyber Security Directorate Training and Certification Newsletter 1 September 2014

DoD 8140 workforce requirements initiative – Operationally Focused CYBER Training Framework

DoDD 8140 – What We Know – Expands 8570 Concept from Information Assurance Personnel Only To Entire “Cyberspace Workforce” – Umbrella Program – Intent is For The 8570 Matrix to Remain The Same – Will Use NICE (National Initiative for Cybersecurity Education) Framework and “Other Plans and Policies” for job skills/functions/tasks – isc2chapter-middlega.org

Initial draft 8140 Directive in formal coord • Policies under the DoDD 8140 to cover the entire Cyberspace Workforce • IT/Cybersecurity • Cyberspace Operations (Engagement) • Intelligence Workforce (Cyberspace) • Leverage existing plans and policies: • NICE; DoD CWF; CW Strategy • JCT&CS • Total force manpower process (DoDI 1100.22) • Apply lessons learned from workforce studies and 8570 implementation – isc2chapter-middlega.org

Lack of Standard DoD CS/ITWF-Related Procedures. DON CIO personnel informed us that the Navy did not comprehensively define the overall CS/ITWF or develop a CS/ITWF personnel database because they were waiting for DoD to issue its guidance. We were told that DoD was drafting Directive 8140.aa, “Cyberspace Workforce Management,” reissuing and renumbering DoD Directive 8570.01, “Information Assurance Training, Certification, and Workforce Management,” updating and expanding policies, and assigning responsibilities for managing the DoD workforce performing cyberspace functions. – Cyberspace/Information Technology Skill Sets for Active Duty Military Personnel at Selected Navy Commands  

In reference to changes to the IP Officer course, the expected date of implementation is May 2016. For the more immediate mitigation efforts, N2/N6 responses are predicated on DON CIO’s update to Secretary of the Navy (SECNAV) Instruction 5239 along with the release of the DoDD 8140.aa. Once these documents have been promulgated (estimated date of completion in September 2014), OPNAV N2/N6 will release a Naval Administrative Message (NAVADMIN) that will direct the fleet to these changes and ensure implementation of all directives and instructions. Estimated release date for the NAVADMIN will be May 2015. – Cyberspace/Information Technology Skill Sets for Active Duty Military Personnel at Selected Navy Commands  

If you see the 8140 in the wild, shoot it, skin it and send it to me:

elamb(dot)security(at)gmail

Nothing on DoD 8140

by Leave a Comment

In typical government fashion, an important change was mentioned years ago and nothing has come of it.  DoD 8570 was supposed to be replaced by DoDD 8140 but it still has not been done yet.  The USAF just released Air Force Manual 33-285, CyberSecurity Workforce Improvement Program, 20 March 2015 and it is based on 8570 and not DoDD 8140.  Why?  Because 8140 does not exist.  Is it in draft?  Is it ever going to exist?  Someone out there knows.

If it is not going to be created, then why are so many official sites, documents and policies in the government still mentioning it?

“The DoDD 8140 (DoDD 8570.1 replacement) is in staffing (administrative and format correction by the DoD then legal review then for signature by the SecDef or DepSecDef. Tentative completion and release date 1st Qtr. FY 15 . The workforce manuals will stem from the signed DoDD 8140” – US Army CIO/G6 Cyber Security Directorate

“DoD Directive 8570.1 provides the basis for an enterprise-wide solution to train, certify, and manage the DoD Information Assurance (IA) workforce.
– Will be replaced by DoD Directive 8140, Cyberspace
Workforce Management in 2-4 months.” – IA Workforce Improvement Program Update (USAF) med.navy.mil

“Ensuring initial IA orientation and annual awareness training are available to all authorized users to ensure they know, understand, and can apply the IA requirements of their system(s) in accordance with reference (d) and will eventually be updated with the publishing of the Department of Defense Directive (DoDD) 8140 in May 2014.” – US Marine Corps Enterprise Cyber Security Directive – CyberSecurity Workforce Improvement Program

“Lack of Standard DoD CS/ITWF-Related Procedures. DON CIO personnel informed us that the Navy did not comprehensively define the overall CS/ITWF or develop a CS/ITWF personnel database because they were waiting for DoD to issue its guidance. We were told that DoD was drafting Directive 8140.aa, “Cyberspace Workforce Management,” reissuing and renumbering DoD Directive 8570.01, “Information Assurance Training, Certification, and Workforce Management,” updating and expanding policies, and assigning responsibilities for managing the DoD workforce performing cyberspace functions” – Cyberspace/Information
Technology Skill Sets for Active Duty Military Personnel at Selected Navy Commands, 19 May 2014