National Initiative for Cybersecurity Education

dodd 8140 cyberspace workforce management

January 11, 2016 by Bruce Brown Leave a Comment

What is the DoD Directive 8140?
DoD 8140, Cyberspace workforce will supersede DoD 8570 as the guide for selecting the personnel with the correct certifications, skills and experience.

Where is the DoDD 8140.01, Cyberworkforce going?
8140 manual may mirror an ongoing initiative that has a lot more categories. Those high level categories would be under a National Initiative for Cybersecurity Education (NICE) framework:

Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.

These categories are broken down further into a sum total of 31 tasks. It was supposed to be released in 2013, but there is actually no telling when it will come out.

http://diarmfs.com
niccs.us-cert.gov

Cybersecurity Workforce Framework APP (part 1)

July 27, 2015 by Bruce Brown Leave a Comment

Cybersecurity Workforce Framework 8140 — Cybersecurity Workforce Framework

App now available on the app store

We are working on an app that will allow quick navigation of the National Cybersecurity Workforce Framework version 2. It will be pretty simple for now.

Version 1.x features Will Include:

All Categories mapped to Special Areas
All KSA
All TSA

In future versions we will include certifications that apply to each Special Area. I am waiting for DoDD 8140 because I think it will match up with National Cybersecurity Workforce Framework version 2.

8570 to National Initiative for Cybersecurity Education (NICE)

April 14, 2015 by Bruce Brown Leave a Comment

The Department of Defense used DoD 8570.01-M, Information Assurance Workforce Improvement Program as its labor reference code. 8570 mapped required industry level IT certifications to certain job titles. The problem with it was that many within DoD relied too heavily on IT certification. So organizations would end up with lots of “paper tigers”, IT guys with lots of certifications but very little practical experience.

In 2010, the Office of Personnel Management and others involved with the National Initiative for Cybersecurity Education (NICE) recognized issues in the federal government and hiring qualified talent for the cybersecurity workforce.

John Mills, OSD/NII who assisted with the National Cybersecurity Initiative said, “We’re already working on revising 8570. We want to do something that reflects a workforce that is trained and qualified with actual capabilities and competencies and not just a rote exam.” (2010)

According to Cybersecurity panelist Patty Edfors, “There’s a dilution of certifications going on. There are many entities cropping up that have new certifications. And it gets to be one of these: ‘Which one do I choose?’ And it all comes down to: ‘Which one will bring me the biggest salary?’ So, the alignment of the resources and qualifications of the workforce are critical….”

The result of their work was the CyberSecurity Workforce Framework:

http://niccs.us-cert.gov/training/tc/framework

But there is no word yet on whether or not this will replace or supplement the old 8570.

dod information assurance awareness training

January 28, 2014 by Bruce Brown 1 Comment

Conduct DoD Information Assurance Awareness Training: http://iase.disa.mil/eta/cyberchallenge/launchPage.htm

DoD Information assurance awareness training is an interpretation of the federal law, Federal Information Security Management Act (FISMA). As each unity, agency and branch of the DoD takes on the responsibility of FISMA compliance, they sometimes come up with their own flavor of DoD information assurance awareness.

DoD Information Assurance Awareness is a requirement in accordance with the FISMA of 2002:

“security awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency, of— ‘‘(A) information security risks associated with their activities; and ‘‘(B) their responsibilities in complying with agency policies and procedures designed to reduce these risks”

FISMA 2012

FISMA 2012 expands the scope if DoD information assurance awareness training and the department of homeland security with a The National Initiative for Cybersecurity Education (NICE). NICE also includes National Initiative for Cybersecurity Careers and Studies (NICCS) portal25, an online resource for cybersecurity awareness, education, training, and career information open to the public.

“The vision of NICCS portal is to provide a national resource to
elevate cybersecurity awareness and affect the change in the American public; to adopt a culture of cyberspace security and to build a competent cybersecurity workforce. “

DOD Information Assurance Awareness & Security Training
According to FISMA, all Government personnel and contractors must complete annual security awareness training.

DoD 8570/DoD 8140 are directives that spawned as a result of FISMA also requirements to have specialized training for personnel and contractors with significant security responsibilities.

Progress of DoD Information Assurance Awareness Training is tracked and taken VERY seriously. So much so that if you don’t complete the annual training, you can lose your ability to access systems.

DoD Information Assurance Awareness Training Security Controls

Information Assurance awareness is addressed as an actual security control in NIST SP 800-53 as AT – Awareness & Training and the NIST SP 800-50 is for Building an Information Technology Security Awareness and Training Program.

Awareness and Training
AT-1 Security Awareness and Training Policy and Procedures
AT-2 Security Awareness
AT-3 Security Training
AT-4 Security Training Records
AT-5 Contacts with Security Groups and Associations