• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

National Initiative for Cybersecurity Education

dodd 8140 cyberspace workforce management

January 11, 2016 by Bruce Brown Leave a Comment

What is the DoD Directive 8140?
DoD 8140, Cyberspace workforce will supersede DoD 8570 as the guide for selecting the personnel with the correct certifications, skills and experience.

Where is the DoDD 8140.01, Cyberworkforce going?
8140 manual may mirror an ongoing initiative that has a lot more categories. Those high level categories would be under a National Initiative for Cybersecurity Education (NICE) framework:

Security Provision, Maintain and Operate, Protect & Defend, Analyze, operate & collect, Oversight & Development and Investigate.

These categories are broken down further into a sum total of 31 tasks. It was supposed to be released in 2013, but there is actually no telling when it will come out.

http://diarmfs.com
niccs.us-cert.gov

Filed Under: cyberspace workforce, NIST Security Framework, risk management, Risk Management For DoD IT, roles Tagged With: 8140, 8570, cyber workforce, cyberworkforce, dod 8570, dodd 8140, dodd 8140 cyberspace workforce, National Initiative for Cybersecurity Education, NICCS, NICE, rmf

Cybersecurity Workforce Framework APP (part 1)

July 27, 2015 by Bruce Brown Leave a Comment

Cybersecurity Workforce Framework 8140
Cybersecurity Workforce Framework

App_Store_Badge_135x40_Master_062012

google-play-en@2x_135_40

App now available on the app store

We are working on an app that will allow quick navigation of the National Cybersecurity Workforce Framework version 2.  It will be pretty simple for now.

Version 1.x features Will Include:

  • All Categories mapped to Special Areas
  • All KSA
  • All TSA

In future versions we will include certifications that apply to each Special Area.  I am waiting for DoDD 8140 because I think it will match up with National Cybersecurity Workforce Framework version 2.

cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app
cybersecurity workforce app

Filed Under: cyberspace workforce, NIST Security Framework, risk management Tagged With: cybersecurity, cybersecurity framework, Cybersecurity Workforce Framework, National Initiative for Cybersecurity Education

8570 to National Initiative for Cybersecurity Education (NICE)

April 14, 2015 by Bruce Brown Leave a Comment

The Department of Defense used DoD 8570.01-M, Information Assurance Workforce Improvement Program as its labor  reference code.  8570 mapped required industry level IT certifications to certain job titles.  The problem with it was that many within DoD relied too heavily on IT certification.  So organizations would end up with lots of “paper tigers”, IT guys with lots of certifications but very little practical experience.

In 2010, the Office of Personnel Management and others involved with the National Initiative for Cybersecurity Education (NICE) recognized issues in the federal government and hiring qualified talent for the cybersecurity workforce.

John Mills, OSD/NII who assisted with the National Cybersecurity Initiative said, “We’re already working on revising 8570.  We want to do something that reflects a workforce that is trained and qualified with actual capabilities and competencies and not just a rote exam.” (2010)

According to Cybersecurity panelist Patty Edfors,  “There’s a dilution of certifications going on. There are many entities cropping up that have new certifications.  And it gets to be one of these: ‘Which one do I choose?’ And it all comes down to: ‘Which one will bring me the biggest salary?’ So, the alignment of the resources and qualifications of the workforce are critical….”

The result of their work was the CyberSecurity Workforce Framework:

http://niccs.us-cert.gov/training/tc/framework

But there is no word yet on whether or not this will replace or supplement the old 8570.

 

Filed Under: Risk Management For DoD IT Tagged With: National Initiative for Cybersecurity Education, national security, NICE, what is the national security agency

dod information assurance awareness training

January 28, 2014 by Bruce Brown 1 Comment

Conduct DoD Information Assurance Awareness Training: http://iase.disa.mil/eta/cyberchallenge/launchPage.htm

DoD Information assurance awareness training is an interpretation of the federal law, Federal Information Security Management Act (FISMA).  As each unity, agency and branch of the DoD takes on the responsibility of FISMA compliance, they sometimes come up with their own flavor of DoD information assurance awareness.

DoD Information Assurance Awareness is a requirement in accordance with the FISMA of 2002:

“security awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency, of— ‘‘(A) information security risks associated with their activities; and ‘‘(B) their responsibilities in complying with agency policies and procedures designed to reduce these risks”

FISMA 2012

FISMA 2012 expands the scope if DoD information assurance awareness training and the department of homeland security with a The National Initiative for Cybersecurity Education (NICE).  NICE also includes National Initiative for Cybersecurity Careers and Studies (NICCS) portal25, an online resource for cybersecurity awareness, education, training, and career information open to the public.

“The vision of NICCS portal is to provide a national resource to
elevate cybersecurity awareness and affect the change in the American public; to adopt a culture of cyberspace security and to build a competent cybersecurity workforce. “

DOD Information Assurance Awareness & Security Training
According to FISMA, all Government personnel and contractors must complete annual security awareness training.

DoD 8570/DoD 8140 are directives that spawned as a result of FISMA also requirements to have specialized training for personnel and contractors with significant security responsibilities.

Progress of DoD Information Assurance Awareness Training is tracked and taken VERY seriously.  So much so that if you don’t complete the annual training, you can lose your ability to access systems.

DoD Information Assurance Awareness Training Security Controls

Information Assurance awareness is addressed as an actual security control in NIST SP 800-53 as AT – Awareness & Training and the NIST SP 800-50 is for Building an Information Technology Security Awareness and Training Program.

Awareness and Training
AT-1 Security Awareness and Training Policy and Procedures
AT-2 Security Awareness
AT-3 Security Training
AT-4 Security Training Records
AT-5 Contacts with Security Groups and Associations

 

Filed Under: cyberspace workforce, DIARMF, Information Assurance Tagged With: army information assurance, dod 8140, dod information assurance awareness, dod information assurance awareness training, dodd 8140, dodd 8140 cyberspace workforce, FISMA, IA, IA training, info assurance, information assurance, information assurance air force, information assurance training, National Initiative for Cybersecurity Education, NICCS, NICE

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Cybersecurity Jobs Resume Marketing: Book 1 Find Cybersecurity jobs
  • Security Control Assessor (SCA) Methods table top exercise
  • Cybersecurity Pro opinion about Tiktok
  • Las Vegas teleworking
  • STIGS in the RMF Process

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in