Earlier this year, ISC2 announced that all nine certifications – and their corresponding training courses – have been included in the U.S. Department of Defense (DoD) Directive 8140 Cyber Workforce Qualification Provider Marketplace. The 8140 directive replaces the 8570 directive and went into effect on February 15, 2023.
The DoD designed the new directive to “provide a targeted, role-based approach to identify, develop and qualify cyber personnel by leveraging the DoD Cyber Workforce Framework (DCWF).” What this means is that all personnel assigned to a position that is coded with a DCWF work role must meet the foundational, residential and continuous professional development qualification requirements outlined for each work role at the assigned proficiency level(s).
Member Insights
We asked a few of our members working in the space about their thoughts on the new directive, its impact and how it might translate to use in the private sector.
Greg Bergen, CISSP, CGRC is a Senior Principal Cybersecurity Analyst for a global aerospace, defense and security company. He told us that as a private contractor, his organization’s alignment with 8570 meant they were well-prepared for the transition to 8140.
“DoD 8570 paved the way for a Cyber-certified workforce and the industry is responding in kind to DoD 8140,” he said. “We’re already seeing 8140-compliance stipulated in new contracts and are pushing that down to subcontractors as well.”
We also asked Mike Cook, CISSP, a Deputy Director in the U.S. Air Force, who said “As a government employee in a government organization, I believe the directive translates well to the private sector. We recruit and hire from the private sector and many of the candidates have certifications that are accepted within the 8140.” He continued “Additionally, many of the private sector organizations require IT professionals to attain certifications accepted within the 8140.”
We also asked how the new directive might impact contractors and government employees when it comes to upward mobility or the potential to enter into cyber roles from other areas.
“I believe 8140 gives both the government and its contractors options when it comes to hiring. They can hire on related experience, education or certifications now,” said Bergen.
“We place an emphasis on continued development and professional growth and gaining higher level certifications play a significant role in upward mobility and the ability to attain cyber roles within our organization,” said Cook. “When we recruit and hire, we place emphasis on professional IT and cyber certifications when making candidate selection, and we understand that attaining higher level skills (and certifications) are necessary to perform the work we do successfully. Not only does this apply to our government employees, but also the contractor workforce that supports and augments the government team.”
Accreditation Impact
For the past several years, ISC2 has been expanding our Qualifications team to include a group of skilled professionals that will focus on standards and practices within the field of cybersecurity. This group is responsible for the Unified Body of Knowledge project, as well as other projects in the works. We asked Sr. Director, Standards and Practice, Rick Gamache, CISSP about his thoughts on accreditation for certifications and training.
“Contractors and employees can be reasonably confident that certifications and training accredited by ANAB/ANSI meet recognized standards for legitimacy and quality. This accreditation helps ensure marketplace offerings are reliable.”
Gamache continued, “However, when selecting certifications or training, it's also important to consider factors such as global portability, industry recognition, and whether the certification is continuously updated to reflect the latest industry knowledge.”
The CISSP has been accredited for 20 years and all nine ISC2 certifications are ANAB accredited. The credentials are reviewed for reaccreditation on a five-year cycle, with the latest renewal granted this year.