DoD 8570 and CAP Certification

Cyberspace is the new battlefield, where commercial and DoD assets have become virtual targets for our adversaries. The DoD 8570 Information Assurance Training, Certification and Workforce Management program addresses this threat by proactively educating and certifying commercial contractors, and military and civilian personnel to perform their critical duties as Information Assurance professionals. 

Under the 8570 Mandate, all personnel with "privileged access" to DoD systems must obtain an ANSI-approved commercial certification. (ISC)²® was the first organization to receive ANSI accreditation under ISO/IEC Standard 17024 and has since received accreditation for each of its credentials. Learn more by reviewing a comprehensive overview of the DoD Directive 8570.1

IAM Level I & II and CAP

In order to determine which certification is relevant, a classification grid has been constructed to pinpoint what duties the individual fulfills and what certifications are appropriate for their specific job function. The grid below provides guidance for assessing the proper certification commensurate with personnel job responsibilities. 

CAP applies to those responsible for formalizing processes that assess risk and establish security requirements. They ensure that information systems possess security commensurate with the level of exposure to potential risk and damage to assets or individuals. The CAP credential allows for this authority. The CAP examination tests the breadth and depth of a candidate’s knowledge by focusing on the seven CAP CBK domains. 

DoD 8570 Chart 
 DoD 8570.01-M, Table AP3.T2. DoD Approved Baseline Certifications 

A complete overview of the (ISC)² CAP can be found at

Logo CAP
certs chart top