Sign In

Sign In here to pay AMFs, submit CPEs, update profile settings, review transactions, and more.



DoD Directive 8570.1

In today’s environment of emerging security threats, the U.S. Department of Defense has recognized the critical need for highly-qualified, experienced information assurance personnel. To ensure a knowledgeable and skilled workforce the DoD has taken the necessary steps to develop a directive that involves the credentialing and continuing education of all DoD employees with privileged access to DoD information systems. For additional information, refer to the DoD Fact Sheet.

Specifically, the U.S. Department of Defense Directive 8570.1, signed in August of 2004, requires every full- and part-time military service member, defense contractor, civilian and foreign employee with privileged access to a DoD system, regardless of job series or occupational specialty, to obtain a commercial certification credential that has been accredited by the American National Standards Institute (ANSI). 

Directive 8570.1 in Brief

Defines two IA categories (technical, management); levels within categories (I, II, III); functions within levels

Identifies specific commercial certifications as a baseline for each level

Requires all IA certifications be accredited under ISO/IEC Standard 17024 ("equivalent" certifications acceptable if approved by OSD or accredited to ISO/IEC Standard 17024 by authorized body). Visit ISO for more information in ISO/IEC Standard 17024.

Requires continuous learning to maintain certification status (typically, 40 hours annually, 120 hours over three years)

Establishes DoD IA Certification Oversight Advisory Board under the DoD CIO/NII

Requires privileged user agreement outlining responsibilities, plus legal and policy limitations of their authority


The draft manual, 8570.1M, specifies that the Department of Defense requires approximately 110,000 identified Information Assurance professionals to be certified within a five year time period. The Defense Information Assurance Program office has divided its Information Assurance workforce into six defined categories (see chart below). The manual also specifies the types of commercial information assurance credentials that qualify for each of the defined categories.

 Updated DoD Matrix-2014

The above chart was provided by the Defense Information Assurance Program (DIAP) Office. As of June 2005, the certifications shown above are the only commercial certifications DoD will accept as fulfillment for the 8570.1M requirement.

CISSP is the first certification to earn the stringent requirements of the ANSI accreditation to ISO/IEC Standard 17024. The SSCP certification has recently met these requirements and has been approved by ANSI to the ISO/IEC Standard 17024.

  • DoD is recognized as the vanguard of government security needs identification and requirements policymaking. This directive, and the department’s endorsement of commercial certifications, represents welcome, progressive reform. Other government agencies, federally regulated industries, and commercial institutions doing business with the U.S. Government are certain to take notice and follow suit.

  • (ISC)² offers anytime, anywhere education and examinations for the  and SSCP®, CAP®, CSSLP®, and CISSP® credentials!  

For more information, please contact Steve Chichester at +1.703.637.4409, or via email at schichester@isc2.org. To learn more about the (ISC)² Review Seminars, please refer to the following pages:

Download a brochure to learn more about the (ISC)² and the DoD 8570 Mandate