DoD Directive 8570.1

In today’s environment of emerging security threats, the U.S. Department of Defense has recognized the critical need for highly-qualified, experienced information assurance personnel. To ensure a knowledgeable and skilled workforce the DoD has taken the necessary steps to develop a directive that involves the credentialing and continuing education of all DoD employees with privileged access to DoD information systems. 

Specifically, the U.S. Department of Defense Directive 8570.1, signed in August of 2004, requires every full- and part-time military service member, defense contractor, civilian and foreign employee with privileged access to a DoD system, regardless of job series or occupational specialty, to obtain a commercial certification credential that has been accredited by the American National Standards Institute (ANSI). 

Directive 8570.1 in Brief

Defines two IA categories (technical, management); levels within categories (I, II, III); functions within levels

Identifies specific commercial certifications as a baseline for each level

Requires all IA certifications be accredited under ISO/IEC Standard 17024 ("equivalent" certifications acceptable if approved by OSD or accredited to ISO/IEC Standard 17024 by authorized body). Visit ISO for more information in ISO/IEC Standard 17024.

Requires continuous learning to maintain certification status (typically, 40 hours annually, 120 hours over three years)

Establishes DoD IA Certification Oversight Advisory Board under the DoD CIO/NII

Requires privileged user agreement outlining responsibilities, plus legal and policy limitations of their authority

The draft manual, 8570.1M, specifies that the Department of Defense requires approximately 110,000 identified Information Assurance professionals to be certified within a five year time period. The Defense Information Assurance Program office has divided its Information Assurance workforce into six defined categories (see chart below). The manual also specifies the types of commercial information assurance credentials that qualify for each of the defined categories.

 DoD 8570 Chart

The above chart was provided by the Defense Information Assurance Program (DIAP) Office. As of June 2005, the certifications shown above are the only commercial certifications DoD will accept as fulfillment for the 8570.1M requirement.

CISSP is the first certification to earn the stringent requirements of the ANSI accreditation to ISO/IEC Standard 17024. The SSCP, CAP, CSSLP, CISSP-ISSAP, CISSP-ISSEP and CISSP-ISSMP certifications have also met these requirements and has been approved by ANSI to the ISO/IEC Standard 17024.

  • DoD is recognized as the vanguard of government security needs identification and requirements policymaking. This directive, and the department’s endorsement of commercial certifications, represents welcome, progressive reform. Other government agencies, federally regulated industries, and commercial institutions doing business with the U.S. Government are certain to take notice and follow suit.

  • (ISC)² offers anytime, anywhere education and examinations for the SSCP®, CAP®, CSSLP®, and CISSP® credentials!  

For more information, please contact Steve Chichester at +1.703.637.4409, or via email at To learn more about the (ISC)² Training Seminars, please refer to the following pages:

Download a brochure to learn more about the (ISC)² and the DoD 8570 Mandate