Will Department of Defense (DoD) Directive 8140 replace DoDD 8570?
When will DoD 8140 take effect?
It is already in effect, but has simply adopted the DoD 8570 Approved Baseline Certifications at this time.
Why Change from 8570 to 8140?
DoD 8140 is designed to be more flexible and inclusive than DoD 8570. DoD 8140 includes initiatives such as NIST NICE (National Initiative for Cybersecurity Education), which identifies critical KSAs (Knowledge, Skills, and Abilities) and places cybersecurity positions into 7 categories (1. Security Provision, 2. Operate & Maintain, 3. Protect & Defend, 4. Analyze, 5. Operate & Collect, 6. Oversight & Development, and 7. Investigate) consisting of 31 specialty areas.
Background on status of DoD 8140 vs dod 8570
DoD 8570 is both a “Directive” and a “Manual”. DoD 8140 is currently just a “Directive”. A DoD Directive establishes policy, assigns responsibility, and delegates authority, but it does not contain any procedures. A DoD Manual implements or supplements a directive and contains the procedures.
When people state they must be compliant with “DoD 8570” they are referring to the both the DoDD (Directive) and the DoDM (Manual).
Here’s a summary:
DoD Directives vs DoD Manuals
- DoD 8570
- DoD 8140
- Directive – DoD Directive 8140.01: Cyberspace Workforce Management, 8/11/2015
- Manual – DoD 8570.01-M: Information Assurance Workforce Program, 12/19/2005, updated (Change 4) 11/10/2015
- The Manual for DoD 8570 (DoD 8570.01-M) was modified (as you can see via the redlines below) to reference DoD Directive 8140.01. This means the existing DoD 8570 requirements are used to support DoDD 8140 until a new manual is developed for DoDD 8140.