DoD DIRECTIVE 8570.1

DoD DIRECTIVE
8570.1
FACE THE DOD 8570.1 MANDATE
HEAD-ON WITH
MEMBERS
Cyberspace is the new battlefield, where commercial and DoD assets have become virtual targets for
our adversaries.The DoD 8570 Information Assurance Training, Certification and Workforce Management
program addresses this threat by proactively educating and certifying commercial contractors, and military
and civilian personnel to perform their critical duties as Information Assurance professionals.
Under the 8570 Mandate, all personnel with “privileged access” to DoD systems must obtain an ANSI-approved
commercial certification. (ISC)2® was the first organization to receive ANSI accreditation under ISO/IEC Standard
17024 for its CISSP® certification, and has since received accreditation for each of its credentials. For a comprehensive
overview of the DoD Directive 8570.1, please refer to www.isc2.org/dodmandate.
Matching Classifications with the Certifications
In order to determine which certification is relevant, a classification grid has been constructed to pinpoint what duties
the individual fulfills and what certifications are appropriate for their specific job function. The grid below provides
guidance for assessing the proper certification commensurate with personnel job responsibilities.
DoD 8570.01-M, Table AP3.T2. DoD Approved Baseline Certifications
MEMBERS
BECOMING 8570.1 COMPLIANT AND BEYOND
(ISC)2® spans the 8570 grid with its award-winning certifications that qualify personnel in
multiple categories. (ISC)2 certifications offer an unrivaled flexibility, providing DoD personnel
with 8570 compliance and a globally recognized standard of qualification that will expand
their future career opportunities. Don’t get pigeon-holed with a certification good for only one
job classification. Become part of the (ISC)2 family and achieve a credential that allows for and
encourages upward mobility like the SSCP®, CAP® and the CISSP®.
SSCP (Systems Security Certified Practitioner)
The SSCP is a hands-on practitioner whose focus is on the technical aspects of information
security. SSCPs design, implement and administer information systems in compliance
with stated policies. The SSCP CBK® is comprised of seven domains pertaining to real-life
areas of expertise in this ever-changing field of information security.
• Requirements
o Minimum of one year of experience o Pass a stringent three-hour exam and go through an endorsement process
o 60 CPE credits are required every three years to maintain certification
A complete overview of the (ISC)2 SSCP can be found at www.isc2.org/sscp.
CAP (Certified Authorization Professional)
CAP applies to those responsible for formalizing processes that assess risk and establish security
requirements. They ensure that information systems possess security commensurate with the level
of exposure to potential risk and damage to assets or individuals. The CAP credential allows for this
authority. The CAP examination tests the breadth and depth of a candidate’s knowledge by focusing
on the four domains that comprise the CAP CBK, a compendium of information security topics in:
Understand the Purpose of Security Authorization, Initiate Preparation Phase, Perform Execution
Phase and Perform Maintenance Phase (continuous monitoring).
• Requirements
o Minimum of two years of experience o Pass a stringent three-hour exam and go through an endorsement process
o 60 CPE credits are required every three years to maintain certification
A complete overview of the (ISC)2 CAP can be found at www.isc2.org/cap.
CISSP (Certified Information Systems Security Professional)
CISSP is the “Gold Standard” information security certification and was the first credential in the
field of information security, accredited by ANSI to ISO/IEC Standard 17024:2003. A CISSP is
an information assurance professional who defines the architecture, design, management and/or
controls that assure the security of business environments. The vast breadth of knowledge and the
experience it takes to pass the exam is what sets a CISSP apart.
• Requirements
o Minimum of four years of experience with a degree or waiver – or five years without
o Pass a stringent six-hour exam and go through an endorsement process
o 120 CPE credits are required every three years to maintain certification
A complete overview of the (ISC)2 CISSP can be found at www.isc2.org/cissp.
CISSP® Concentrations
(ISC)2® developed a set of credentials beyond the CISSP, providing a
career path that opens up new opportunities for members, such as more
demanding roles in larger enterprises and recognition of specialized talents
and skill sets. (ISC)2’s three CISSP Concentrations operate in the disciplines of
architecture, engineering and management, and also comply with DoD 8570.1.
• CISSP Concentrations
o CISSP-ISSAP®: For the architect who generally develops, designs, or
analyzes the overall security plan, playing a key role between the C-suite
and upper management. o CISSP-ISSEP®: Developed in conjunction with the U.S. National Security
Agency and created for the lead systems engineer who is incorpoorating
security into projects, applications, business processes and information systems.
o CISSP-ISSMP®: For CISSPs who examine information security management on a
larger, enterprise-wide security model.
• Requirements
o Minimum of two years of experience specific to the concentration o Pass a stringent three-hour exam and go through an endorsement process
o 120 CPE credits with 20 specific to the concentration are required every three years
To learn more about the CISSP Concentrations, visit www.isc2.org/concentrations.
Associate of (ISC)2
The Associate of (ISC)2 is available to those knowledgeable in key areas of industry concepts but
are lacking the work experience. Candidates may take the SSCP®, CAP® or CISSP examination and
subscribe to the (ISC)2 Code of Ethics to earn the Associate status. Once the required experience is
gained, the Associate can then be endorsed and received the certification.
• Associate of (ISC)2 for SSCP
o Maximum of two years from the exam pass date to acquire the
necessary professional experience
o Pass the three-hour SSCP exam
o 10 CPE credits are required every year
• Associate of (ISC)2 for CAP
o Maximum of three years from the exam pass date to acquire the
necessary professional experience
o Pass the three-hour CAP exam
o 10 CPE credits are required every year
• Associate of (ISC)2 for CISSP
o Maximum of six years from the exam pass date to acquire the
necessary professional experience
o Pass the six-hour CISSP exam
o 20 CPE credits are required every year
For more information on the Associate program, please visit www.isc2.org/associates.
MEMBERS
GO DIRECTLY TO THE SOURCE
(ISC)2® brings you the best information security education. Together with its affiliates, (ISC)2 provides
internationally recognized review seminars and educates thousands of security professionals annually. Only
(ISC)2 and its affiliates use (ISC)2 Authorized Instructors and the most current courseware. Together, that
means you get the highest quality education available from the proven best in the industry — a claim that
no other education provider can make. Look for the (ISC)2 Authorized Provider logo to ensure you are
experiencng the best and most current programs available.
Education Delivered Your Way
SC Magazine has recognized (ISC)2 as the 2006, 2007 and 2011 winner of the Best Professional Training Program as well as the 2008
and 2010 winner of the Best Professional Certification Program. But setting all recognition aside, (ISC)2 offers a wide, comprehensive
range of quality, high-level educational opportunities, making us the best choice for DoD 8570.1 compliance and beyond. To help you
thoroughly review and refresh your information security knowledge before pursuing (ISC)2 credentials, (ISC)2 offers CBK® Review
Seminars via classroom or online.
In addition to the G.I. Bill, through which veterans are reimbursed for the cost of education and certification, (ISC)2 offers a costeffective, pre-negotiated voucher program that gives agencies the opportunity to purchase seats for (ISC)2 CBK Review Seminars and
examinations in bulk. The more you buy, the more you save throughout the country and around the world. For a full explanation on
the Voucher Program, visit www.isc2.org/vouchers.
(ISC)2 and its affiliates offer 8570 packages that can be customized to meet a variety of education needs. Program offerings
include textbooks, online education, instructor-led seminars and continuing education opportunities. (ISC)2 and its partners have
sliding scale pricing options based on volume. For education pricing inquiries, please contact (ISC)2 Government Services at
[email protected] or 1.866.462.4777.
ADDITIONAL RESOURCES
Education Support to the DoD (Dantes Program) - www.isc2.org/dantes
Official DoD Directive FAQs - www.isc2.org/8570faqs
Official (ISC)2 Authorized Education Providers - www.isc2.org/aep
Reagan Systems GSA Schedule - www.isc2.org/reagangsa
U.S. Department of Veterans Affairs - G.I. Bill - www.gibill.va.gov
(ISC)2 is the largest not-for-profit membership body of certified information security professionals worldwide, with more
than 80,000 members in more than 135 countries. Globally recognized as the Gold Standard, (ISC)2 issues the Certified
Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software
Lifecycle Professional (CSSLP®), Certified Authorization Professional (CAP®), and Systems Security Certified Practitioner
(SSCP®) credentials to qualifying candidates. (ISC)2’s certifications were among the first information security credentials to
meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel.
(ISC)2 also offers education programs and services based on its CBK®, a compendium of information security topics.
More information is available at www.isc2.org.
Tuition Saving Tips on (ISC)² Education and Examinations
© 2011 International Information Systems Security Certification Consortium, Inc. All Rights Reserved.
These seminars are conducted by (ISC)2 Authorized Instructors who are up-to-date on the latest information security-related
developments and are experts in credential-specific domains. (ISC)2’s official CBK textbooks provide the latest in information security
knowledge, detailed insight into the domains and provide sample questions. And to determine your readiness for taking the exam,
(ISC)2 also offers studISCope, an online self-assessment tool that lets you see where you stand on the information security learning
curve. It provides an actual simulation of the certification exam situation, and will pinpoint your domain knowledge level. For more on
(ISC)2’s education programs, visit www.isc2.org/education.
DOD.0
(12/11)