DoD Directive 8570.01-M requires all DoD personnel performing Information Assurance functions to hold an approved baseline certification for their role and level. DoD 8140 (the successor to 8570) expands this to a work-role-based model aligned to the NICE Cybersecurity Workforce Framework. IT Dojo has been preparing DoD and federal professionals for these certifications since 2003.
IAT — Information Assurance Technical
Required for personnel who perform technical IA functions such as network defense, system administration, and security operations.
| Level | DoD-Approved Certifications | IT Dojo Courses |
|---|---|---|
| IAT Level I | A+, Network+, SSCP | Network+ Training |
| IAT Level II | Security+, CySA+, CCNA Security, GICSP, GSEC, SSCP | Security+ Training · CySA+ Training |
| IAT Level III | CASP+ CE, CISA, CISSP, CCSP, GCIH, GCED | CASP+ Training · CISSP Training |
IAM — Information Assurance Management
Required for personnel responsible for managing and overseeing IA programs, policies, and personnel.
| Level | DoD-Approved Certifications | IT Dojo Courses |
|---|---|---|
| IAM Level I | CAP, CND, Cloud+, Security+, HCISPP | CND Training · Cloud+ Training · Security+ Training |
| IAM Level II | CAP, CASP+ CE, CISM, CISSP, GSLC, CCISO | CASP+ Training · CISM Training · CISSP Training |
| IAM Level III | CISM, CISSP, GSLC, CCISO | CISM Training · CISSP Training |
IASAE — IA System Architecture and Engineering
Required for personnel who design and engineer IA into systems and architectures.
| Level | DoD-Approved Certifications | IT Dojo Courses |
|---|---|---|
| IASAE Level I | CISSP, CASP+ CE | CISSP Training · CASP+ Training |
| IASAE Level II | CISSP-ISSEP, CASP+ CE, CSSLP | CISSP Training · CASP+ Training |
| IASAE Level III | CISSP-ISSAP, CSSLP | CISSP Training |
CSSP — Cyber Security Service Provider Roles
Required for personnel assigned to Cyber Security Service Provider roles including Analysts, Incident Responders, Auditors, and Managers.
| CSSP Role | DoD-Approved Certifications | IT Dojo Courses |
|---|---|---|
| Analyst | CEH, CFR, CCNA Cyber Ops, CySA+, GCIH, GCIA, GCFA, GREM | CEH Training · CySA+ Training |
| Infrastructure Support | CEH, CND, SSCP, CCNA Security, PenTest+ | CEH Training · CND Training · PenTest+ Training |
| Incident Responder | CEH, CFR, GCIH, GCFA, GREM | CEH Training |
| Auditor | CISA, CEH, GSNA, GCIH | CISA Training · CEH Training |
| Manager | CISM, CISSP, CCISO, GSLC, CISA | CISM Training · CISSP Training · CISA Training |
DoD 8140 — The Transition
What Stays the Same
- All certifications approved under 8570 remain valid during the transition period
- Personnel already in compliance with 8570 do not need to re-certify immediately
- The core certification categories (IAT, IAM, IASAE) remain foundational
What's Changing
- 8140 moves to a work-role model based on the NICE Cybersecurity Workforce Framework (DCWF)
- Each DCWF work role code has specific qualification requirements (AQRs)
- Components must map personnel to work roles and track qualifications accordingly
- Check the DoD Cyber Workforce Framework portal for the latest approved qualifications
Not sure which certification is right for your role or your team?
IT Dojo has been advising DoD commands, federal agencies, and government contractors on certification pathways since 2003. We can help you identify what's required, map it to your personnel, and schedule the training — including on-site delivery at your installation.