The DOD 8570 Directive
The Department of Defense's DOD 8570 Directive is a requirement issued by the Department of Defense that staff working in an information assurance (IA) capacity meet certain minimum standards. A large part of meeting these standards is to earn appropriate certifications for a given position. Some of the certifications required for IA workers under DOD 8570 are the Certified Ethical Hacker (CEH), the Certified Information System Security Professional (CISSP), and the Security+ certifications. Although DOD 8570 is specific to the DOD, its requirements are considered a good summary of what IT workers need to be successful in any industry for any employers.
DOD workers in the IA field are responsible for the department's information systems. The IA discipline is frequently described with the acronym CIA -- standing for confidentiality, integrity and availability. Systems must be kept secure and confidential from outside users. They also must preserve the data so that it can be relied upon. Finally, IA professionals are expected to keep the DOD's systems on-line for use whenever they are needed.
Under the DOD 8570 Directive, entry level IA workers, classified as "Information Assurance Technicians - Level I" must hold either the A+, Network+ or Systems Security Certified Practitioner (SSCP) certifications. Advancing to Level II requires the addition of a GIAC Security Essentials Certification (GSEC), Security+, Security Certified Network Professional (SCNP) or SSCP certification. Level III technicians also need to add a Certified Information Systems Auditor (CISA), GIAC Security Expert (GSE), Security Certified Network Architect (SCNA), Certified Information Systems Security Professional (CISSP) or GIAC Certified Incident Handler (GCIH) certification.
Additional positions under DOD 8570 require different certifications. Information Assurance Managers (IAM), Information Assurance System Architect and Engineers (IASAE), and Computer Network Defense (CND) workers also need to be certified, sometimes with different certifications. IAM workers may also need the Certified Authorization Professional (CAP), GIAC Information Security Fundamentals (GISF), GIAC Security Leadership Certification (GSLC), CISM (Certified Information Security Manager) or CISSP designations. IASAE's must have completed the CISSP or an Associate's degree, and require either a CISSP-ISSEP or CISSP-ISSAP to advance to the highest level. In the CND field, workers must hold certifications such as the GIAC Intrusion Analyst (GCIA), CEH, SSCP, Computer Security Incident Handler (CSIH), CISA, GIAC Systems and Network Auditor (GSNA), CISM, or CISSP-ISSMP certificates.
The Security+ certification, the CISSP certification and the CEH certification are all particularly useful. Security+, which certifies introductory level skills in the field of information system security, can be used for both technician and management-level positions in IA. The CISSP certification, which covers a broad range of security topics, is required for many management level positions and is a prerequisite for achieving an IASAE position. The CEH certificate teaches its recipients how to use unauthorized means to enter systems for the purpose of testing those system's defenses. It is a relatively new addition to DOD 8570, having been added in 2010, and is an accepted certification for most CND positions.