CySA+: IA levels
Introduction: What is the DoD’s actual cyber-strategy?
In order to execute the national cyber-strategy, the U.S. Department of Defense (DoD) is striving to make its operatives more skilled with specialized training opportunities and by increasing efficiency in recruitment and in the hiring and training of personnel in information assurance (IA) duties. The Information Assurance Workforce Improvement Program describes the expectations of the DoD in terms of required education, certification and management of DoD workforce members carrying out information assurance (IA) duties and was devised to this purpose. Personnel, in fact, must now obtain a credential as required for their position, category/specialty, and level to fulfill the IA baseline certification requirement, soon after hiring, if they do not already possess it.
This effort is summarized by DoD Directive 8140.01, “Cyberspace Workforce Management,” and applies to IT employees who are part of the cyber or IA workforce whether they are in full-time, part-time or even in embedded duty positions. They will be required to be trained and certified to a DoD-approved 8570 baseline certification as required for their position category or specialty and level.
Basically, DoD has recognized the importance of having a highly qualified and capable cyberspace workforce that is trained and prepared to be assigned responsibilities for managing the DoD cyberspace workforce. The government agency has also identified the importance of industry-recognized credentials as part of the normal background of IT pros who must now earn industry certifications, including the CompTIA CySA+, to qualify for employment and meet the requirements of the level/function they’ll be assigned.
How does CySA+ satisfy the roles that DoD 8570 describes?
CySA+ is ISO/ANSI 17024-accredited and has been endorsed by the U.S. Department of Defense to satisfy the requirements mandated in 8140/8570/8570.01-M. In particular, the DoD had approved CySA+ under 8570 as of October 2017. The credential has been included in the list of the baseline certifications. Therefore, military personnel and contractors performing IA functions can use it to fulfill the requirements of their position, specialty and level. This credential is a great option if you are intending to work for the DoD, as it is listed under several categories.
Why was the CySA+ considered? This credential was created by gathering data on the field through industry-wide surveys and the input of subject matter experts in IT security. The certification differs from other available intermediate options thanks to its focus on cybersecurity analyst roles and by having a very hands-on, practical knowledge approach.
The test covers security analytics, pentesting, intrusion detection and response, advanced persistent threats, reverse engineering, vulnerability management and threat management. It goes in-depth on all tools and techniques required to successfully perform as cybersecurity analysts, security engineers and vulnerability or threat intelligence analysts. It also covers the skills needed to analyze gathered data, make recommendations, revise processes, participate in the software development life cycle and deal with the issues related to compliance.
Being a prominent target for cyberattacks, the DoD networks require that the employees entrusted with their use and protection, along with the safeguarding of all classified and sensitive info or data exchanged (transmitted and received) on them, be up-to-date and have the latest knowledge in defense mechanisms. The CompTIA CySA+ is capable of meeting this demand for many of the DoD 8570 Information Assurance Technical (IAT) roles.
What’s more, the CySA+ also falls under a DoD Cyber Security Service Provider (CSSP), a certification issued by DoD to indicate a candidate’s readiness for the DoD information assurance (IA) workforce. For that reason, employees are required to complete a third-party certification to fulfill requirements that vary according to their job role. For example, those who have analyst, infrastructure support, incident response and auditor duties can utilize the CySA+ credential to fulfill requirements, making this certification a great choice as it covers several job functions.
Which requirements does CySA+ meet?
The DoD Directive 8570 and the broader 8140 primarily assure that personnel in the cybersecurity workforce have the necessary hands-on knowledge for their job roles, in addition to the relevant certifications to prove their skills are up to date.
DoD 8570 directive, in fact, includes three levels that have cumulative functions for employees working in IAT Level II (that is where CySA+ fits in) or Level III positions, which require mastery of the functions of all preceding levels. A professional who is unable to meet or maintain compliance standards could lose their privileged access to DoD systems unless they can do so within six months of their assignment to an IA duty. However, a waiver may be granted.
The set of formal training requirements by the DoD directive has been based on the National Initiative for Cybersecurity Education (NICE) framework and has a strong focus on being able to respond to real-life scenarios. The requirements of DoD Directive 8140.01, “Cyberspace Workforce Management,” will in fact assure that personnel in the cybersecurity workforce have their elemental proficiency in their role proven by obtaining a relevant certification.
Effective October 13th, 2017, the CompTIA Cybersecurity Analyst (CySA+) certification was officially added to the IA Workforce Improvement Program (DoD 8570) baseline certification guide that requires military, civilian and contract personnel who handle information assurance for department systems to have certifications appropriate for the job they perform. [click image to enlarge]
The DoD approved CompTIA CySA+ for five 8570.01-M job categories, as shown in the figure above. These categories are:
- Cybersecurity Service Provider (CSSP) — Analyst
- CSSP — Incident Responder
- CSSP — Infrastructure Support
- CSSP — Auditor
- Information Assurance Technician (IAT) Level II
In particular, IAT Level II personnel (according to the DoD 8570.01-M) “pay special attention to intrusion detection, finding and fixing unprotected vulnerabilities, and ensuring that remote access points are well secured. These positions focus on threats and vulnerabilities and improve the security of systems.” It is clear then, how a certification like CySA+ fits perfectly in testing and augmenting the knowledge and skills requirements of such professionals.
It all comes down to the persons who come under the directive (8140/8570/8570.01-M) needing to meet predetermined requirements. According to Infosec, “The ultimate vision of the Directive is a sustained, professional IA workforce with the knowledge and skills to effectively prevent and respond to attacks against DoD information, information systems, and information infrastructures. This effort will enable DoD to put the right people with the right skills in the right place.”
So all affected DoD organizations and their contractors need to comply with the 8570.01-M and the newer, broader-scope 8140 manual, and be certified. The DoD initiative is designed to make the U.S. government workplaces more secure and, as a result, it places significant emphasis on up-to-date, relevant knowledge. This means it also places emphasis on certification and training for all personnel with privileged access to information systems. Those who perform security functions and are entrusted with ensuring appropriate defensive measures are in place to protect the information system infrastructure now have a framework through which to follow their career progression.
An analyst involved with IA/cybersecurity positions within the DoD should be fully familiar with DoD Directive (DoDD) 8140 and DoD 8570.01-M governing the IA workforce certification program. They should also be aware of any new guidelines issued, as they have six months from the first assignment of a position (or from their start date for new employees) to achieve the required certification. Waivers are possible under certain circumstances.
- CompTIA CySA+, CompTIA
- Why Certify / Government, CompTIA
- DoD Approves CompTIA Cybersecurity Analyst: Why It Matters, CompTIA
- CompTIA Cybersecurity Analyst (CySA+): Your Questions Answered, CompTIA
- DOD’s Cyber Strategy: 5 Things to Know, U.S. Department of Defense
- DoD Approved 8570 Baseline Certifications, The DoD Cyber Exchange
- New Directive Could Redefine Cybersecurity Certification, GovTechWorks
- What are U.S. DoD 8140, 8570 and 8570.01-M and What Do They Mean for Your Career?, CompTIA
- DoD 8570 Gives Way to DoD 8140, Specifies Security Certs for Government Workers, Pearson IT Certification