What is the DoD IAM Level 1?
The Department of Defense (DoD) directive 8570 provides guidance on how the DoD workforce manages and executes Information Assurance (IA) functions. IA Technical (IAT) and IA Management (IAM) personnel are DoD workers that support certification and accreditation (C&A) or assessment and authorization (A&A) activities for DoD information systems.
IAT and IAM personnel are expected to be trained and certified in order to perform their job duties. Depending on their job duties, they are required to be Level 1, Level 2 or Level 3 certified. DoD 8570.01-M defines the requirements for DoD IA personnel.
What are the DOD IAM Level 1 Certifications?
The IAM Level 1 certifications include:
- Certified Authorization Professional (CAP)
- CompTIA Security+ CE
The Certified Authorization Professional (CAP) is an (ISC)2 certification that proves experience with the Risk Management Framework (RMF). The RMF is the authorization process for government information systems. Unless there is an exception or waiver requested, only systems that have successfully gone through the RMF process are authorized to operate in government spaces and/or connect to government provided networks. IAM personnel are responsible for authorizing or approving RMF policy and procedure documents, so it is important they know and understand the RMF. That is why this is a valued certification.
The CompTIA Security+ CE certification assesses baseline cybersecurity skills and may be the most popular of the IAM Level 1 certifications for DoD 8570 compliance. It is vendor neutral and ensures the receiver has basic networking, encryption, risk management and risk mitigation skills.
What are Common IAM Level 1 Job Positions?
IAM personnel are responsible for the implementation and secure operation of information systems. It is important for IAM personnel to understand the entire lifecycle of IT systems to help them better manage the infrastructures of which they are responsible for securing.
Individuals at IAM Level 1 can hold a variety of positions. Some of these include:
- IA certification and accreditation (or assessment & authorization)
- Cybersecurity analyst
- IA manager
- Cybersecurity engineer
- Information security specialist
- Information systems security officer (ISSO)
- Information systems security manager (ISSM)
The computing environment for the DoD can vary. IAM personnel could be responsible for large enterprise networks with multiple operating system platforms, both virtual and physical environments, heterogeneous system architecture, custom made applications, web hosting servers and large databases – or for an environment that is vastly different.
Some systems are custom, embedded, non-networked devices that are still required to go through the authorization process and will require security risk assessments. Because of the potential of this varied environment, it is important IAM personnel have a strong, well-rounded foundation in cybersecurity concepts so they can be applied in any circumstance.
Sec+ Training – Resources (InfoSec)
What are the Prerequisites for IAM Level 1 Certifications?
The IAM Level 1 certifications are considered entry level certifications, so there are minimal prerequisites when compared to higher-level certifications.
- CompTIA Security+ CE has no prerequisite requirements
- Certified Authorization Professional (CAP) requires two years of C&A or A&A work experience, and you must be endorsed by another ISC2 certified professional in good standing
Where Can I Get Training for IAM Level 1 Certifications?
InfoSec Institute offers training for 8570 compliance, including the Level 1 CompTIA Security+ and CAP certifications. They offer award winning training with high satisfaction ratings at an affordable price.
The IAM Level 1 certifications are a must have for DoD IA/Cybersecurity professionals. They prove the employee has the basic skills to perform C&A/A&A tasks and help protect the information systems used to help protect our country.
IASE DoD Approved 8570 Baseline: https://iase.disa.mil/iawip/pages/iabaseline.aspx