What is DoDD 8570?
The DoD Directive 8570.01 is the framework to train and certify a qualified Information Assurance (IA) workforce. The Directive mandates that IA managers (IAM) and technicians (IAT) be trained and certified to an established DoD baseline certification requirement. The specific requirements for IAM and IAT personnel are spelled out in the DoDD 8570 manual, DoDD 8570.01-M (the Manual).
The focus of DoDD 8570 is a sustained, professional IA workforce with the skills and knowledge to avoid Cyber attacks against DoD assets including information, information systems, and information infrastructures. This all leads to the and end goal of having the right personnel in the right place at the right time.
What is IAM Level III?
The Manual separates out the different DoDD 8570 personnel classifications as management (IAM), technician (IAT), system architecture and engineering (IASAE), and computer network defender (CND). Please note that the IA level (I-III) corresponds to is to the respective system architecture, not to an individual’s grade, rank, or experience.
How Does the System Architecture Differ Between the Different Levels?
The different levels are organized by the different parts of the DoDD system architecture. The DoDD system architecture environment is divided up into three categories:
- Computing: The manual defines the Computing Environment (CE) as having a server with multiple stations working from it. The stations can be standard computers, remote sensors, satellite feeds, etc.
- Networking: A Networking Environment can be an Operations Network, a Logistics Network, or Human Resources network, all connecting to a Component Enclave (Enclave). Each NE consists of at least one CE.
- Enclave: An Enclave is defined as consisting of at least two networks controlled by Enclave Security policies and procedures.
IAM Level III corresponds to the Enclave category of system architecture environment and thus will be emphasized by this article.
IAM Level III Requirements
IAM Level III has certain requirements that must be met by personnel working under this classification. First, personnel working an IAM Level III job need to have 10 years of management experience. Second, the personnel must be working in the Enclave environment. Third, personnel must effectively apply knowledge of IA policy, procedures, and workforce structure to develop, implement, and maintain a secure enclave environment.
Further requirements are listed below:
- Manages IA operations for their respective enclaves
- Must earn IAM Level III Baseline Certification within six months of assignment to the position
- Must be a U.S. Citizen
IAM Level III Baseline Certifications
Three baseline certifications qualify an individual to work in an IAM Level III job. Any of these three baseline certifications qualify, but at least one must be earned within six months of being assigned to the position.
Certified Information Security Manager (CISM) is a certification offered by ISACA that demonstrates the requisite skills that are needed to manage an IT Infrastructure. This certification is intended for information security managers, managers or IT consultants who support information security program management.
The requirements of CISM are:
- Must pass the CISM exam.
- Compliance with the Ethics Code.
- Maintenance of the requisite number of CPEs.
- A minimum of 5 years work experience.
- Submit an Application for CISM Certification.
- Must be renewed every 5 years
InfoSec Institute, the global leader in Information Security training and education, offers both a CISM Certification Training Course as well as an intensive, five-day CISM Training Boot Camp. Both options use the testing knowledge and real-world application of knowledge to give certification candidates the best chance possible in passing the CISM certification exam.
The CISSP (Certified Information Systems Security Professional) cert is an independent Information Security certification offered by ISC. This certification demonstrates the knowledge and skill necessary to design, engineer, implement and run an information security program.
The requirements for CISSP are that the candidate must have five years of cumulative, paid, full-time work experience in Information Security. This experience must be in two or more of the eight domains of CISSP Common Body of Knowledge. Alternatively, this requirement can be met by earning a four-year college degree or an approved credential from the CISSP Pre-requisite Pathway.
InfoSec Institute offers both a seven-day CISSP intensive Training Course and a five-day CISM Training Boot Camp. These training options are intensive, up to twelve-hour per day courses that will prepare even the lowest information level candidate to pass the CISSP certification exam.
The GIAC Security Leadership Certification (GSLC) demonstrates that Security Professionals have the effective skills and knowledge for managerial or supervisory responsibility for Information Security staff/personnel. There is no specific training or experience required to earn this certification, but practical experience is a common way to acquire the knowledge and skills necessary.
The requirements for this certification are to pass a 115-question, 3-hour long exam with a minimum score of at least 68%. Renewal of this cert is required every 4 years.
Jobs that Require IAM Level III
Jobs that require IAM Level III certification vary regarding the job title, but there are some key similarities between them. These positions are often government jobs ranging from mid-management to upper-level management within the IA workforce. Interestingly enough, many times within online job posting sites you will see IAM Level III mentioned after the specific job title itself.