DoD IASAE Overview
What is the DoD IASAE?
The U.S. Department of Defense (DoD) IASAE covers the requirements for the Information Assurance architecture and engineering areas (IA System Architects and Engineers) as stated by DoD 8570.01-M (manual), which defines the certification paths for Information Assurance (IA) professionals. Due to these requirements, personnel must acquire and maintain certifications within their professional track in order to sustain their positions.
IA architects and engineers are responsible for designing and securing information systems architectures. These individuals are expected to know the best way to protect networks through the implementation of firewalls, virtual private networks (VPNs), antivirus software, intrusion detection/prevention systems (IDS/IPS), border gateways, switches, routers and more. They are also expected to understand the best way to secure interfaces, applications, servers, databases and other system components.
Some job titles for IASAE professionals include:
- IT systems engineer
- Network engineer
- Systems engineer
- Data architect
- Cybersecurity engineer
- Cybersecurity architect
- Information system security engineer (ISSE)
- Information assurance analyst
- Technology-specific engineer or architect (e.g. Active Directory, Cisco, firewall, etc.)
What are the DoD IASAE requirements?
There are three IASAE certification levels.
- An IASAE I is an entry-level position, meaning the applicant could have as little as zero years of experience
- An IASAE II is expected to have at least 5 years of experience
- An IASAE III is expected to have a minimum of 10 years of experience
An IASAE is expected to be certified at their applicable level within 6 months of taking a position – if they weren’t certified already. Once they achieve the certification, it is important to maintain the continuing education credits to keep their certification up to date. Some positions may require a background investigation as required by DoDI 8500.2.
What are the DoD 8570 IASAE certifications?
IASAE I and IASAE II
- CASP CE – CompTIA Advanced Security Practitioner
- CISSP (or Associate) ISC2 – Certified Information Systems Security Professional
- CSSLP ISC2 – Certified Secure Software Lifecycle Professional
- CISSP-ISSAP – ISC2 CISSP Information Systems Security Architecture Professional
- CISSP-ISSEP – ISC2 CISSP Information Systems Security Engineering Professional
The CompTIA Advanced Security Practitioner (CASP) exam is for IA professionals working in a more hands-on capacity rather than a managerial capacity.
The CISSP is a platform-independent information systems security certification. This exam could be for both hands-on and managerial IA professionals.
The CSSLP proves the applicants has the ability to implement security into any phase of the lifecycle, as well as application security skills.
The CISSP-ISSAP and CISSP-ISSEP are both concentration areas of ISC2’s CISSP certification. This means you must have the CISSP before attempting either certification exam. A concentration should be chosen based on the desired career path. The architectural path is for those who want to design and improve architectures and provide risk-based guidance. The engineering path is designed for those looking to help secure systems and implement engineering processes.
Infosec Institute provides DoD 8570.1 compliance training. This includes training for all three levels of the IASAE certification tracks to ensure the future test taker understands the structure of the test and the information they should review. This can help you to maximize your return on the time you invest preparing for these certifications.
The DoD IASAE certification track is designed for architectural and engineering professionals. Anyone in these tracks is expected to be certified within six months of taking any position in this field – if they are not certified already. The DoD IA field is still evolving, but these certifications help to prove the IA professional has the foundational needs to perform their tasks and keep networks and system components safe and secure.