DoDD 8570 IAM level III
What is DoDD 8570?
The DoD Directive 8570.01 is the framework to train and certify a qualified Information Assurance (IA) workforce. The Directive mandates that IA managers (IAM) and technicians (IAT) be trained and certified to an established DoD baseline certification requirement. The specific requirements for IAM and IAT personnel are spelled out in the DoDD 8570 manual, DoDD 8570.01-M (the Manual).
The focus of DoDD 8570 is a sustained, professional IA workforce with the skills and knowledge to avoid cyberattacks against DoD assets including information, information systems, and information infrastructures. This all leads to the goal of having the right personnel in the right place at the right time.
Save on DoD 8570 training
What is IAM Level III?
The Manual separates the different DoDD 8570 personnel classifications as management (IAM), technician (IAT), system architecture and engineering (IASAE), and computer network defender (CND). Please note that the IA level (I-III) corresponds to is to the respective system architecture, not to an individual's grade, rank, or experience.
How does the system architecture differ between the different levels?
The different levels are organized by the different parts of the DoDD system architecture. The DoDD system architecture environment is divided up into three categories:
- Computing: The manual defines the Computing Environment (CE) as having a server with multiple stations working from it. The stations can be standard computers, remote sensors, satellite feeds, etc.
- Networking: A Networking Environment can be an Operations Network, a Logistics Network, or Human Resources network, all connecting to a Component Enclave (Enclave). Each NE consists of at least one CE.
- Enclave: An Enclave is defined as consisting of at least two networks controlled by Enclave Security policies and procedures.
IAM Level III corresponds to the Enclave category of system architecture environment and thus will be emphasized by this article.
IAM level III requirements
IAM Level III has certain requirements that must be met by personnel working under this classification. First, personnel working an IAM Level III job need to have 10 years of management experience. Second, the personnel must be working in the Enclave environment. Third, personnel must effectively apply knowledge of IA policy, procedures, and workforce structure to develop, implement, and maintain a secure enclave environment.
Further requirements are listed below:
- Manages IA operations for their respective enclaves
- Must earn IAM Level III Baseline Certification within six months of assignment to the position
- Must be a U.S. Citizen
IAM Level III baseline certifications
Three baseline certifications qualify an individual to work in an IAM Level III job. Any of these three baseline certifications qualify, but at least one must be earned within six months of being assigned to the position.
CISM
Certified Information Security Manager (CISM) is a certification offered by ISACA that demonstrates the requisite skills that are needed to manage an IT Infrastructure. This certification is intended for information security managers, managers or IT consultants who support information security program management.
The requirements of CISM are:
- Must pass the CISM exam.
- Compliance with the Ethics Code.
- Maintenance of the requisite number of CPEs.
- A minimum of 5 years work experience.
- Submit an Application for CISM Certification.
- Must be renewed every 5 years
InfoSec Institute, the global leader in Information Security training and education, offers both a CISM Certification Training Course as well as an intensive, five-day CISM Training Boot Camp. Both options use the testing knowledge and real-world application of knowledge to give certification candidates the best chance possible in passing the CISM certification exam.
CISSP
The CISSP (Certified Information Systems Security Professional) cert is an independent Information Security certification offered by ISC. This certification demonstrates the knowledge and skill necessary to design, engineer, implement and run an information security program.
The requirements for CISSP are that the candidate must have five years of cumulative, paid, full-time work experience in Information Security. This experience must be in two or more of the eight domains of CISSP Common Body of Knowledge. Alternatively, this requirement can be met by earning a four-year college degree or an approved credential from the CISSP Pre-requisite Pathway.
InfoSec Institute offers both a seven-day CISSP intensive Training Course and a five-day CISM Training Boot Camp. These training options are intensive, up to twelve-hour per day courses that will prepare even the lowest information-level candidate to pass the CISSP certification exam.
GSLC
The GIAC Security Leadership Certification (GSLC) demonstrates that Security Professionals have the effective skills and knowledge for managerial or supervisory responsibility for Information Security staff/personnel. There is no specific training or experience required to earn this certification, but practical experience is a common way to acquire the knowledge and skills necessary.
This certification requires passing a 115-question, 3-hour-long exam with a minimum score of at least 68%. Renewal of this cert is required every 4 years.
Save on DoD 8570 training
CCISO
The EC-Council Certified Chief Information Security Officer (CCISO) is designed for security information executives to advance their leadership skills to the highest level. The CCISO focus is not technical; it is managerial, consisting of scenarios created by CISOs for today's workplace.
This certification requires five years experience in at least 3 of the 5 CCISO domains. The exam consists of 150 scenario-based multiple-choice questions you will need to answer in 2.5 hours.
Jobs that require IAM Level III
Jobs that require IAM Level III certification vary regarding the job title, but there are some key similarities between them. These positions are often government jobs ranging from mid-management to upper-level management within the IA workforce. Interestingly enough, many times within online job posting sites you will see IAM Level III mentioned after the specific job title itself. With proper preparation, you'll land the job that best helps you protect DoD assets.
Sources
- DoD Documents
- CISSP Course - Infosec
- How to become certified
- Certifications - CISSP
- 8570 requirements
- CISM
- CISM boot camp
Are You 8570 Compliant?
Federal teams and contractors train for less with discounts on certification boot camps like:- CompTIA Security+
- CompTIA PenTest+
- (ISC)2 CISSP
In this Series
- DoDD 8570 IAM level III
- Cybersecurity Maturity Model Certification: What you need to know
- What is CMMC compliance: Inside the Cybersecurity Maturity Model Certification
- The ultimate guide to DoD 8570 certification and compliance
- Introduction to the DoD Cyber Workforce Framework (DCWF)
- DoD 8570 IAT certification and requirements [updated 2020]
- DoD's Cybersecurity Maturity Model Certification (CMMC) initiative
- DoD RMF Revision 2: New updates and their impact on cybersecurity
- The DoD IAT level 2
- How to Achieve DoD 8570 IAM Level III Compliance
- How to achieve DoD 8570 IAT level I compliance
- What is DoD 8570?
- DoD 8570 IAM certification – Level I
- DoD IASAE Overview
- DoD 8570 IAM certification and requirements
- What is the DoD CSSP (cyber security service provider)?
- 8570 Certification and the Way Ahead to 8140 Certification
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
