How DOD's certification program works

Directive 8570 requires all personnel be qualified for their job

Defense Department Directive 8570 requires military, civilian and contract personnel who handle information assurance for department systems to have certifications appropriate for the job they perform. DOD published a manual describing various job categories, including technical and management positions, and the different certifications that meet the training requirement. DOD foots the bill for any training and certification required for its employees.

Here are examples of some job types and commercial certifications approved by DOD. Cost information does not always reflect government volume discounts.

Job category: Information Assurance Technical Level I (there are three IAT levels)
Example certification: A+
Provider: CompTIA
Training time and cost: One provider offers a five-day course for $1,800. Exam costs $132 for CompTIA members and $168 for nonmembers. No minimum work experience or education is required, but six months of job experience is recommended.

Job category: Information Assurance Management Level III (there are three IAM levels)
Example certification: GIAC Security Leadership Certification
Provider: Global Information Assurance Certification, affiliated with SANS Institute
Training time and cost: The SANS Institute offers an annual nine-day training conference for $5,250. The exam costs $899, or $499 if you take the SANS seminar. You must renew certification every four years for $325. No work experience or education is required to take the test.

Job category: Incident Responder
Example certification: CERT-Certified Computer Security Incident Handler
Provider: Carnegie Mellon Software Engineering Institute
Training time and cost: The Software Engineering Institute and its licensees offer a three-course training sequence. Each course lasts five days. Course costs vary. Exam is $200. You must have at least three years of experience in incident handling in a technical and/or management role within seven years of submission of your application.

Job category: Computer Network Defense Auditor
Example certification: Certified Information Systems Auditor
Provider: Information Systems Audit and Control Association
Training time and cost: One local ISACA chapter offers a training course of 2.5-hour weekly sessions for 14 weeks. The course cost is $300 for members and $325 for nonmembers, plus course and study materials. Other organizations also offer courses. The exam costs $400 for DOD employees. You must have five years of work experience in the fields of information systems auditing, control, assurance or security within 10 years of applying.

Job category: Information Assurance System Architect and Engineer Specialty I (there are three IASAE levels)
Example certification: Certified Information Systems Security Professional
Provider: (ISC)2
Training time and cost: (ISC)2 offers a five-day seminar for $2,695. Exam is $449. Five cumulative years of relevant experience are required.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected