How DOD's certification program works

Directive 8570 requires all personnel be qualified for their job

Defense Department Directive 8570 requires military, civilian and contract personnel who handle information assurance for department systems to have certifications appropriate for the job they perform. DOD published a manual describing various job categories, including technical and management positions, and the different certifications that meet the training requirement. DOD foots the bill for any training and certification required for its employees.

Here are examples of some job types and commercial certifications approved by DOD. Cost information does not always reflect government volume discounts.

Job category: Information Assurance Technical Level I (there are three IAT levels)
Example certification: A+
Provider: CompTIA
Training time and cost: One provider offers a five-day course for $1,800. Exam costs $132 for CompTIA members and $168 for nonmembers. No minimum work experience or education is required, but six months of job experience is recommended.

Job category: Information Assurance Management Level III (there are three IAM levels)
Example certification: GIAC Security Leadership Certification
Provider: Global Information Assurance Certification, affiliated with SANS Institute
Training time and cost: The SANS Institute offers an annual nine-day training conference for $5,250. The exam costs $899, or $499 if you take the SANS seminar. You must renew certification every four years for $325. No work experience or education is required to take the test.

Job category: Incident Responder
Example certification: CERT-Certified Computer Security Incident Handler
Provider: Carnegie Mellon Software Engineering Institute
Training time and cost: The Software Engineering Institute and its licensees offer a three-course training sequence. Each course lasts five days. Course costs vary. Exam is $200. You must have at least three years of experience in incident handling in a technical and/or management role within seven years of submission of your application.

Job category: Computer Network Defense Auditor
Example certification: Certified Information Systems Auditor
Provider: Information Systems Audit and Control Association
Training time and cost: One local ISACA chapter offers a training course of 2.5-hour weekly sessions for 14 weeks. The course cost is $300 for members and $325 for nonmembers, plus course and study materials. Other organizations also offer courses. The exam costs $400 for DOD employees. You must have five years of work experience in the fields of information systems auditing, control, assurance or security within 10 years of applying.

Job category: Information Assurance System Architect and Engineer Specialty I (there are three IASAE levels)
Example certification: Certified Information Systems Security Professional
Provider: (ISC)2
Training time and cost: (ISC)2 offers a five-day seminar for $2,695. Exam is $449. Five cumulative years of relevant experience are required.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.