DOD 8570 Training & Certification
DoD Directive 8570M1 Information Assurance
DOD 8570 Training, Certification and Workforce Management
DoD Instruction 8570
DoD 8570.01-M, the DoD Information Assurance Workforce Improvement Program ( IA Training ) provides guidance and procedures for the training, certification, and management of the DoD workforce conducting Information Assurance functions in assigned duty positions.
The full DoD directive 8570 can be read or downloaded online.
Minimum Certifications Required by DoD Inst 8570.01 M, by CND:
||CND Infrastructure Report
||CND Incident Reporter
DoD 8570.01 M: General Requirements - User Awareness
This requirement, specified in Chapter 6, paragraph C6.3 mandates a minimum level of awareness for all Information Assurance (IA) users.
User orientation and awareness programs will address:
- The importance of IA to the organization and to the authorized user.
- Relevant laws, policies, and procedures, and how they affect the authorized user (e.g., copyright, ethics, standards of conduct).
- Examples of external threats such as script kiddies, crackers, hackers, protesters, or agents in the employ of terrorist groups or foreign countries.
- Examples of internal threats such as malicious or incompetent authorized users, users in the employ of terrorist groups or foreign countries, disgruntled employees or service members, hackers, crackers, and self-inflicted intentional or unintentional damage.
- The potential elevated sensitivity level of aggregated unclassified information.
- Authorized user risk from social engineering.
- Common methods to protect critical system information and procedures.
- Principles of shared risk in networked systems (i.e., how a risk assumed by one person is imposed on the entire network) and changes in the physical environment (e.g. water, fire, dust/dirt).
- Risks associated with remote access (e.g., telecommuting, during deployment, or on temporary duty).
- Legal requirements regarding privacy issues, such as email status (DoD Directive 2500 and the need to protect systems containing payroll, medical and personnel records.
- Knowledge of malicious codes (e.g., logic bomb, Trojan horse, malicious mobile code, viruses, and worms) including how they attack, how they damage an IS, how they may be introduced inadvertently or intentionally, and how users can mitigate their impact.
- The impact of distributed denial of service attacks and what users can do to mitigate them.
- How to prevent self-inflicted damage to system information security through disciplined application of IA procedures such as proper log on, use of passwords, preventing spillage of classified information, e-mail security, etc.
- Embedded software and hardware vulnerabilities, how the Department of Defense corrects them (e.g., IAVA process), and the impact on the authorized user.
- Prohibited or unauthorized activity on DoD systems (e.g., peer-to-peer file sharing, gambling, personal use and gain issues).
- Requirements and procedures for reporting spillages, unauthorized or suspicious activity, and local IA office point of contact information.
- Categories of information classification and differences between handling information on the Non-Classified Internet Protocol Router Network (NIPRNet) or the SECRET Internet Protocol Router Network (SIPRNet).
- Software issues including license restrictions on DoD systems, encryption, and media sanitation requirements and procedures.
- Definition of Information Operations Condition (INFOCON) and its impact on authorized users.
- Sources of additional information and training.
View Class Schedule