For More Information on DoW 8140 NICE Framework, Click Here.
DOW 8570/8140 Training & Certification
ADVANCE YOUR CAREER - Earn More, Be More than Certified
Be a Q/ISP CyberSecurity Graduate earn your Certificate of Mastery
DoW Directive 8570M1 / 8140 Information Assurance
DOW 8570/8140 Training, Certification and Workforce Management

Q/ISP® Certification Exam CNSS 4011/4012/4013/4015/4016A
Q/EH® Qualified/ Ethical Hacker Certification
Q/SA® Qualified/ Security Analyst Certification.
Q/FE® Qualified/ Forensic Expert Certification
Q/ND® Qualified/ Network Defender Certification
DoW Instruction 8570/8140
Are you an Unemployed Veteran?
DoW 8570.01-M, the DoW Information Assurance Workforce Improvement Program ( IA Training ) provides guidance and procedures for the training, certification, and management of the DoW workforce conducting Information Assurance functions in assigned duty positions.
The full DoW directive 8570/8140 can be read or downloaded online here.
Minimum Certifications Required by DoW Inst 8570.01 M, by CND:
| CND Analyst | CND Infrastructure Report | CND Incident Reporter | CND Auditor | CND-SP Manager |
| GCIA | SSCP | GCIH | CISA | CISSP-ISSMP |
| CEH | CEH | CSIH | GSNA | CISM |
| - | - | CEH | CEH | - |
DoW 8570.01 M: General Requirements - User Awareness
This requirement, specified in Chapter 6, paragraph C6.3 mandates a minimum level of awareness for all Information Assurance (IA) users.
SPECIFIC REQUIREMENTS
User orientation and awareness programs will address:
- The importance of IA to the organization and to the authorized user.
- Relevant laws, policies, and procedures, and how they affect the authorized user (e.g., copyright, ethics, standards of conduct).
- Examples of external threats such as script kiddies, crackers, hackers, protesters, or agents in the employ of terrorist groups or foreign countries.
- Examples of internal threats such as malicious or incompetent authorized users, users in the employ of terrorist groups or foreign countries, disgruntled employees or service members, hackers, crackers, and self-inflicted intentional or unintentional damage.
- The potential elevated sensitivity level of aggregated unclassified information.
- Authorized user risk from social engineering.
- Common methods to protect critical system information and procedures.
- Principles of shared risk in networked systems (i.e., how a risk assumed by one person is imposed on the entire network) and changes in the physical environment (e.g. water, fire, dust/dirt).
- Risks associated with remote access (e.g., telecommuting, during deployment, or on temporary duty).
- Legal requirements regarding privacy issues, such as email status (DoW Directive 2500 and the need to protect systems containing payroll, medical and personnel records.
- Knowledge of malicious codes (e.g., logic bomb, Trojan horse, malicious mobile code, viruses, and worms) including how they attack, how they damage an IS, how they may be introduced inadvertently or intentionally, and how users can mitigate their impact.
- The impact of distributed denial of service attacks and what users can do to mitigate them.
- How to prevent self-inflicted damage to system information security through disciplined application of IA procedures such as proper log on, use of passwords, preventing spillage of classified information, e-mail security, etc.
- Embedded software and hardware vulnerabilities, how the Department of Defense corrects them (e.g., IAVA process), and the impact on the authorized user.
- Prohibited or unauthorized activity on DoW systems (e.g., peer-to-peer file sharing, gambling, personal use and gain issues).
- Requirements and procedures for reporting spillages, unauthorized or suspicious activity, and local IA office point of contact information.
- Categories of information classification and differences between handling information on the Non-Classified Internet Protocol Router Network (NIPRNet) or the SECRET Internet Protocol Router Network (SIPRNet).
- Software issues including license restrictions on DoW systems, encryption, and media sanitation requirements and procedures.
- Definition of Information Operations Condition (INFOCON) and its impact on authorized users.
- Sources of additional information and training.








