Skip Ribbon Commands Skip to main content

DoD Approved 8570 Baseline Certifications

As an extension of Appendix 3 to the DoD 8570.01-Manual, the following certifications have been approved as IA baseline certifications for the IA Workforce. Personnel performing IA functions must obtain one of the certifications required for their position category or specialty and level. Refer to Appendix 3 of 8570.01-M for further implementation guidance.

Approved Baseline Certifications
  IAT Level I   IAT Level II   IAT Level III  
  A+ CE
CCNA-Security
Network+ CE
SSCP
  CCNA Security
CSA+
GICSP
GSEC
Security+ CE
SSCP
  CASP CE
CCNP Security
CISA
CISSP (or Associate)
GCED
GCIH
 
  IAM Level I   IAM Level II   IAM Level III  
  CAP
GSLC
Security+ CE
  CAP
CASP CE
CISM
CISSP (or Associate)
GSLC
  CISM
CISSP (or Associate)
GSLC
 
  IASAE I   IASAE II   IASAE III  
  CASP CE
CISSP (or Associate)
CSSLP
  CASP CE
CISSP (or Associate)
CSSLP
  CISSP-ISSAP
CISSP-ISSEP
 
  CSSP Analyst   CSSP Infrastructure Support   CSSP Incident Responder  
  CEH
CFR
CSA+
GCIA
GCIH
GICSP
SCYBER
  CEH
CSA+
GICSP
SSCP
  CEH
CFR
CSA+
GCFA
GCIH
SCYBER
 
  CSSP Auditor   CSSP Manager      
  CEH
CSA+
CISA
GSNA
  CISM
CISSP-ISSMP
     
             

The above table provides a list of DoD approved IA baseline certifications aligned to each category and level of the IA Workforce. Personnel performing IA functions must obtain one of the certifications required for their position, category/specialty and level to fulfill the IA baseline certification requirement. Most IA levels within a category or specialty have more than one approved certification and a certification may apply to more than one level.

An individual needs to obtain only one of the "approved certifications"; for his or her IA category or specialty and level to meet the minimum requirement. For example, an individual in an IAT Level II position could obtain any one of the four certifications listed in the IAT Level II cell.

Higher level IAT and IAM certifications satisfy lower level requirements. Certifications listed in Level II or III cells can be used to qualify for Level I. However, Level I certifications cannot be used for Level II or III unless the certification is also listed in the Level II or III cell. For example:

  • The A+ or Network+ certification qualify only for Technical Level I and cannot be used for Technical Level II positions.
  • The System Security Certified Practitioner (SSCP) certification qualifies for both Technical Level I and Technical Level II. If the individual holding this certification moved from an IAT Level I to an IAT Level II position, he or she would not have to take a new certification.

Higher level CSSP and IASAE certifications do not satisfy lower level requirements

The table below lists the Certification Providers associated with each approved certification.

 

 IA Workforce Certification Providers

 
Certification Provider
Certification Name
Cisco *
Cisco Certified Network Associate-Security (CCNA-Security)​
Cisco *
Cisco Certified Network Professional-Security (CCNP-Security)​
Cisco *
Cybersecurity Specialty Certification (SCYBER)​
Computing Technology Industry Association (CompTIA) *
A+ Continuing Education (CE)
CompTIA *
Security+ Continuing Education (CE)
CompTIA *
CompTIA Advanced Security Practitioner (CASP) Continuing Education (CE)
CompTIA *
Network+ Continuing Education (CE)
CompTIA *​
Cybersecurity Analyst (CSA+)​
EC-Council *
Certified Ethical Hacker (CEH)
International Information Systems Security Certifications Consortium (ISC)2 *
Certified Information Systems Security Professional (CISSP) (or Associate - this means the individual has qualified for the certification except for the number of years experience)
(ISC)2 *
Certified Secure Software Lifecycle Professional (CSSLP)​
(ISC)2 *
Certification Authorization Professional (CAP)
(ISC)2 *
Information Systems Security Architecture Professional (ISSAP)
(ISC)2 *
Information Systems Security Engineering Professional (ISSEP)
(ISC)2 *
Information Systems Security Management Professional (ISSMP)
(ISC)2 *
System Security Certified Practitioner (SSCP)
Information Systems Audit and Control Association (ISACA) *
Certified Information Security Manager (CISM)
ISACA *
Certified Information Systems Auditor (CISA)
Global Information Assurance Certification (GIAC) *
GIAC Certified Intrusion Analyst (GCIA)
GIAC *
GIAC Certified Enterprise Defender (GCED)
GIAC *
GIAC Certified Forensic Analyst (GCFA)
GIAC *
GIAC Certified Incident Handler (GCIH)
GIAC *
GIAC Global Industrial Cyber Security Professional (GICSP)​
GIAC *
GIAC Security Essentials Certification (GSEC)
GIAC *
GIAC Security Leadership Certificate (GSLC)
GIAC *
GIAC Systems and Network Auditor (GSNA)
Logical Operations, Inc. *
CyberSec First Responder (CFR)​

The GIAC GSE and GISF were removed from the approved list on 25 January 2013. Individuals holding one of these certifications to qualify for their current IA position will remain qualified. However, a different certification may be required once the GIAC GSE or GISF expires or if the individual changes positions requiring a different certification.

* This organization is the sole propriety owner of the memberships, site licenses, preassessments, test vouchers, and all other materials related to this certification and their association.