August 22, 2023

What is DoD 8140, DoDM 8140, and DoD 8570 Explained: A Comprehensive Guide to Cyber Security Workforce Management for the Department of Defense (DoD) with 31 DCWF Job Roles that Recognize EC-Council Certifications

August 18, 2023

| Ethical Hacking

What are the DoD 8140 and DoDM 8140?

DoD 8140, or Department of Defense Directive 8140 in combination with DoDM 8140 and DoDI 8140 collectively provide the directive, instruction, and manual that steers the classification and qualification requirements for individuals working in a cyber security capacity within the United States Department of Defense. The three documents collectively accomplish the following objectives:

Establish the DoD-wide mandate for the required qualification of members working in the DoD cyberspace workforce.
Identify members of the DoD cyberspace workforce based on work role(s) of the positions assigned.
Implement policy, assign job role-based responsibilities, and prescribe procedures for the qualification of personnel in the DoD cyberspace workforce.

Since 2007, EC-Council has held multiple approved certifications affecting the training and certification of DoD members, globally helping with the qualification and capability development of US Military forces and DoD components.

Who is affected by DoD 8140?

According to Section 1.1 Applicability of the DoDM 8140.03 February 15, 2023 issuance,

DoDM 8140.03 applies to the following:

OSD
Military Departments (including the Coast Guard at all times, including when it is a service in the Department of Homeland Security by agreement with that department)
Office of the Chairman of the Joint Chiefs of Staff (CJCS) and the Joint Staff
Combatant Commands
Office of the Inspector General of the Department of Defense
Defense Agencies
DoD Field Activities
All other organizational entities within the DoD (referred to collectively in this issuance as the “DoD Components”)

At a personnel level, the mandate applies to the following:

ALL cyberspace workforce personnel identified in DoDI 8140.02
Service Members
DoD Civilian Employees
Contractors
Foreign Nationals

What is the DoD Cyberspace Workforce Framework (DCWF)?

The DCWF establishes a taxonomy for cyberspace work roles along with their associated responsibilities in the form of tasks, knowledge requirements, and skill requirements. The combination of 8140 and the DCWF establishes the work role requirements and qualification requirements for members of the DoD Cyber Workforce.

What roles are EC-Council Certifications are approved to qualify?

DoDM 8140 has established a three-tier classification for industry certifications following basic, intermediate, and advanced level certification approval. As the qualification requirements shift based on the work role assignments, ANAB Accredited Industry certification bodies are reviewed for the alignment of their certification objectives and how they map to individual work role expectations. After rigorous external review, approval is granted and communicated under the 8140 Directive.

EC-Council Training and Certification for the United States Military, Contractors, and Civilians

For over 20 Years, EC-Council has Trained, Certified, and Empowered critical workforce elements of the United States Military.

31 DCWF Job Roles that Recognize EC-Council Certifications:

Role	Basic	Intermediate	Advanced
(211) Forensic Analyst		C\|HFI
(212) Cyber Defense Forensics Analyst		C\|HFI
(221) Cyber Crime Investigator		C\|HFI
(411) Technical Support Specialist		C\|ND
(422) Data Analyst			C\|CISO
(441) Network Operations Specialist	C\|ND	C\|EH
(451) System Administrator	C\|ND
(461) Systems Security Analyst	C\|ND
(511) Cyber Defense Analyst	C\|EH
(521) Cyber Defense Infrastructure Support Specialist	C\|ND	C\|EH
(541) Vulnerability Assessment Analyst	C\|EH
(611) Authorizing Official/Designating Representative			C\|CISO
(612) Security Control Assessor			C\|CISO
(631) Information Systems Security Developer	C\|ND
(632) Systems Developer	C\|ND
(641) Systems Requirements Planner	C\|ND
(651) Enterprise Architect	C\|ND
(661) R&D Specialist			C\|EH
(671) System Testing & Evaluation Specialist	C\|ND	C\|EH
(722) Information Systems Security Manager		C\|CISO
(751) Cyber Workforce Developer and Manager			C\|CISO
(752) Cyber Policy and Strategy Planner			C\|CISO
(801) Program Manager			C\|CISO
(802) IT Project Manager			C\|CISO
(803) Product Support Manager			C\|CISO
(804) IT Investment/Portfolio Manager			C\|CISO
(805) IT Program Auditor			C\|CISO
(901) Executive Cyber Leadership			C\|CISO

C|ND – Certified Network Defender

C|EH – Certified Ethical Hacker

C|HFI – Computer Hacking Forensic Investigator

C|CISO – Certified Chief Information Security Officer

What is/was DoD 8570?

DoD 8570 has been replaced by DoD 8140. The former 8570 Directive provided similar mandates on qualifying the DoD Cyber Workforce; however, the classification of work roles was based on work role specialty areas as opposed to the individual work role itself. These classifications are still relevant.

Approved Baseline Certifications*

IAT Level I²	IAT Level II²	IAT Level III
C\|ND	C\|ND
IAM Level I	IAM Level II	IAM Level III
C\|ND	C\|CISO	C\|CISO
IASAE I	IASAE I	IASAE III
CSSP Analyst^{1, 2}	CSSP Infrastructure Support¹	CSSP Incident Responder^{1, 2}
C\|EH	C\|EH C\|HFI C\|ND	C\|EH C\|HFI
CSSP Auditor¹	CSSP Manager¹
C\|EH	C\|CISO

*DoD Approved Baseline Certifications are not limited to EC-Council Certifications. Refer to the DoD Cyber Exchange for a list of all recognized baseline certifications.

Need compliance help?

Reach out to EC-Council’s Government Team and learn more about how EC-Council Certifications can help you, in compliance with DoD 8140

Visit to find more details and speak to our career advisor: https://www.eccouncil.org/government-cybersecurity-military-solutions/

How to Get Popular EC-Council DOD 8140 Certifications

Here is a summary of all of the popular EC-Council certifications that are part of the DoD 8140 Directive:

C|EH – Certified Ethical Hacker

EC-Council’s C|EH is the world’s leading ethical hacking credential, equipping cyber security professionals to protect organizations against cyber-attacks. Certified Ethical Hackers follow a 5-phase approach (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks) to lawfully break into organizations and identify weaknesses and vulnerabilities. The unique learn-certify-engage-compete framework includes training, certification, and real ethical hacking engagements in EC-Council’s live cyber range. Global Ethical Hacking Competitions help participants keep their skills up to date even years after certification. The C|EH is a highly sought-after certification, preparing candidates for lucrative cyber security roles with top companies.

Click here to learn more about the C|EH , complete the form, and speak to a career advisor.

C|ND – Certified Network Defender

C|ND Program: EC-Council’s Certified Network Defender (C|ND) is a network security certification that provides students with essential skills to safeguard networks, analyze computing systems, and strengthen IT infrastructure. Certified Network Defenders are equipped to apply defense and countermeasure strategies, covering attack prevention, detection, response, and remediation techniques. Hands-on learning with over 80 complex labs enriches their experience throughout this lab-intensive program.

Click here to learn more about C|ND , complete the form, and speak to a career advisor.

C|HFI – Computer Hacking Forensic Investigator

EC-Council’s C|HFI program is a lab-based training that equips cyber security professionals with knowledge and skills to prepare their organizations for forensic readiness. This intensive 5-day program immerses students in groundbreaking digital forensics technologies, with hands-on experience through 50+ forensic labs. The training covers forensics processes, lab and evidence handling procedures, as well as various forensic investigation techniques.

Click here to learn more about the C|HFI , complete the form, and speak to a career advisor.

C|CISO – Certified Chief Information Security Officer

EC-Council’s Chief Certified Information Security Officer (C|CISO) program is a top-tier certification that propels infosec professionals into C-suite roles. Covering five comprehensive domains, the C|CISO bridges the gap between technical, executive management, and financial functions, enabling a seamless transition to management roles. Certified CISOs gain a top-level perspective, excelling in planning, strategizing, and executing information security portfolios. They acquire leadership skills and business acumen to succeed in the highest positions within information security.

Click here to learn more about C|CISO, complete the form, and speak to a career advisor.

FAQs

Where can I find the official 8140 Directive?

We recommend searching for the latest revision of the directive at the Washington Headquarters Services here: https://www.esd.whs.mil/DD/

Are certifications that are mapped to DoD DCWF work roles relevant outside of the military?

Yes! The US Department of Labor provides a Crosswalk tool that translates DoD Job Billets from the DCWF to common job titles found in industry and the private sector here: https://www.onetonline.org/crosswalk/MOC/

Why are there four certifications from EC-Council on the directive?

Approval of certifications to the DCWF work roles requires a specific minimum accreditation and alignment. All certifications must be ANAB 17024 Accredited, and the exam domains must align to at least 70% of the DCWF work role responsibilities. EC-Council has worked with the DoD to review the C|ND, C|EH , C|HFI , and C|CISO certifications due to their close alignment with the expectations in each work role and received the appropriate approval from the DoD to be listed in the directive.

Will more EC-Council Certifications be added to the 8140 Directive?

We cannot guarantee approval from the DoD; however, EC-Council does have multiple additional certifications that align closely to the work role expectations. Some are already ANAB accredited and others are in the process of review. EC-Council Leadership will continue to work with the DoD on the review, and we hope for approval of these programs to add more tactical cyber security certification options for members of the defense and intelligence communities.

Is the DCWF the same thing as NICE?

No, but there are many similarities and shared definitions. The Defense Cyber Workforce Framework is under the United Stated Department of Defense, while the National Initiative for Cybersecurity Education (NICE) is run by the National Institute of Science and Technology (NIST). Both initiatives share many common job roles, as well as their corresponding task, knowledge, and skill requirements. EC-Council programs are both approved by the United States Department of Defense and mapped to the NICE Framework. A complete mapping to the NICE framework is available here.

Are there funding options for EC-Council certifications?

Yes! There are a variety of funding options available for active duty, veterans, and civilians alike. EC-Council programs are mapped to the various service COOL programs with over 380 job billets across the various military branches as well as ARMY Ignited. Many certifications are also Post 9/11 GI Bill approved for reimbursement. EC-Council works closely with delivery partners across the globe to extend opportunities in funding for transitioning military, VetTech, and vocational rehab programs, as well as flexible financing options for training and certification. Reach out to our team to find out more information on funding options.

How can I find EC-Council certifications in NAVY COOL?

You can find the Advanced Credential search in NAVY COOL here: https://www.cool.osd.mil/usn/credsearch/index.html. With this tool, you can search by agency under our official company name (International Council of E-Commerce Consultants, Inc. [EC-Council]) to find a list of all approved certifications and their corresponding funding options and job billets.

How can I find EC-Council certifications in ARMY COOL?

You can find the Advanced Credential search in ARMY COOL here: https://www.cool.osd.mil/army/credsearch/index.html. With this tool, you can search by agency under our official company name (International Council of E-Commerce Consultants, Inc. [EC-Council]) to find a list of all approved certifications and their corresponding funding options and job billets.

What is ARMY IGNITED?

INGITED provides funding opportunities for active-duty soldiers in the US Army. With tuition assistance funding available to all US Army soldiers, EC-Council has a variety of approved training and certification programs in your IGNITED benefits. Visit https://www.armyignited.army.mil/student/public/education-benefits for more information or to apply for fully paid training and certification opportunities.

How does EC-Council work with the United States military?

At EC-Council we take great pride in a long history of working with our nation’s military to equip and enhance cyber capability. In addition to providing training and certification to members of our armed forces, EC-Council’s Authorized Partner Network provides access to training centers in over 140 countries, serving members of our military, whether they are stationed home or abroad. We provide various online asynchronous and online live options as well as the ability to hold private dedicated classes in unclassified or classified facilities utilizing our large network of Certified EC-Council Instructors. EC-Council also works directly with various military schoolhouses to provide authorized training delivered by the military to the military, essentially “teaching in green.”

I am in the US Military. How can I find training for EC-Council Certifications?

If you are a member of the armed forces in almost any capacity, your specific service components have provisions for you to receive training and credentialing. Often the service will pay for both MOS/AFSC related and non-related training programs. These benefit programs differ by service and generally come under the heading of each service’s COOL program. Contact us to find out what you’re eligible for.

Visit for more details https://iclass.eccouncil.org/military-solutions/

I am an educator. How does EC-Council help NSA – CAE Schools?

Dating back to the early 2000s, EC-Council started by mapping our programs to the NSTISSI and CNSS Standards 4011 through 4019. With the evolution of the NICE Framework in recent years, EC-Council has worked diligently to map its programs to the specialty areas and now competency areas of the National Initiative in Cybersecurity Education. We have helped a variety of schools with program development and curriculum mapping into the National Security Agencies Centers for Academic Excellence. Awarded the Industrial Achievement Award by CISSE, EC-Council helps accredited universities achieve CAE status through well-aligned ANAB and ACE Accredited programs. Learn more about our Academic Partnerships and our CAE program here: https://www.eccouncil.org/academia/caebenefits/

How can I find out more about partnering with EC-Council?

Reach out here to our military team for more information.