DoD 8140 & DoD 8570 Compliance: Updates IT Pros Need to Know About

IT professionals seeking to work with the Department of Defense (DoD) or other federal agencies—whether as contractors, employees, or temporary hires—must meet specific compliance requirements. Currently, DoD Directive 8140 governs employment regulations, having replaced DoD Directive 8570. While DoD 8570 focused primarily on certification-based qualifications, DoD 8140 expanded on this by emphasizing role-based training and hands-on skills validation.

This post will explore what DoD 8140 is, how it changes training requirements from DoD 8570, and why those changes were made. 

What is the Department of Defense Directive 8140?

DoD Directive 8140 is the Department of Defense’s policy governing the training, certification, and management of the cyber workforce for the DoD and government contractors. DoD 8140 categorizes personnel into several workforce elements:

• IT (cyberspace)

• Cybersecurity

• Cyberspace Effects

• Intelligence (cyberspace)

• Cyberspace Enablers

• Software Engineers 

• AI/Data

Each role is sorted into different levels (basic, intermediate, advanced) and requires specific industry certifications and skills-based training to be eligible for each level.

DoD 8140 was introduced to modernize the certification and qualification process for the DoD cyber workforce. It shifts from a certification-only model to a comprehensive framework that ensures IT professionals have the skills needed to perform in their specific roles. It replaces DoD Directive 8570, and there is no direct comparison or mapping between the two directives. 

Why were these changes made? Just like software and IT certifications evolve to keep up with emerging threats, DoD 8140 updates workforce requirements to ensure government IT professionals have the most current cybersecurity skills needed to protect national security.

Key Changes from DoD 8570 to DoD 8140

The transition from DoD 8570 to DoD 8140 brings significant changes that IT professionals should be aware of, primarily: 

Expanded Cyber Workforce Categories

Instead of focusing only on Information Assurance (IA), DoD 8140 now includes multiple cyber domains such as Cybersecurity, Cyber IT, Cyber Effects, Cyber Intelligence, and Cyber Enablers. This means IT professionals may need to qualify under a broader range of roles.

Role-Based Qualifications

Unlike DoD 8570, which was primarily certification-driven, DoD 8140 maps certifications to specific job roles within the DoD Cyber Workforce Framework (DCWF). IT professionals must align their certifications and training with their designated work roles.

Ongoing Professional Development

Under DoD 8140, IT professionals must continuously develop their skills rather than simply obtaining a one-time certification. Refresher courses, advanced training, and continuing education will be necessary.

The DoD has set deadlines for meeting role-based qualifications:

• February 15, 2025: Cybersecurity workforce must meet 8140 qualifications.

• February 15, 2026: All cyber-related workforce elements must comply.

These updates make it essential for IT professionals to stay informed about current certification requirements, role alignments, and continuing education to remain compliant under DoD 8140. 

Certification and Training Under DoD 8140

Unlike DoD 8570’s structured certification levels, DoD 8140 tailors certification and training paths based on specific job functions. Some roles may require a combination of traditional education, DoD-approved training, and industry certifications to qualify

Certifications that remain relevant under DoD 8140 include: 

• CompTIA: A+, Security+, CySA+, SecurityX, Cloud+, PenTest+, Data+

• ISC2: CISSP, SSCP, CISSP-ISSAP

• Cisco: CCNA, CCNP Security, CCNP Enterprise

• ISACA: CISM, CISA

• EC-Council: CEH

Keep in mind that customized learning paths may be required based on specific role requirements. It's not as simple as listing the must-have certifications for each role—some roles require a mix of traditional education, approved DoD training, and approved industry certifications. Learn more on the DoD qualification metrics site. 

Career Considerations

There are a variety of valuable resources available to help learners determine appropriate pay scales for job opportunities associated with DoD 8140, including:

• OPM.gov: This is probably the best resource for governmental salary information, including pay and leave information, rates of pay based on states and geographic regions, fact sheets, and more.

• DCPS Wage and Salary: Civilian Personnel Policy and the Defense Civilian Personnel Advisory Service (CPP/DCPAS) is responsible for all wage and personnel policies for any individual or organization that contracts with the DoD.

• Payscale: One of our favorites for finding salary information, salary ranges, and fascinating demographic information for the IT roles you care about.

• Indeed: Use keywords to find the specific role or company you're interested in, or use this resource to compare civilian and government salaries.

• Simplyhired.com: Similar to Indeed, but with a slightly slicker interface, this is a good resource for finding salary information for specific IT roles.

Keep in mind that, as a government role, the salary for the particular role you are considering is likely public information. With a little Google-fu, you should be able to find the budget information that will reveal the specific salary information you need.

Final Thoughts

When considering DoD or other federal government IT career opportunities, it's critical to understand which certifications you must have to be eligible for employment. Earning the right certifications can set you up for a long-term career, even as a civilian, working for the government to support the IT infrastructure, security, and systems that run our government and society.

Access a full library of DoD 8140 compliant training on CBT Nuggets.