CISSP DoD 8140: What changed from DoD 8570?

The U.S. Department of Defense has updated its requirements for cybersecurity professionals. Suppose you're pursuing a career in government cybersecurity or working with DoD systems. In that case, you'll need to understand these changes and how they affect the CISSP certification's role in qualifying you for DoD positions. 

The shift from DoD 8570 to DoD 8140 marks a significant change in how the DoD approaches cyber workforce development. While 8570 focused on specific Information Assurance roles, 8140 takes a broader view, creating a framework that adapts to evolving cyber threats and workforce needs. 

Preparing for your CISSP exam? Get our free CISSP exam tips ebook, or watch our free one-hour CISSP exam prep course from an instructor whose students have a 95% pass rate. 

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Get Pricing

DoD 8140 vs. 8570: Key changes 

The DoD's transition to 8140 brings fundamental changes to how cybersecurity roles and qualifications are structured. Instead of the rigid Information Assurance Technical (IAT) and Management (IAM) levels from 8570, DoD 8140 introduces a more flexible system built around the DoD Cyberspace Workforce Framework (DCWF). 

This new framework organizes cyber roles into seven distinct workforce elements: 

• IT (Cyberspace) 
• Cybersecurity 
• Cyberspace Effects 
• Intelligence (Cyberspace) 
• Cyberspace Enablers 
• Software Engineering 
• Data/AI 

Each element contains specific work roles with their own qualification requirements. The CISSP certification now fits into this structure differently — covering 44% of approved work roles across five of these seven elements, according to ISC2. 

The changes mean more options and more apparent paths for career development. For example, under 8570, you might have been limited to specific IAT or IAM levels. Now, with 8140, you can qualify for various roles based on your certifications, education and experience. 

What are the DoD 8140 CISSP Roles? 

The CISSP certification holds significant value in the DoD 8140 framework, qualifying professionals for roles across multiple workforce elements. Let's break down where CISSP fits in the new structure. 

Under the DoD 8140 Cyber Workforce Qualification Provider Marketplace, CISSP certification applies to roles in five key areas: 

• IT (Cyberspace) roles: 
  • Systems Developer 
  • Systems Requirements Planner 
  • Enterprise Architect 
  • Research & Development Specialist 
• Cybersecurity roles: 
  • Cyber Defense Infrastructure Support Specialist 
  • Cyber Defense Incident Responder 
  • Vulnerability Assessment Analyst 
  • Authorizing Official/Designating Representative 
  • Security Control Assessor 
  • Security Architect 
  • Information Systems Security Developer 
  • Information Systems Security Manager 
  • COMSEC Manager 
• Cyberspace Effects roles: 
  • Cyber Operations Planner 
  • Partner Integration Planner 
• Cyberspace Enablers roles: 
  • Cyber Instructor 
  • Cyber Workforce Developer or Manager 
  • Cyber Policy and Strategy Planner 
  • Program Manager 
  • IT Project Manager 
  • Product Support Manager 
  • IT Investment/Portfolio Manager 
  • IT Program Auditor 
• Software Engineering roles: 
  • Systems Security Analyst 

CISSP and the Information Systems Security Manager Role

Let's examine the role of the Information Systems Security Manager (ISSM) as an example of how 8140's qualification structure works. This role demonstrates the three-tiered qualification approach that characterizes the new framework. 

Basic level: 

• Education: Can be met through a BS degree in Information Technology, Cybersecurity, Data Science, Information Systems or Computer Science from an ABET-accredited or CAE-designated institution OR 
• DoD/Military Training: Can be satisfied through completing any of these courses: 
  • E3AQR3D033 02AA 
  • E3ABR3D033 01AC 
  • 531-25B30-C45 
  • J-3B-0440 
  • Or combination of CLE 074 + WSS 003 + ISA 220

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Get Pricing

Intermediate level: 

• Education: Same BS degree options as Basic level OR 
• DoD/Military Training: Complete 531-25B40-C46 or combination of ISA 220 + CYB 5640 + WSS 011 OR 
• Personnel Certification: Any of the following: 
  • CGRC/CAP 
  • CASP+ 
  • CCSP 
  • Cloud+ 
  • SSCP 
  • Security+ 
  • GSEC 

Advanced level: 

• DoD/Military Training: Complete any of: 
  • 4C-FA26A 
  • M09CHN1 
  • A-531-0009 
  • A-531-0045 
  • Or combination of ACQ 160 + ISA 220 OR 
• Personnel Certification: Any of the following: 
  • CISM 
  • CISSO 
  • FITSP-M 
  • GCIA 
  • GCSA 
  • GCIH 
  • GSLC 
  • GICSP 
  • CISSP-ISSMP 
  • CISSP 

The ISSM role shows how 8140 creates multiple paths to qualification, making the framework more flexible than its predecessor. Each level builds upon the previous one, ensuring professionals develop comprehensive skills as they advance. You can explore all the 8140 roles and their current qualifications at the DoD Cyber Workforce Framework. 

What were the DoD 8570 CISSP roles? 

Under the previous DoD 8570 framework, CISSP certification qualified professionals for specific Information Assurance (IA) levels and roles, including: 

• IAT Level III (Information Assurance Technical) 
• IAM Level II and III (Information Assurance Management) 
• IASAE Level I and II (Information Assurance System Architecture and Engineering) 

This structure was more rigid and limited compared to 8140's broader framework. While CISSP was valuable under 8570, it primarily focused on traditional information assurance roles. The new 8140 framework expands CISSP's applicability across multiple workforce elements, making it more relevant for today's diverse cybersecurity landscape. 

Maintaining CISSP qualifications under DoD 8140 

The DoD 8140 framework emphasizes ongoing professional development to ensure cybersecurity professionals maintain current skills. For CISSP holders working in DoD roles, several key requirements must be met: 

Annual maintenance requirements: 

• Minimum of 20 hours of professional development annually 
• Must meet certification maintenance requirements (if higher than 20 hours) 
• Continuing education must align with the assigned work role 
• Documentation of all professional development activities 

Residential qualification requirements: 

• On-the-job qualification is always required at all proficiency levels 
• Must demonstrate capability to perform duties in the resident environment 
• Component-specific requirements may apply 
• Regular evaluation of performance against work role requirements 

CISSP training resources 

With CISSP playing a vital role in DoD 8140 qualification requirements, choosing the right training path is crucial. Infosec offers several comprehensive options to help you prepare: 

Structured training programs 

Our CISSP Boot Camp provides intensive, instructor-led training — a great option for DoD professionals. These boot camps offer: 

• Comprehensive coverage of all CISSP domains 
• Live, expert instruction from experienced cybersecurity professionals 
• Exam preparation strategies 
• Practice tests and study materials 
• Exam Pass Guarantee 

Self-paced learning and on-demand 

Visit our CISSP training hub to find flexible learning options that fit your schedule. The hub includes: 

• A detailed breakdown of all the CISSP domains 
• CISSP exam and question details 
• Study guide and reference material suggestions 
• Details on on-demand CISSP training options 

Additional resources 

To maximize your success, check out these resources: 

• Download our CISSP exam tips ebook for expert guidance on exam preparation 
• Watch our free CISSP prep course from an instructor with a 95% pass rate 
• Explore our cybersecurity certification roadmap to plan your career progression 

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Get Pricing

Is CISSP right for you? 

CISSP certification remains a valuable credential in the DoD cybersecurity workforce, now more than ever under the 8140 framework. Here's why: 

• Broad recognition: CISSP covers 44% of approved work roles in the DoD 8140 Cyber Workforce Qualification Provider Marketplace 
• Career flexibility: Qualifies for positions across five workforce elements, providing diverse career opportunities 
• Professional growth: Supports advancement through multiple proficiency levels, from intermediate to advanced positions 

For those considering their career path in DoD cybersecurity, review the cybersecurity certifications and skills roadmap to explore how CISSP fits into your professional development plan. And if you're ready to prepare for the exam, Infosec's CISSP Boot Camp can help you get certified quicker.