CompTIA and DoD requirements in 2025: Understanding 8140 vs. 8570
The Department of Defense document DoD 8140, which is the next evolution of the DoD 8570, provides guidance and procedures for the training, certification and management of the DoD cyber workforce. As stated in the DoDM 8140.03 document, it applies to the Office of the Secretary of Defense (OSD), the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities and to all other organizational entities within the Department of Defense.
It sounds like a mouthful, to be sure, but it all boils down to creating a common understanding of the responsibility of individuals to use the resources at hand to protect the security and integrity of vital information.
More particularly, it applies to the DoD Global Information Grid (GIG) to enhance its protection and assure its availability only to appropriate information handlers. We keep the bad actors out and ensure only appropriately authorized good actors have access.
CompTIA’s James Stanger joined Cyber Work Hacks to discuss the recent changes to DoD workforce requirements.
Other primary goals include:
- Replaces the previous “Information Assurance Workforce Improvement Program" with the broader and more flexible “Cyberspace Workforce Qualification & Management Program”
- Provides a unified, role-based approach to developing qualified cyber personnel that leverages the DoD Cyberspace Workforce Framework (DCWF)
- Establishes proficiency levels across the work roles — and more options for the workforce to meet required qualifications
- Develops a common understanding of concepts, principles and applications of cyberspace functions to enhance interoperability
The certification impacts military personnel, civilian employees, contractors and anyone charged with securing the computers, networks or information systems of the DoD. This means that even if you spend most of your time working for organizations without affiliation with the DoD, you’d need your 8140 CompTIA certification or other qualification to do a job for the Department of Defense.
DoD 8140 vs. 8570: Why is it changing?
The DoD is shifting from 8570 to 8140 to meet the challenges of a changing cybersecurity landscape. Previously, 8570 focused on information assurance (IA) and technical roles. However, 8140 is a more comprehensive framework that covers more specific cyber roles, recognizes more credentials and includes more streamlined processes.
Overall, the shift from 8570 to 8140 reflects a proactive approach by the DoD to cultivate a cyber workforce that is better prepared to tackle today's complex security challenges.
Become a SOC Analyst: get Security+ certified!
More than 47,000 new SOC analysts will be needed by 2030. Get your CompTIA Security+ to leap into this rapidly growing field — backed with an Exam Pass Guarantee.
The 8140 also aligns with the DCWF. As noted in the FAQ on the DoD Cyber Exchange, 8140 “establishes the DoD Cyberspace Workforce Framework (DCWF) as the authoritative reference for the identification, tracking and reporting of DoD cyberspace positions and foundation for developing enterprise baseline cyberspace workforce qualifications.”
Another key distinction is how DoD 8140 promotes ongoing training to ensure personnel have the most recent skills and knowledge regarding the technology and tactics used to protect the DoD’s information systems.
How does 8140 work?
DoD 8140 provides a specific framework for developing and managing the DoD’s cybersecurity teams. It is an in-depth guide for everyone involved in protecting the DoD’s digital assets by ensuring they have the skills and certifications necessary to combat an increasingly complex cybersecurity landscape.
Cybersecurity Workforce Framework (NCWF)
The federal government and 8140 also aligns with the NICE Cybersecurity Workforce Framework.
As explained by the Cybersecurity & Infrastructure Security Agency (CISA), “the NICE Cybersecurity Workforce Framework is the foundation for increasing the size and capability of the U.S. cybersecurity workforce. It provides a common definition of cybersecurity, a comprehensive list of cybersecurity tasks, and the knowledge, skills and abilities required to perform those tasks.”
DCWF
DCWF has defined various roles, which are broader than the specific knowledge, skills and ability statements that are the building blocks of the NICE Framework. In other words, the DCWF identifies specific roles, and 8140 ensures applicants are qualified to perform them. DCWF breaks these roles down into seven workforce elements.
- IT (Cyberspace)
- Cybersecurity
- Cyberspace effects
- Intelligence (Cyberspace)
- Cyberspace enablers
- Software engineering
- Data/AI
IT (Cyberspace)” includes different job roles than the “Cybersecurity.” These are just two of the seven Workforce Elements, which you can explore here.
“IT (Cyberspace)” includes people who build IT systems, while “Cybersecurity” involves those who defend networks and connected assets.
For example, someone who designs and implements a safe environment for sharing data would have a role classified under “IT (Cyberspace).” On the other hand, someone whose job is to monitor databases to check for attempts at data exfiltration would have a role under the “Cybersecurity” classification.
Where you come in
People, companies and organizations that wish to do business with the DoD sometimes fail to realize that they must meet the requirements of 8140 as well as the conditions for doing business with the government.
For example, a company that manufactures bulldozers that the military would buy would have to have limited access to the military inventory systems and perhaps payroll or accounting in order to be paid for its work or products. It might also need access to shipping and receiving manifests, scheduling for deliveries, or any number of other points that could create a point of vulnerability in the network.
The military won’t do business with a company that doesn’t comply with 8140. It is simply self-protection. So, even working in the public sector, if you’re creating a product or service that might be useful to the DoD, you’re putting yourself out of the running for that potential business or income if you’re not compliant.
The power of certifications in the context of 8140
Certifications are foundational to anyone whose career path may intersect with the DoD. Certifications give evidence of essential cybersecurity knowledge and skills. Therefore, they serve as one of the baseline requirements for those hiring for any digital security jobs involving the Department of Defense.
You can browse all the DCWF roles and their related qualifications (including education, training and personnel certification) on the DoD Cyber Exchange public website. For example, here is the link to System Administrator, which has the following certifications for different levels:
DoD 8140 CompTIA certifications
CompTIA certifications meet many of DoD 8140's requirements. As of this writing, CompTIA has 8 certifications approved across 31 work roles, according to their website at the time of this writing. The chart below provides more information on those 31 roles. (Note that CASP+ will be renamed Security X in 2025.)
IT (Cyberspace): 8 roles
Work role (DCWF code): Certifications
- Technical Support Specialist (411): A+, Network+, Security+
- Knowledge Manager (431): Security+
- Network Operations Specialist (441): Cloud+, Network+, Security+
- System Administrator (451): A+, Cloud+, Network+, Security+
- Systems Requirements Planner (641): CASP+, Security+
- Enterprise Architect (651): CASP+, Cloud+
- Research & Development Specialist (661): CASP+
- System Testing and Evaluation Specialist (671): Security+
Cybersecurity: 12 roles
Work role (DCWF code): Certifications
- Cyber Defense Forensics Analyst (212): CySA+, PenTest+
- Cyber Defense Analyst (511): CASP+, CySA+, Security+
- Cyber Defense Infrastructure Support Specialist (521): A+, Security+
- Cyber Defense Incident Responder (531): CASP+, CySA+, Security+
- Vulnerability Assessment Analyst (541): CASP+, CySA+, Security+
- Security Control Assessor (612): CASP+, CySA+, Security+
- Secure Software Assessor (622): CASP+, Security+
- Information Systems Security Developer (631): CASP+
- Security Architect (652): CASP+, Cloud+
- Information Systems Security Manager (722): CASP+, Security+
- COMSEC Manager (723): CASP+, Security+
Cyberspace Enablers (8 roles)
Work role (DCWF code): Certifications
- Cyber Policy and Strategy Planner (752): Security+
- Forensics Analyst (211): CySA+
- Cyber Crime Investigator (221): CASP+, CySA+
- Program Manager (801): CASP+, Security+
- IT Project Manager (802): CASP+, Security+
- Product Support Manager (803): CASP+
- IT Investment/Portfolio Manager (804): CASP+, Security+
- IT Program Auditor (805): CASP+, Security+
Cyberspace Effects (2 roles)
Work role (DCWF code): Certifications
- Exploitation Analyst (121): PenTest+
- Warning Analyst (141): CySA+
Intelligence (Cyberspace) (1 role)
Work role (DCWF code): Certifications
- All-Source Analyst (111): CySA+
Software Engineer (1 role)
Work role (DCWF code): Certifications
- Systems Security Analyst (461): CASP+, CySA+, Security+
DoD 8140 takeaway
The demand for security professionals is not slowing down, so anyone involved in cybersecurity has a bright future. And the DoD’s sustained focus on cybersecurity, as demonstrated by 8140, presents even more opportunities. Earning a certification that qualifies you for these positions can be a valuable asset for your resume.
By getting a CompTIA cert, you give recruiters and hiring managers another reason to hire you or promote you to a new role. In this way, you can shift your application to the top of the pile, especially regarding jobs that may intersect with the DoD’s digital infrastructure.
For more resources for federal and DoD workers, check out:
- Free ebook: Find your cybersecurity career path: 11 specializations to consider as you advance your career
- Free guide: 5 things to know before you buy your Infosec boot camp
- Free ebook: A federal guide: Top features Infosec boot camp students love
In this Series
- CompTIA and DoD requirements in 2025: Understanding 8140 vs. 8570
- Average Security+ salary (2024): Your guide to a prosperous cybersecurity career
- Comprehensive guide to CompTIA Security+ domains (2024)
- Security+ exam: Your complete SY0-701 preparation guide
- Navigating Security+ performance-based questions in 2024
- Top 25 Security+ interview questions: Master your job interview [Updated 2024]
- CompTIA Security+ resources: Free books, videos, tests and more!
- CompTIA Security+ jobs in 2025: Outlook and career opportunities
- CompTIA Security+ continuing education and renewal requirements
- CompTIA Security+ certification: History of the exam
- Security+: 11 malware types and identifying indicators of compromise
- Security+: How to explain threat actor types and attributes
- Security+: Security implications of embedded systems
- Security+: Differentiating common account management practices
- Security+: Implementing identity and access management (IAM) controls
- Incident response procedures: What you need to know for Security+
- Security+: Business impact analysis concepts
- Security+: Risk management processes and concepts
- Security+: Implementing public key infrastructure
- I failed my Security+ exam: Here's my story
CompTIA Security+
CompTIA Security+
CompTIA Security+