DoD 8140/8570 certification solutions for federal teams and contractors
Expert-led cybersecurity boot camps built specifically for government employees, military personnel and defense contractors.
DoD 8140 certification training by work role
Find your work role in one of the seven Cyberspace Workforce Elements below. See what certifications meet 8140 qualifications based on the most recent DoD qualification matrix, along with the Infosec training to help you achieve your certification.
Cyberspace IT Workforce
- Technical Support Specialist (411)
- Database Administrator (421)
- Knowledge Manager (431)
- Intermediate: Security+
- Network Operations Specialist (441)
- System Administrator (451)
- Systems Developer (632)
- Systems Requirements Planner (641)
- Enterprise Architect (651)
- Research & Development Specialist (661)
- System Testing and Evaluation Specialist (671)
Cybersecurity Workforce
- Cyber Defense Forensics Analyst (212)
- Cyber Defense Analyst (511)
- Cyber Defense Infrastructure Support Specialist (521)
- Cyber Defense Incident Responder (531)
- Vulnerability Assessment Analyst (541)
- Authorizing Official/Designated Representative (611)
- Security Control Assessor (612)
- Secure Software Assessor (622)
- Information Systems Security Developer (631)
- Security Architect (652)
- Information Systems Security Manager (722)
- COMSEC Manager (723)
- Advanced: CISM
Cyberspace Enablers
- Forensics Analyst (211)
- Cyber Crime Investigator (221)
- Cyber Workforce Developer and Manager (751)
- Cyber Policy and Strategy Planner (752)
- Program Manager (801)
- IT Project Manager (802)
- IT Investment/Portfolio Manager (804)
- IT Program Auditor (805)
Cyberspace Effects Workforce
- Exploitation Analyst (121)
- Advanced: PenTest+
Intelligence Workforce (Cyberspace)
- All-Source Analyst (111)
- Advanced: CySA+
Software Engineering
Why choose Infosec?
Critical DoD 8140 compliance deadlines
Cybersecurity Workforce Deadline
⚠️ February 15, 2025
All DoD civilian employees and military service members in DCWF work roles under the cybersecurity workforce element must be qualified in accordance with DoDM 8140.03.
Full Workforce Compliance
⚠️ February 15, 2026
All remaining DoD personnel in DCWF work roles under cyberspace IT, cyberspace effects, intelligence (cyberspace) and cyberspace enabler workforce elements must meet qualification requirements.
Defense Contractor Compliance
📋 Ongoing Requirement
Defense contractors and subcontractors must maintain DoD 8140 certifications for personnel in designated cyberspace work roles to remain eligible for DoD contracts. Professionals must meet foundational, resident and Continuing Professional Development (CPD) requirements to qualify.
DoD 8140 certification requirements explained
What DoD 8140 Requires
DoD Directive 8140 establishes a comprehensive framework for training, certification and management of the DoD's cybersecurity workforce. It replaces DoD 8570 with a more targeted, role-based approach.
- Foundational Qualifications: Role-specific requirements through certifications, education, training or experience specific to your work role
- Resident Qualifications: Practical capabilities on the job, environment-specific training and performance-based assessments
- Continuing Professional Development (CPD) Requirements: Minimum 20 hours annually of continuing education
Who needs DoD 8140 qualification
All personnel assigned to positions coded with DCWF work roles must comply:
- DoD civilian employees (including NAF employees)
- Active duty, Reserve and National Guard service members
- Defense contractors and subcontractors
- Foreign nationals working in designated positions
DoD 8570 vs 8140 changes
Key improvements in the new directive:
- Expanded from Information Assurance to full cyber domains
- Role-based qualifications instead of a certification-only approach
- Clear compliance deadlines and enforcement
- Enhanced continuous professional development requirements
Flexible DoD 8140 training delivery options
Live Online
Get days of live-streamed instruction from industry-leading cybersecurity instructors. We guarantee your team will get their DoD 8140 certification on the first attempt — or the next exam is on us.
On-Site Training
We'll bring expert cybersecurity instruction directly to your federal facility or host a boot camp at a secure, nearby location. Perfect for classified environments and large teams.
On-Demand Learning
Train on your schedule with unlimited access to 100s of DoD 8140-aligned courses and hands-on labs. Ideal for continuous professional development requirements.
Maximize your training budget with flexible purchase options
Meet DoD 8140 requirements with training built for federal teams and contractors and stay under your Government Purchase Card limit.
Approved government programs
Infosec accepts all forms of approved training requests and procurement systems:
- AF COOL: Air Force Credentialing Opportunities On-Line
- Army IgniteD: Professional Development Program
- Veteran Readiness & Employment: Chapter 31 Benefits
- Government Purchase Cards: Stay under GPC limits
Flexible budget solutions
Your team's training needs don't always align with federal budget cycles. Our flexible payment options help you:
- Purchase group training now and train when it’s convenient
- Save with volume discounts for large teams
- Spread costs across fiscal years
Training guarantees
Exam Pass Guarantee
Resit the course and retake your exam for free if you don't pass on your first attempt
100% Satisfaction Guarantee
Switch courses if you’re not satisfied after day one.
Knowledge Transfer Guarantee
Free replacement training if a certified employee leaves within 3 months
you're in good company
Award-winning training you can trust
What is the Cybersecurity Maturity Model Certification (CMMC)?
The Department of Defense Cybersecurity Maturity Model Certification (CMMC) is a framework to enhance the cybersecurity practices of organizations involved in the defense supply chain. The CMMC program is a compliance requirement built to ensure that organizations, contractors and subcontractors meet cybersecurity requirements and are prepared to protect sensitive unclassified information.
The Pentagon announced that CMMC standards will be implemented into all DoD contracts as of November 8, 2025.
Cybersecurity Maturity Model Certification
Learn everything you need to know about the new Department of Defense Cybersecurity Maturity Model Certification (CMMC) framework. We're here to help train you on the CMMC certification process — whether you're an aspiring CMMC Assessor or one of the 300,000+ companies in the Defense Industrial Base supply chain that need to comply with CMMC.
Why choose Infosec for CMMC certification training?
Gain essential skills and expertise required to navigate the complex CMMC certification and DoD 8570/8140 requirements with Infosec’s comprehensive training and DoD 8140 certification training boot camps. Live, instructor-led training guarantees your team gets certified on their first attempt. Experience role-based learning paths live online, on-demand or in person, depending on the best fit for your schedule.
Cyber-AB Approved Training Provider and Approved Publishing Partner
Infosec is an Approved Training Provider (ATP) and an Approved Publishing Partner (APP) for the Cybersecurity Maturity Model Certification Accreditation Body (Cyber-AB), an independent accreditation entity created in January 2020. Cyber-AB and its subsidiary, Cybersecurity Assessor and Instructor Certification Organization (CAICO), are responsible for establishing, managing, controlling and administering the CMMC assessment, certification, training and accreditation processes for the defense supply chain.
Understanding the Cybersecurity Maturity Model Certification
Developed by the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD A&S) and other federal stakeholders, the Cybersecurity Maturity Model Certification (CMMC) assesses and enhances the cybersecurity posture of the Defense Industrial Base (DIB).
The CMMC 2.0 Model covers three compliance levels, Level 1 “Foundational,’’ Level 2 “Advanced” and Level 3 “Expert.” Certified CMMC Professional (CCP) is a gateway to becoming a Certified CMMC Assessor (CCA), and it also certifies you as a valuable resource for consulting agencies, CMMC Third-Party Assessor Organizations (C3PAOs) and organizations needing CMMC 2.0 support and guidance.
Earn your DoD 8140 certification
Certified CMMC Professional (CCP)
The Certified CMMC Professional (CCP) is the first step to becoming an assessor. It certifies you as a valuable resource for consulting agencies and organizations seeking CMMC guidance.
Certified CMMC Assessor (CCA)
Become one of the first Cyber-AB Certified Assessors! This boot camp builds on your Cyber-AB Certified CMMC Professional (CCP) training and prepares you to become a Certified CMMC Assessor (CCA).
Training mapped to NICE Workforce Framework for Cybersecurity
Infosec Skills connects employee job descriptions to an established workforce development framework. Your organization can take a bottom-up approach to any training initiative by mapping development plans to specific NICE Knowledge and Skill Statements, Work Roles or even the Competencies deemed most critical to employee success.
FAQ
Frequently asked questions
What are the previous DoD 8570 work roles?
Department of Defense Directive 8570, published in 2005, established a structured framework for cybersecurity workforce management that organized personnel into five main categories with distinct work roles and certification requirements:
Information Assurance Technician (IAT): Technical implementation roles
- Level I: Computing environment (A+, Network+, SSCP)
- Level II: Network environment (Security+, CySA+, GSEC)
- Level III: Advanced networks/enclaves (CASP+, CISSP, GCIH)
Information Assurance Manager (IAM): Management and oversight roles
- Level I: Basic management (Security+, CAP, GSLC)
- Level II: Intermediate management (CASP+, CISM, CISSP)
- Level III: Senior management requiring IAM Level III certification training (CISM, CISSP, GSLC)
Information Assurance System Architecture & Engineering (IASAE): System design roles
- Levels I-II: Basic/advanced architecture (CASP+, CISSP, CSSLP)
- Level III: Expert architecture (CISSP-ISSAP, CISSP-ISSEP)
Cybersecurity Service Providers (CSSP): Specialized cyber defense roles
- Five specializations: Analyst, Infrastructure Support, Incident Responder, Auditor, Manager
- Various certifications including CySA+, CEH, GCIA, CISM
Computing Environment (CE): Technology-specific certifications required in addition to baseline IAT requirements for specific operating systems and security tools
While DoD 8570 transitioned to 8140 in 2023, understanding these previous work roles remains important for federal employees and military personnel navigating the transition.
There is no exact equivalent 1:1 mapping from the old 8570 work roles to the new 8140 framework. The transition from 8570 to 8140 reflects the DoD's recognition that modern cybersecurity requires more specialized, role-specific qualifications rather than broad categorical certifications.
Who needs a CMMC certification?
CMMC is being incorporated into the Defense Federal Acquisition Regulation Supplement (DFARS), and by 2025 all suppliers will need a certification in order to bid on contracts. Contractors can achieve a CMMC level for their entire enterprise network or for a particular segment or enclave, depending on where the protected information is handled and stored. The ecosystem to support these assessments continues to be refined, so there are numerous career opportunities for those becoming a CCP or CCA.
What is the difference between DoDD 8140 and 8570?
While 8570 focused primarily on Information Assurance Technical (IAT) and Management (IAM) levels with a rigid certification-driven approach, DoD 8140 introduces a comprehensive framework built around the DoD Cyberspace Workforce Framework (DCWF) that covers seven distinct workforce elements: cybersecurity, cyberspace IT, cyberspace effects, intelligence (cyberspace) and cyberspace enablers.
Key differences include DoD 8140's role-based qualification system that maps certifications to specific job roles rather than broad categories, emphasizing hands-on training and continuous professional development beyond one-time certification requirements. The new framework also integrates with the NIST NICE Cybersecurity Workforce Framework and provides multiple qualification pathways, including education, training, certification and experience-based alternatives.
What is the NICE Workforce Framework for Cybersecurity?
The NICE Workforce Framework for Cybersecurity (NIST Special Publication 800-181) is used to help categorize cybersecurity work and job duties across the public, private and academic sectors. Infosec’s cyber training library is mapped to over 620 Knowledge and Skill Statements and all 52 Work Roles to support any implementation of the NICE Framework: standard Work Roles directly from the NICE Framework, Competency-based Work Roles, Task-based Work Roles or custom Work Roles.
Is DoD 8570 still in effect, or is it now DoD 8140?
DoD 8140 has replaced DoD 8570. DoD Manual 8140.03, which provides the implementation framework, was released February 15, 2023, and supersedes the previous DoD 8570.01-M directive. While you may still see references to "DoD 8570 certification" in job postings and older documentation, most current compliance requirements fall under DoD 8140.
The key difference: DoD 8140 takes a more comprehensive, role-based approach rather than the certification-only focus of DoD 8570. However, most of the same industry certifications (like Security+, CISSP, etc.) remain valid under the new framework.
Do I need multiple certifications to fulfill the DoD 8140 requirement?
Most roles require only one certification per work role. DoD 8140 uses a role-based qualification approach, meaning you need the appropriate certification(s) for your specific DCWF (DoD Cyber Workforce Framework) work role and proficiency level.
However, some scenarios may require multiple certifications:
- If you're assigned to multiple work roles that require different certifications
- If you're seeking career advancement to higher proficiency levels
Our training advisors can help you determine exactly which certifications you need based on your current and desired roles.
Can I use military or veteran benefits to pay for Infosec training?
Yes, we accept multiple military and veteran education benefits:
- Veteran Readiness & Employment (Chapter 31): Vocational rehabilitation benefits
- AF COOL: Air Force Credentialing Opportunities On-Line funding
- Army IgniteD: Army's professional development program
- Navy COOL: Navy credentialing program support
Infosec is an approved vendor for these programs. Our enrollment team will help you navigate the benefits application process and ensure you maximize your education benefits for DoD 8140 compliance training.
How does Infosec training differ from the free courses at CISA Learning (formerly FedVTE)?
While CISA Learning provides valuable foundational knowledge, Infosec offers certification-focused training with accountability:
Infosec Advantages:
- Exam Pass Guarantee: If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
- Live Expert Instruction: Real-time interaction with certified instructors, not just video content
- Hands-on Labs: Practical, scenario-based exercises that mirror real DoD environments
- Intensive Boot Camp Format: Complete certification prep in days vs. months of self-study
- DoD-Specific Focus: Content tailored specifically for government and defense sector requirements
- Career Support: Ongoing guidance for compliance and career advancement
CISA Learning Strengths:
- Free access to foundational cybersecurity content
- Self-paced learning modules
- Good for general awareness training
Bottom line: Use CISA Learning for foundational knowledge but choose Infosec when you need to actually pass a DoD 8140 certification exam by a specific deadline.