Ashford Global IT
1800 Pembrook Dr. Suite 300
Orlando, Florida 32810
Toll Free: (888) 838-5498
Local: (407) 612-6999
How Ashford Global IT Meets DOD 8570
The government developed the DOD 8570 policy to require certain personnel manning technical positions and their managers to be certified as meeting baseline requirements. DOD Directive 8570.1 says that throughout the Department of Defense (DOD), personnel must be trained and certified if they hold “Information Assurance” positions. Information Assurance positions may be technical (IAT) or managerial (IAM), and there are three levels within these categories which represent the Information System Architecture. These levels (Enclave, Network, and Computing Environment) are shown in Figure 1, DOD Information Technology Hierarchy.
People in the following groups who have privileged access to a DOD information system that performs Information Assurance (i.e., Security) functions are affected:
- Office of the Secretary of Defense
- Military Departments
- Chairman of the Joint Chiefs of Staffs
- Combatant Commands
- Office of the Inspector General of the DOD
- Defense Agencies
- DOD Field Activities
- All other organizational entities within the DOD
- Contractors performing IA positions
By the end of the 2011 calendar year, all persons performing in an IAT or IAM position must be certified. In addition, by the end of the 2010 calendar year all persons performing CND-SP and IASAE roles must be certified.
Applicable roles:
Computer Network Defense (CND) personnel provide CND situational awareness, implement protection measures, monitor and analyze alerts in order to detect unauthorized activity, and implement CND operational direction. CND services are commonly provided by Computer Emergency or Incident Response Teams and may be associated with Network Operations Center (NOSC). CND describes the actions taken, within the Department of Defense (DOD), to protect, monitor, analyze, detect, and respond to unauthorized activity within DOD information systems and computer networks. CND protection activity employs information assurance principals and includes deliberate actions taken to modify an assurance configuration or condition in response to a CND alert or threat information. Table 2 lists specific CND classes which may be of interest.
Information System Architecture and Engineering personnel design, develop, implement, and/or integrate a DOD IA architecture, system, or system component for use in IAT/IAM Level I, II or III environments. They may perform these tasks at either technical or management levels depending on whether they have privileged access or perform management-type tasks.
Vulnerability Analysts (VA) provide onsite information system analysis to develop and provide a “security profile.” Vulnerability Analysts travel to various sites to collect and analyze system configuration data to provide an accurate security profile to the local IAM.
The DOD Information Technology Hierarchy shown in Figure 1 includes the following:
Enclave Environment: The enclave environment consists of at least two networks controlled by the enclave security policy and procedures.
Network Environment: Three networks (Operations, Logistics and Human Resources) connect to a Component Enclave. Each network consists of at least one Computing Environment. The network environment may differ widely, based on the needs of a particular enclave.
Computing Environment (CE): A CE has a server with multiple stations working from it. The diagram shows two CEs for each of the three networks.
Consider within the diagram above, each level has a series of positions to either technically support or manage that level. In addition, there are three basic skill levels for anyone in those positions: entry, intermediate, and advanced. This hierarchical approach allows us to relate the certifications required for both position and skill level. These are shown in the Table 1, DOD Baseline Information Assurance, below.
Table 1, DOD Baseline Information Assurance, shows the certification requirements based on level. Classes shown in BOLD are offered by Ashford Global IT at a facility near you and meet the requirements of DOD 8570 for each level and position.
