The Importance of 8570.1 Compliance
8570.1 provides guidance and procedures for the training, certification, and management of the Department of Defense workforce conducting Information Assurance functions in assigned duty positions. It also provides guidance on reporting metrics in supporting this compliance.
The following entities are required (mandatory) to meet 8570.1 compliance:
- Office of the Secretary of Defense
- Military Departments
- Chairman of the Joint Chiefs of Staff
- Combatant Commands
- Office of the Inspector General of the Department of Defense
- Defense Agencies
- Department of Defense Field Activities Contractors and all other organizational entities in the Department of Defense
The people who are affected by this include Any full-time or part-time military service member, contractor, or local nationals with privileged access to a Department of Defence information systems. The United States military (Department of Defense) requires these certifications because of national security. The exposure to sensitive data and equipment along with the vulnerabilities found helps to prevent hacking and intrusions. (See BrightHub article on Hackers) This includes performing information assurance security (IS) functions regardless of their job or definition of their job. This includes all management, help desk, network, and any form of computer support.
The DoD is more aware of cyber-warfare. This is especially true after recent events.
The DoD offers a manual, 8570.01M, which specifies that the Department of Defense requires >100,000 identified Information Assurance professionals to be certified within a five year time period. compliance should be 100% within any of the aforesaid entities.
The Defense Information Assurance Program office is divided six defined categories.
The manual can be found at http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf
Accredited programs to gain DoD compliance and certifications:
Certifications accepted by the Department of Defense:
Certified Information Systems Security Professional (CISSP) and (ISC)2 Systems Security Certified Practitioner (SSCP)
This directive has set an aggressive and mandatory timetable that aims to have 100% of the information security personnel and all personnel including contractors fully certified by the calendar year 2010.
Certifications and standards are set for national security reasons. Obtaining these certifications definitely gives you 'one up' if applying for a government or contractor job.
With over 22 million pieces of information stolen from servers in private industry, it is very important for the U.S. Military to take a strong stand on security and requirements. With national security taking a higher stand since September 11, 2001, it is important for the personnel who are being required to become compliant.