Saturday, January 5, 2019

Why DoD Contractors Need to Get Certified or Trained (DoDD 8570, 8140)

​DoDD 8570.01, "Information Assurance Training, Certification, and Workforce Management," Certified Current as of April 23, 2007 and 8570.01-M​, "Information Assurance Workforce Improvement Program," Incorporating Change 4, 11/10/2016, requires the DoD Information Assurance (IA) Workforce to possess baseline IA certification and Computing Environment (CE) certification(s) or training appropriate for their assigned duties. DoDD 8140.01, "Cyberspace Workforce Management," August 11, 2015, reissues and renumbers DoDD 8570; however, until a DoDD 8140 manual is produced, 8570.01-M will be used. DoDD 5144.02 states that DoD Manual 8570 is issued to implement the policy in DoD Directive 8140.01. 8570.01-M breaks out the IA Workforce into management (IAM), technical (IAT), IA System Architecture and Engineering (IASAE) and Computer Network Defense-Service Provider (CND-SP) roles. There are three (I, II, III) levels each for IAM and IAT.
Per DoD 8570.01-M, C1.4.1.4.2, The Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Officer (ASD(NII)/DoD CIO) shall:
Establish an approval process for IA baseline certifications to be added to or deleted from the approved IA baseline certification list on the DISA IA Support Environment (IASE) website. Certifications must have strong correlation to IA workforce levels and functions. The Defense-side Information Assurance Program (DIAP) office will prove oversight to the IA WIPAC and IA baseline certification approval process outline in AP2.2 and post updates to the DISA IASE website. The IA WIPAC Executive Secretariat will publish a memorandum to announce updates to the Certification Table.
The IA WIPAC is the Information Assurance Workforce Improvement Program Advisory Council.
DoD 8570.01-M includes AP3. Appendix 3, "IA WORKFORCE REQUIREMENTS AND CERTIFICATIONS." The requirements such as experience and background investigation are provided ​for IAT, IAM, IASAE, and CND-SP roles but specific industry certifications are not included in the table. The specific industry certifications required are provided on the DISA IASE website (http://iase.disa.mil/iawip/Pages/iabaseline.aspx).
AP3.2.8. Changes to the approved IA baseline certification list will be made by the IA WIPAC in accordance with AP2.2.1. The DISA IASE website will be updated to reflect these changes.
AP3.3. The approved IA baseline certification table on the DISA IASE website (http://iase.disa.mil/eta/iawip) provides a list of DoD approved certifications for personnel performing IA functions that meet baseline requirements. DoD Components may choose any of the approved certifications to meet the applicable certification requirements for each associated level.

The correct URL for the DoD approved certifications is ​http://iase.disa.mil/iawip/Pages/iabaseline.aspx. Table AP3.T2, "DoD Approved Baseline Certifications," as of 4/13/2017:

Per DoD 8570.01-M C2.3.9:
Contractor personnel supporting IA functions in Chapters 3, 4, 10, and 11 shall obtain the appropriate DoD-approved IA baseline certification prior to being engaged. Contractors shall have up to 6 months to obtain the rest of the qualifications for their position outlined in AP3.T1. The contracting officer will ensure that contractor personnel are appropriately certified. Additional training on local or system procedures may be provided by the DoD organization receiving services.
Chapters 3, 4, 10 and 11 are the sections in the manual describing IAT, IAM, IASAE, and CND-SP roles.
Per ALARACT 284/2011 DTG 011658Z AUG 11, Subject:  COMPUTING ENVIRONMENT CE CERTIFICATIONS FOR THE ARMY INFORMATION ASSURANCE IA WORKFORCE:
3. (U) DOD POLICY (REF A) MANDATES THAT ALL PERSONNEL IN THE INFORMATION ASSURANCE TECHNICAL (IAT), COMPUTER NETWORK DEFENSE-SERVICE PROVIDER (CND-SP) (EXCEPT CND-SP MANAGER), AND INFORMATION ASSURANCE SECURITY ARCHITECT AND ENGINEER (IASAE) POSITIONS WHO PERFORM IAT FUNCTIONS MUST OBTAIN APPROPRIATE CE CERTIFICATIONS FOR THE OPERATING SYSTEM(S) AND/OR SECURITY RELATED TOOLS/DEVICES THEY SUPPORT.
 4. (U) DESCRIPTION OF CHANGE:  THE PROPONENT FOR DOD 8570.01-M NOW ACCEPTS CERTIFICATES OF TRAINING OR VENDOR CERTIFICATIONS TO FULFILL THE CE REQUIREMENT. DOD WILL POST THE FOLLOWING TEXT TO THE INFORMATION ASSURANCE SUPPORT ENVIRONMENT (IASE) WEBSITE ON THE FREQUENTLY ASKED QUESTIONS (FAQ) PAGE UNTIL DOD 8570.01-M IS UPDATED. "IF YOU ARE AN IAT OR CND-SP AND HAVE PRIVILEGED ACCESS, YOU MUST OBTAIN TRAINING FOR THE OPERATING SYSTEM AND/OR SECURITY RELATED TOOLS/DEVICES YOU SUPPORT AS REQUIRED BY YOUR ORGANIZATION. A CERTIFATE OF COMPLETION FROM A COMPONENT AUTHORIZED TRAINING COURSE THAT MAPS THE ASSOCIATE CURRICULUM/LEARNING OBJECTIVES TO THE POSITION REQUIREMENTS IS ACCEPTABLE TO MEET THIS REQUIREMENT." EXPECTED UPDATE TO THE FAQ PAGE IS NO LATER THAN 30 SEPTEMBER 2011.
5. (U) THE GUIDANCE CONTAINED IN THIS ALARACT WILL BE INCORPORATED INTO THE NEXT VERSION OF AR 25-2 AND THE IA TRAINING AND CERTIFICATION BEST BUSINESS PRACTICE. THE LIST OF ARMY AUTHORIZED CE CERTIFICATIONS AND TRAINING COURSES IS AVAILABLE ON ATCTS AT HTTPS://ATC.US.ARMY.MIL. A COMPLETE LIST IS POSTED ON THE ATCTS HOME PAGE AND CAN BE FOUND BY CLICKING THE DOCUMENTS BUTTON. THE LIST WILL BE UPDATED QUARTERLY.
7. (U) CIO/G-6 CYBER DIRECTORATE REQUIRES:
7.1 ALL TECHNICAL PERSONNEL IN THE INFORMATION ASSURANCE TECHNICAL LEVEL THREE (IAT3) CATEGORY MUST OBTAIN A COMMERCIAL CE CERTIFICATION (NOT JUST A CERTIFICATE OF TRAINING)
7.2 NO LESS THAN TWO TECHNICAL PERSONNEL (IAT1 AND IAT2) AT EACH NEC, SYSTEM, OR ENCLAVE (TO INCLUDE PROGRAM-MANAGED INFORMATION SYSTEMS) MUST OBTAIN A COMMERCIAL CE CERTIFICATION (NOT JUST A CERTIFICATE OF TRAINING) FOR THE SYSTEMS THEY ADMINISTER/MAINTAIN (OPERATING SYSTEM, NETWORK EQUIPMENT, BOUNDARY DEFENSE, ETC.). ORGANIZATION MANAGERS SHALL DECIDE WHICH INDIVIDUALS REQUIRE CERTIFICATION.
Per HQDA CIO/G-6 Memorandum, "Computing Environment (CE) Certifications for the Army Information Assurance Workforce," 14 November 2012, the Army has modified IAT Level 1 Task T-I.3 (Provide end user IA support for all CE operating systems, peripherals, and applications) to permit those in ranks E-1 through E-5 to install operating systems, peripherals, and applications without obtaining industry-standard certifications. The basis for this change is that soldiers awarded the 25B10, 25N10, or 25U10 Military Occupational Specialty (MOS) at the conclusion of Advanced Individual Training (AIT) have been trained in basic technical and networking skills commensurate with future IAT Level 1 functions.
NIST has developed the NICE National Cybersecurity Workforce Framework. The DHS NPPD FY16 Cyber Pay Enhancements lists certification requirements for the NICE categories. The DoDD 8140 manual has not been developed or approved but it will be based on the NICE initiative. https://dodcio.defense.gov/Cyber-Workforce/DCWF.aspx

DISA is currently piloting courses for roles included in the Defense Cyber Workforce Framework (DCWF). These courses appear to be free of charge to government personnel and contractors. They are 5 days long, appear to be no cost, and do not require certification testing (although students receive a certificate for completing a course). Courses are held at the DoD Training Center - 8830 Stanford Boulevard, Columbia, MD 21043. See https://cyber.mil/training/cyber-defense-infrastructure-support-foundation-pilot-cw20012/ for more information. Current classes include:

  •  Cyber Defense Infrastructure (CDIS) Specialist – Foundation – PILOT.  CW20012. This is a pilot of the five (5) day Cyber Defense Infrastructure Support (CDIS) Specialist Foundation course. Learners will be provided an introduction into common cyber defensive concepts and capabilities used in network and system defenses. The course begins by providing insight into general information technology and cybersecurity concepts relevant to this role. Topics include networking basics, common ports and protocols, Department of Defense (DoD) Incident Response (IR)/Incident Handling (IH) methods, and access control techniques. The later portion of the class extends these basic concepts into general cyber defense capabilities used in CDIS’s more advanced classes. Topics include broad-based attack techniques, network design mitigations, and network traffic/intrusion detection analysis. Written IP addressing/subnetting exercises as well as Wireshark and Sguil/Snort labs incorporated into several modules provide a practical application of the concepts and capabilities discussed. Students will be asked to provide their feedback on the class and how well it matches the knowledge, skills, abilities, and tasks (KSATs) expected within the DoD for someone who performs the CDIS specialist role. The foundation CDIS course is intended for those new to, or unfamiliar with, the CDIS role as defined by the DoD Cyber Workforce Framework (DCWF). As part of the Protect and Defend framework category, the CDIS role is accountable for the following tasks: tests, implements, deploys, maintains, and administers the infrastructure hardware and software.
  • Cyber Defense Infrastructure (CDIS) Specialist – Intermediate – PILOT. CW20013. This is a pilot of the five (5) day CDIS specialist Intermediate course. Learners will be provided with administration knowledge and skills for commonly used Department of Defense (DoD) cyber defense tools. The tools covered include the Wireshark/Tshark and Tcpdump packet analyzers, Cisco FirePOWER network intrusion prevent system (IPS), McAfee Enterprise Policy Orchestrator (ePO) host IPS, Cisco Adaptive Security Appliance virtual (ASAv) firewall and virtual private network (VPN), and Splunk security information and event management (SIEM) system. Modules for each tool discusses customization and maintenance activities in order to improve usability and optimize performance and security effectiveness. Activities include managing user preferences and tool configurations/policies, controlling and updating protection features, upgrading/patching software, troubleshooting problems, and performing backups and restores. After these tool-specific modules, the class steps back to address their overall maintenance coordination and accreditation, covering critical cyber defense infrastructure protection, test and change management, and the DoD Risk Management Framework (RMF). The course closes with background analyst knowledge and activities (e.g., attacker profiles and defensive/analysis techniques) to improve student administration decisions. Wireshark, Cisco FirePOWER, McAfee ePO, Cisco ASAv firewall/VPN, and Splunk labs embedded throughout the class provide a practical application of the concepts and capabilities discussed. Students will be asked to provide their feedback on the class and how well it matches the knowledge, skills, abilities and tasks (KSATs) expected within the DoD for someone who performs the CDIS specialist role. The advanced CDIS course is intended for those already familiar with the CDIS role as defined by the DoD Cyber Workforce Framework (DCWF) and common cyber defensive concepts and capabilities used in network and system defenses. As part of the Protect and Defend framework category, the CDIS role is accountable for the following tasks: tests, implements, deploys, maintains, and administers the infrastructure hardware and software.
  • Cyber Defense Infrastructure (CDIS) Specialist – Advanced – PILOT. CW20014. This is a pilot of the five (5) day CDIS specialist Advanced course. Learners will be provided with deployment and initial configuration knowledge and skills for commonly used Department of Defense (DoD) cyber defense tools. The tools covered include the Cisco FirePOWER network intrusion prevent system (IPS), McAfee Enterprise Policy Orchestrator (ePO) host IPS, Cisco Adaptive Security Appliance virtual (ASAv) firewall and virtual private network (VPN), and Splunk security information and event management (SIEM) system. Modules for each tool discuss how to deploy virtual machine (VM) versions of it, initially configure it to be operational on the network, and troubleshoot any problems that arise. The course closes by addressing critical cyber defense infrastructure protection, test bed administration and evaluations, update coordination with stakeholders, and post-evaluation activities of the DoD Risk Management Framework (RMF) accreditation process. Cisco FirePOWER, McAfee ePO, Cisco ASA firewall/VPN, and Splunk labs embedded throughout the class provide a practical application of the concepts and capabilities discussed. Students will be asked to provide their feedback on the class and how well it matches the knowledge, skills, abilities and tasks (KSATs) expected within the DoD for someone who performs the CDIS specialist role. The advanced CDIS course is intended for those already familiar with the CDIS role as defined by the DoD Cyber Workforce Framework (DCWF) and common cyber defensive concepts and capabilities used in network and system defenses.
  • Systems Security Analyst – Foundation – PILOT. CW20009. This is a pilot of the five (5) day Systems Security Analyst (SSA) Foundation course. Learners will be provided an introduction into the analysis and development of the integration, testing, operations, and the maintenance of systems security. This course will also provide an insight into DoD cybersecurity core concepts as well as provide a foundation for assessing DoD systems using current standards. And finally, the course will provide an introduction to tools used for the authorization of a DoD information system.  Students will be asked to provide their feedback on the class and how well it matches the knowledge, skills, abilities and tasks (KSATs) expected within the DoD for someone who performs the SSA role. The foundation SSA course is intended for those new to or unfamiliar with the SSA role as defined by the DoD Cyber Workforce Framework (DCWF).  As part of the Operate and Maintain framework category, the SSA role is accountable for the following tasks: Conducts threat and vulnerability assessments and determines deviations from acceptable configurations or policies. Assesses the level of risk and develops and/or recommends appropriate mitigation countermeasure in operational and non-operational situations. 
  • Systems Security Analyst – Intermediate – PILOT. CW20010. This is a pilot of the five (5) day Systems Security Analyst Intermediate course. Students will be asked to provide their feedback on the class and how well it matches the knowledge, skills, abilities and tasks (KSATs) expected within the DoD for someone who performs the SSA role. The Intermediate Systems Security Analyst (SSA) course is provided for those with a mid-level of expertise with the SSA role as defined by the DoD Cyber Workforce Framework (DCWF). Learners will be provided instruction into the analysis and development of the integration, testing, Operations, and maintenance of systems security. Learners will also gain an understanding topics needed to perform the tasks of a mid-level Systems Security Analyst. These topics will include Security Information and Event Management (SIEM) software, Networking Concepts, Introduction to RMF principles, Embedded Systems, and PKI. The course includes hands on exercises to expand the learning experience.
  • Systems Security Analyst – Advanced – PILOT. CW20011. This is a pilot of the Systems Security Analyst Advanced course. Students will be asked to provide their feedback on the class and how well it matches the knowledge, skills, abilities and tasks (KSATs) expected within the DoD for someone who performs the SSA role. The advanced Systems Security Analyst (SSA) course is intended for those with advance knowledge with the SSA role as defined by the DoD Cyber Workforce Framework (DCWF) Course. Learners will be provided instruction into the analysis and development of the integration, testing, operations, and maintenance of systems security. Learners will also gain an understanding of topics needed to perform the tasks of an advance Systems Security Analyst. This course will cover Risk Management Framework in detail. Other advance topics covered are Software /System Development Life Cycle (SDLC), Spillage Handling, Encryption, and Contingence Planning and Disaster Recovery. The course includes hands on exercises to expand the learning experience.
  • REFERENCES:

    No comments:

    Post a Comment