DoD Directive 8140 – The Current Cybersecurity Directive

On February 15, 2023, the Department of Defense (DoD) released DoD Manual 8140.03, providing updated guidelines for managing the DoD Cybersecurity Workforce (CSWF). This manual replaces the previous version, 8570.01-M, reflecting the evolving cybersecurity needs and threat landscape.

What is 8140.03?

DoD Manual 8140.03 outlines the DoD’s requirements for managing the CSWF. It provides comprehensive guidance on the identification, training, certification, and management of the DoD’s cybersecurity workforce. Key changes introduced in the new manual include:

Role Mapping: The manual enhances the description of the workforce by transitioning from a one-to-one mapping of individuals to Information Assurance categories to a one-to-many alignment with Defense Cyber Workforce Framework (DCWF) work roles. The DCWF, modeled after the National Institute of Standards and Technology (NIST) Cybersecurity Workforce Framework (NICE), organizes and classifies various cybersecurity roles and responsibilities across the DoD.
New Qualification Methods: 8140.03 introduces flexibility for the workforce to validate their qualifications through multiple methods, including certifications, training, degrees, and on-the-job assessments.
Cybersecurity Workforce Management: The manual provides guidance on managing the DoD’s cybersecurity workforce, including identifying critical positions, recruiting and retaining personnel, and developing career paths for cybersecurity professionals.

Qualification Matrices

8140.03 introduces “Qualification Matrices” for each of the 68 work roles (with more likely to be added) at three proficiency levels per work role, resulting in a current total of 204 matrices. These matrices align with the DCWF, providing a structured approach to defining and assessing the proficiency of the DoD’s cybersecurity workforce.

Impact of 8140.03

The new manual significantly impacts the DoD’s cybersecurity workforce by providing a more flexible and agile approach to workforce management. Key impacts include:

Up-to-date Skills and Knowledge: The new qualification requirements ensure that the DoD’s cybersecurity workforce maintains current cybersecurity skills and knowledge.
Continuous Improvement: Emphasis on training and education ensures ongoing improvement in the skills and knowledge of the cybersecurity workforce.
Preparedness for Future Challenges: Updated guidance reflects the changing threat landscape and evolving cybersecurity needs, preparing the DoD’s workforce to meet future challenges.

8140.03 Timeline

Recognizing the budget constraints faced by agencies and contractors, WillCo Tech offers several flexible migration and implementation options to transition from the 8570 workforce management approach to the 8140.03 approach using CyberSTAR™.

The CyberSTAR Advantage

WillCo Tech’s CyberSTAR™ solution is the largest Credentials Management and Cyber Workforce Compliance software system used by the Federal Government. It tracks training credentials and certifications for over 1.8 million government users.

Supporting DoDD 8140 Compliance

All 8140.03 elements are included: CyberSTAR continuously updates work roles, Qualification matrixes, and Qualifications as the regulation changes.
FISMA/DoDD 8140 Compliance: An agency-specific online assessment tool identifies and categorizes the organization’s Cyber Workforce according to DoDD 8140 guidelines.
Centralized Governance and Oversight: Customized reporting for all management levels, integrating with systems like DMDC, FedVTE, SkillPort, and organizational databases.
Training and Certification Mapping: Agency-specific mapping to courses and certifications, enabling tailored training and certification assignments.
Vouchers-On-Demand Management: Efficient management of voucher distribution and tracking.

To learn more about how CyberSTAR can help your organization achieve and maintain compliance with DoDD 8140, click below to request a demo!

DoD Directive 8140