DoD 8570 and 8140 certifications, explained with evidence
By the RoleMath Editorial Team · Last updated 2026-07-05. Every figure traces to a cited source; we sell none of the options discussed. Draft pending human review.
If you are searching for DoD 8570 and 8140 certifications, the useful question is not 'which cert is best?' The useful question is: what is the current rule source for your situation?
For DoD civilian and military cyberspace workforce positions, DoDM 8140.03 is the controlling modern qualification manual. It became effective on February 15, 2023 and incorporates and cancels DoD 8570.01-M. For contractors, contract language can still point to the DFARS 252.239-7001 clause and DoD 8570.01-M. For everyone else, a blog-level baseline list is not enough. You need the exact work role, proficiency level, contract clause, and current official matrix.
Key takeaways
- DoDM 8140.03 became effective on February 15, 2023 and incorporates and cancels DoD 8570.01-M for the modern DoD cyberspace workforce qualification program.
- DoD 8140 is work-role and proficiency based through the DCWF; the official DCWF page describes seven workforce elements and 74 work roles.
- A certification can be a foundational qualification option only when the current official matrix accepts it for the relevant role and level; resident qualification still matters.
- DFARS 252.239-7001 can still require contractor information-assurance certifications in accordance with DoD 8570.01-M, so contract language must be checked separately.
- RoleMath's DoD-baseline certification rows are useful planning examples, but they remain verify-at-official-source and draft_needs_human_signoff.
- AI and employer-language data help readers build better evidence, but they do not change the official qualification source or prove future demand.
Fast answer: which rule should you check?
Start with the document that actually governs your role.
| Situation | First source to check | What it means |
|---|---|---|
| DoD civilian or service member in a coded cyberspace position | DoDM 8140.03 plus the current DCWF qualification matrix | Qualification is work-role and proficiency based. A certification can be one foundational option, but it is not the whole qualification. |
| Contractor on a contract that includes DFARS 252.239-7001 | The contract clause and current DoD 8570.01-M certification language named by the clause | The live contract can still require current information-assurance certifications tied to the 8570 model. |
| Veteran, service member, or career changer considering federal cyber work | The target posting, contract, or billet coding before buying an exam | Do not buy a credential because a course page says 'IAT II.' Verify the current role requirement first. |
| Training manager or workforce planner | DoDD 8140.01, DoDI 8140.02, DoDM 8140.03, and official matrix governance | Workforce planning is about work roles, proficiency, foundational options, resident qualification, and documentation. |
This page stays draft_noindex pending human review because the current official Cyber Exchange matrix page redirected to a login flow during the 2026-07-05 check. That means RoleMath can explain the policy chain and show caveated local examples, but it should not publish a definitive public crosswalk.
What 8140 changed
The major change is structure. DoD 8570 was commonly discussed through Information Assurance Technical and Information Assurance Management categories and levels. DoD 8140 moves the decision to the DoD Cyberspace Workforce Framework.
The official DCWF page describes seven workforce elements and 74 work roles. Each work role has a definition and representative tasks, knowledge, skills, and abilities. DoDD 8140.01 establishes the DCWF as the authoritative reference for identifying, tracking, and reporting cyberspace positions. DoDI 8140.02 handles identification, tracking, data collection, and reporting. DoDM 8140.03 handles qualification.
So the modern reader question is not just 'is Security+ IAT II?' It is: what DCWF work role is the position coded to, what proficiency level applies, and what qualification options does the current matrix accept?
How 8140 qualification works
DoDM 8140.03 says the qualification program uses work roles and proficiency levels. It also says assigned personnel must meet both foundational and resident qualification requirements for the assigned work role.
| Part of the 8140 model | What it means for a reader |
|---|---|
| DCWF work role | The role code, not the generic job title, drives the matrix. A 'security analyst' posting may not tell you the coded role. |
| Proficiency level | Basic, intermediate, or advanced level changes what the matrix can require. |
| Foundational qualification | Education, training, personnel certification, or limited experience alternatives may satisfy the foundational portion when approved. |
| Resident qualification | The on-the-job qualification area still matters; a commercial certification does not replace mission-environment demonstration. |
| Component or command requirements | Components can set stricter requirements above the baseline, so the local requirement can be narrower than the general matrix. |
For certifications, the manual is specific: a personnel certification has to align to a work role and proficiency level, go through review, and meet a 70 percent alignment threshold against core task and KSA content before acceptance. That is why a certification table is not enough by itself.
Certification examples, with the verification caveat
RoleMath has a local DoD-baseline equivalency layer, but every public-facing row in that layer is still draft_needs_human_signoff and verify_at_official_source. Treat these as planning examples, not settled public eligibility claims.
| Certification | RoleMath local candidate mappings | Public-use status |
|---|---|---|
| CompTIA Security+ | IAT Level II; IAM Level I | Medium confidence, verify at official source, human signoff blocked. |
| CompTIA CySA+ | CSSP Analyst; CSSP Incident Responder; IAT Level II | Medium confidence, verify at official source, human signoff blocked. |
| CompTIA SecurityX | IAM Level II; IASAE Level I; IASAE Level II; IAT Level III | Medium confidence, verify at official source, human signoff blocked. |
| CISSP | IAM Level II; IAM Level III; IASAE Level I; IASAE Level II; IASAE Level III; IAT Level III | Medium confidence, verify at official source, human signoff blocked. |
| CISM | IAM Level II; IAM Level III | Medium confidence, verify at official source, human signoff blocked. |
| SSCP | IAT Level I; IAT Level II | Medium confidence, verify at official source, human signoff blocked. |
The current public advice is therefore narrow: if a federal, military, or defense-contractor role matters, verify the current official matrix or contract before treating any credential as decisive.
Why 8570 still appears in contractor language
The contractor wrinkle is real. The Acquisition.GOV DFARS page for 252.239-7001 shows DFARS Change 5/7/2026 and the clause titled Information Assurance Contractor Training and Certification. The clause requires contractor personnel accessing information systems to have proper and current information-assurance certification in accordance with DoD 8570.01-M, including certifications appropriate for each category and level.
That does not make 8570 the modern workforce framework for everyone. It means contract language matters. If your contract says 252.239-7001, follow the contract and the contracting officer's current instructions. If your billet is governed through 8140 work-role qualification, follow the 8140 matrix. Do not blend the two into a single social-media answer.
Day-to-day role evidence, pay, and metro context
Federal cyber qualification still has to connect to work. Use O*NET and BLS as occupation-level planning context, not as a DoD qualification table and not as personal pay evidence.
| Role family in this packet | Task evidence | BLS occupation context |
|---|---|---|
| Cybersecurity analyst / SOC analyst | Safeguard files, monitor malware reports, perform risk assessments, test security measures, update security files. | Information Security Analysts: $129,180 median annual wage, 28.5% projected 2024-2034 change, 16 thousand annual openings. |
| IT security operations | Same mapped information-security occupation context, with stronger operations and identity language in current samples. | Information Security Analysts: same occupation-level context; not title-specific demand. |
| Network security engineer | Identify weaknesses, monitor for breaches or intrusions, assess controls, scan networks, train staff on standards. | Computer Occupations, All Other context in the packet: $116,580 median wage, 8.2% projected change, 31.3 thousand openings. |
| Help desk / support entry lane | Daily system performance, setup, manuals, diagnostics, user inquiries, minor repairs. | Computer User Support Specialists: $61,860 median wage, -3.7% projected change, 40.8 thousand openings. |
| Field network technician | Equipment demonstrations, circuit testing, repair validation, installation and inspection work. | Telecommunications Equipment Installers and Repairers, Except Line Installers: $63,890 median wage, -4.2% projected change, 13.2 thousand openings. |
Metro pay context is separate. RoleMath's real-pay layer uses OEWS May 2025 and BEA Regional Price Parities 2024, but metro comparisons remain regional planning context only. They do not prove what a DoD credential will pay.
Employer-language snapshot
Employer wording is useful for practice vocabulary. It is not representative demand, market size, salary evidence, or previous-year movement.
| Role sample | Current sampled wording | Certification mentions in the sample |
|---|---|---|
| Cybersecurity Analyst | Cybersecurity, NIST, CISSP, SIEM, incident response. | Security+, CySA+, CCNA. |
| IT Security Operations Specialist | IAM, AWS, Python, cybersecurity, Azure. | Security+, CCNA, PMP. |
| Network Security Engineer | Network security, cybersecurity, Palo Alto, Cisco, firewall. | Security+, CCNA, CySA+. |
| SOC Analyst | Cybersecurity, SIEM, incident response, EDR, threat intelligence. | CySA+, Security+, CCNA. |
| Help Desk Technician | Troubleshooting, Windows, ServiceNow, Active Directory, macOS. | Security+, A+, Network+. |
| Field Network Technician | Troubleshooting, Python, Excel, Linux, JavaScript. | CCNA, Network+, Server+. |
Use this panel to decide what examples to build: a SIEM triage note, an IAM access review, a firewall-change explanation, a support ticket, or a network troubleshooting note. Do not use it to claim which credential is growing fastest.
AI changes the evidence bar
AI does not decide whether 8570 or 8140 applies. Policy and contract language decide that. AI changes the proof a reader should build around the work.
| Role family | Current Claude usage context in RoleMath's mapped panel | Practical effect |
|---|---|---|
| Cybersecurity analyst / SOC analyst / IT security operations | 23.90% augmentation-labeled and 76.10% automation-labeled. | Show how you verify AI-written alert summaries, queries, incident notes, and control explanations. |
| Network security engineer | 36.25% augmentation-labeled and 63.75% automation-labeled. | Show how you check AI-suggested commands, firewall reasoning, scanning output, and network diagrams. |
| Help desk / support | 34.38% augmentation-labeled and 65.62% automation-labeled. | Show diagnostic steps, source checks, and why a suggested fix was accepted or rejected. |
| Field network technician | 69.61% augmentation-labeled and 30.39% automation-labeled. | Show field notes, test results, equipment checks, and how AI advice was verified against specs or procedure. |
The DoD CIO cyber workforce management page also notes Data/AI and software engineering work roles added to the broader cyber workforce. That supports an important planning point: AI is part of the work environment, but it is not a shortcut around official qualification.
Step-by-step verification checklist
Use this sequence before buying an exam or telling a reader that one certification is required.
Step 1: identify whether the requirement comes from a billet, job posting, contract clause, agency policy, or training provider page.
Step 2: if it is a DoD civilian or service member position, get the DCWF work-role code and proficiency level. A title alone is not enough.
Step 3: if it is contractor work, read the contract language. If DFARS 252.239-7001 appears, verify the current information-assurance certification requirement named by the contract.
Step 4: verify the current official matrix or authority. Do not rely on RoleMath's draft equivalency rows, a vendor sales page, or an old screenshot as the final source.
Step 5: choose evidence for the role, not only the exam. Pair a credential plan with artifacts: alert triage, IAM review, firewall rule explanation, system-hardening note, support ticket, or network troubleshooting log.
Step 6: keep an AI verification trail. Record the prompt, the output, the source or command checked, what was wrong, and what changed.
Previous-year and future demand claims stay blocked
RoleMath should eventually compare employer language over time for federal and contractor cyber roles. This page cannot publish that yet. The trend-readiness gate has one comparable snapshot group and zero trend-ready groups. It requires two more comparable snapshots and 60 more days between first and latest comparable snapshots before previous-year or prediction claims can publish.
| Claim type | Current status | Why |
|---|---|---|
| Current sampled employer wording | Allowed with visible caveats | The public ATS panel can show current qualitative language. |
| Previous-year movement | Blocked | RoleMath has one comparable snapshot group, not the required three. |
| Future credential demand | Blocked | No approved prediction model exists. |
| Personal outcome claims | Blocked | Policy, BLS/O*NET, employer wording, AI panels, and credential rows do not prove outcomes. |
Honest bottom line
The honest bottom line: DoD 8140 is the modern framework for DoD cyberspace workforce qualification, and DoD 8570 still appears where contract language points to it. The right answer depends on the exact position, contract, work-role code, proficiency level, and current official matrix.
What RoleMath will not claim: a certification row, local equivalency edge, public ATS sample, BLS table, AI workflow panel, or training page creates employment, access, personal pay, or an approved qualification by itself. Treat the certification as one possible requirement to verify, then build the role evidence that shows you can do the work.
Frequently asked questions
Did DoD 8140 replace DoD 8570?
Yes for the modern DoD cyberspace workforce qualification program. DoDM 8140.03 became effective on February 15, 2023 and states that it incorporates and cancels DoD 8570.01-M. Contractor contracts can still reference 8570 through DFARS 252.239-7001, so the exact authority matters.
Is Security+ still a DoD baseline certification?
RoleMath has local candidate rows showing Security+ mapped to IAT Level II and IAM Level I, but those rows are medium confidence, verify-at-official-source, and draft_needs_human_signoff. Verify the current official matrix or contract before relying on that mapping.
What changed from IAT and IAM levels under 8140?
8140 moves the decision to DCWF work roles and proficiency levels. Instead of treating a legacy level as the whole answer, identify the coded work role, proficiency level, foundational options, and resident qualification requirements.
Do contractors follow 8570 or 8140?
Check the contract. DFARS 252.239-7001 still says contractor personnel need proper and current information-assurance certification in accordance with DoD 8570.01-M. Other roles may be governed through 8140 work-role qualification.
Does a DoD baseline certification create a job or pay outcome?
No. A credential can satisfy a requirement only when the current official authority accepts it for that role and level. It does not create employment, access, interviews, personal pay, or a fixed timeline.
How does AI affect DoD 8570 or 8140 planning?
AI does not decide the policy source. It changes the proof bar around the work: candidates should show how they verify AI-generated alerts, commands, incident notes, checklists, diagrams, and summaries against official sources and real tool output.
Related, with the cited detail
- Start the RoleMath planner
- Which cybersecurity certification first?
- CompTIA Security+ overview
- CompTIA CySA+ overview
- CompTIA SecurityX overview
- Google Cybersecurity vs Security+
- Cybersecurity analyst role
- SOC analyst role
- Network security engineer role
- How much tech jobs pay
- How to read a tech job description
- What employers ask for
- Will AI replace tech jobs?
- What we do not know
Sources
Figures in this article are cited to the sources named in the Citation Ledger below and on each linked cited page. This page stays draft_noindex pending human citation review.
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | DoDM 8140.03 is the controlling source for the 8570 replacement claim. | DoDM 8140.03 is titled Cyberspace Workforce Qualification and Management Program, is effective February 15, 2023, and states that it incorporates and cancels DoD 8570.01-M. | https://dowcio.war.gov/Portals/0/Documents/Library/DoDM-8140-03.pdf |
| CIT-02 | DoDD 8140.01 establishes the DCWF as the authoritative workforce reference. | DoDD 8140.01 establishes the DoD Cyberspace Workforce Framework as the authoritative reference for identifying, tracking, and reporting cyberspace positions and for baseline qualification development. | https://dowcio.war.gov/Portals/0/Documents/Library/DoDD-8140-01.pdf |
| CIT-03 | DoDI 8140.02 governs identification, tracking, data collection, and reporting for DCWF work roles. | DoDI 8140.02 states that it establishes policy, responsibilities, and guidance for identifying, tracking, collecting, and reporting DoD Cyberspace Workforce Framework work roles. | https://dowcio.war.gov/Portals/0/Documents/Library/DoDI-8140-02.pdf |
| CIT-04 | The official CIO library currently lists the three 8140 workforce issuances together. | The official CIO library lists DoDD 8140.01, DoDI 8140.02, and DoDM 8140.03 under Cyber Workforce policies and relevant documents. | https://dowcio.war.gov/Library/ |
| CIT-05 | The DCWF is work-role based, not a simple legacy level list. | The official DCWF page describes a hierarchy with seven workforce elements and 74 work roles; each work role includes a definition and representative tasks, knowledge, skills, and abilities. | https://dodcio.defense.gov/Cyber-Workforce/DCWF/ |
| CIT-06 | Current cyber workforce management language includes workforce elements and baseline qualification requirements. | The CIO cyber workforce management page says the 8140 policy set unifies the cyberspace workforce and establishes workforce elements to align, manage, and standardize work roles and baseline qualification requirements. | https://dodcio.defense.gov/Cyber-Workforce/CWM/ |
| CIT-07 | DoDM 8140.03 uses DCWF-coded work roles and proficiency levels. | DoDM 8140.03 says positions are coded to primary and, when needed, additional DCWF work-role codes, and that contracted performance work statements should identify work role and proficiency level. | https://dowcio.war.gov/Portals/0/Documents/Library/DoDM-8140-03.pdf |
| CIT-08 | 8140 qualification requires more than a certification. | DoDM 8140.03 says personnel assigned to DCWF-coded positions must meet both foundational and resident qualification requirements for each work role at the assigned proficiency level. | https://dowcio.war.gov/Portals/0/Documents/Library/DoDM-8140-03.pdf |
| CIT-09 | A commercial certification can be a foundational option only when approved for the relevant role and level. | DoDM 8140.03 requires personnel-certification nominations to align to specific work roles and proficiency levels, with at least 70 percent alignment to core task and KSA content before CWMB acceptance. | https://dowcio.war.gov/Portals/0/Documents/Library/DoDM-8140-03.pdf |
| CIT-10 | Timelines and contractor resident-qualification distinctions should be sourced to DoDM 8140.03. | DoDM 8140.03 describes foundational and resident qualification timelines and states that contracted support personnel must meet foundational requirements at the start of cyberspace work unless otherwise specified. | https://dowcio.war.gov/Portals/0/Documents/Library/DoDM-8140-03.pdf |
| CIT-11 | Contractor-facing contract language can still reference DoD 8570.01-M. | DFARS 252.239-7001, shown with DFARS Change 5/7/2026, requires contractors to ensure personnel have proper and current information assurance certifications in accordance with DoD 8570.01-M. | https://www.acquisition.gov/dfars/252.239-7001-information-assurance-contractor-training-and-certification. |
| CIT-12 | Current official qualification matrices must be verified at the official Cyber Exchange source. | DoDM 8140.03 points qualification matrix information to the DoD Cyber Exchange qualifications-matrices location. A 2026-07-05 browser check redirected the public Cyber Exchange matrix page to a login flow, so RoleMath does not publish a definitive public crosswalk from that source. | https://www.cyber.mil/cw/cwmp/qualifications-matrices/ |
| CIT-13 | DoD approved-baseline certification examples remain verify-at-official-source planning context. | RoleMath's equivalency layer has 16 DoD-baseline-flagged certification records, all draft_needs_human_signoff, using the DoD Cyber Exchange approved-baseline source with verify-at-official-source status. | outputs/cert_equivalency/cert_equivalency_index.csv |
| CIT-14 | Security+ DoD baseline mapping examples are not public approval claims. | RoleMath's local Security+ equivalency rows show candidate DoD 8140 IAT Level II and IAM Level I mappings, as_of 2026-06-26, confidence medium, verification_status verify_at_official_source, and review_status draft_needs_human_signoff. | outputs/cert_equivalency/comptia-security-plus.json |
| CIT-15 | CySA+ DoD baseline mapping examples are not public approval claims. | RoleMath's local CySA+ equivalency rows show candidate CSSP Analyst, CSSP Incident Responder, and IAT Level II mappings with the same verify-at-official-source and draft-needs-human-signoff posture. | outputs/cert_equivalency/comptia-cysa-plus.json |
| CIT-16 | SecurityX, CISSP, CISM, and SSCP examples must remain caveated. | RoleMath's local equivalency edge file records selected draft DoD-baseline candidate rows for SecurityX, CISSP, CISM, and SSCP, each with verify-at-official-source status and draft_needs_human_signoff. | outputs/cert_equivalency/cert_equivalency_edges_resolved.csv |
| CIT-17 | Information security role task evidence should come from O*NET. | O*NET's Information Security Analysts profile includes protecting files, monitoring malware reports, risk assessments, security-measure testing, and updating security files. | https://www.onetonline.org/link/summary/15-1212.00 |
| CIT-18 | Network security role task evidence should come from O*NET. | O*NET's Information Security Engineers profile includes identifying security weaknesses, monitoring systems for breaches or intrusions, assessing controls, scanning networks, and training staff on security standards. | https://www.onetonline.org/link/summary/15-1299.05 |
| CIT-19 | Support role task evidence should come from O*NET. | O*NET's Computer User Support Specialists profile includes daily system performance, setup, technical manuals, diagnostics, user inquiries, and minor repairs. | https://www.onetonline.org/link/summary/15-1232.00 |
| CIT-20 | Pay figures are occupation-level OEWS context only. | RoleMath's mapped BLS OEWS May 2025 context uses national median annual wages of $129,180 for Information Security Analysts, $116,580 for Computer Occupations, All Other, $61,860 for Computer User Support Specialists, and $63,890 for Telecommunications Equipment Installers and Repairers, Except Line Installers. | https://www.bls.gov/oes/special-requests/oesm25nat.zip |
| CIT-21 | Outlook figures are occupation-level context only. | RoleMath's mapped BLS Employment Projections 2024-2034 context uses 28.5% projected change and 16 thousand annual openings for Information Security Analysts; 8.2% and 31.3 thousand for Computer Occupations, All Other; -3.7% and 40.8 thousand for Computer User Support Specialists; and -4.2% and 13.2 thousand for Telecommunications Equipment Installers and Repairers, Except Line Installers. | https://www.bls.gov/emp/ind-occ-matrix/occupation.xlsx |
| CIT-22 | Metro pay context is regional planning context only. | RoleMath's real-pay layer uses BLS OEWS May 2025 and BEA Regional Price Parities 2024, with suppression and employment thresholds, and treats metro figures as regional context only. | outputs/real_pay_by_metro/summary.csv |
| CIT-23 | Employer-language snapshots are qualitative current wording only. | RoleMath's current panel captured 2026-06-20 public ATS samples for cybersecurity, SOC, IT security operations, network security, help desk, and field-network roles with explicit guardrails against market-demand and trend claims. | outputs/demand_language_panel/current_role_panels.json |
| CIT-24 | Public ATS source families should be cited as source surfaces only. | RoleMath's public ATS pilot uses public source families such as Greenhouse, Ashby, Lever, Workday, Teamtailor, and USAJOBS as qualitative wording sources, not representative labor-market data. | https://developers.greenhouse.io/job-board/; https://developers.ashbyhq.com/docs/public-job-posting-api; https://hire.lever.co/developer/documentation#postings; https://www.workday.com/; https://developer.usajobs.gov/api-reference/ |
| CIT-25 | AI context should be treated as workflow evidence, not employment demand. | Anthropic's June 2026 Economic Index provides descriptive Claude usage context; RoleMath uses it as workflow evidence only, not a demand, job-loss, or credential-value signal. | https://www.anthropic.com/research/economic-index-june-2026-report |
| CIT-26 | The Anthropic Economic Index dataset requires careful attribution and caveating. | The Anthropic Economic Index dataset is published on Hugging Face under CC-BY. RoleMath uses it as one AI-usage signal, not proof of labor demand, job loss, personal fit, or credential value. | https://huggingface.co/datasets/Anthropic/EconomicIndex |
| CIT-27 | LLM exposure should be framed as task-capability overlap rather than personal forecast. | Eloundou et al. frame LLM exposure as potential task effect rather than a direct employment replacement claim. | https://www.science.org/doi/10.1126/science.adj0998 |
| CIT-28 | Previous-year and future employer-language claims remain blocked. | RoleMath's trend-readiness gate has one comparable snapshot group, zero trend-ready groups, and requires two more comparable snapshots plus 60 more days before previous-year or prediction claims can publish. | outputs/demand_language_panel/trend_readiness.json |