One of the more exciting “disturbances in the force” in the United States Department of Defense (DoD) and the global upskilling industry occurred in February 2023. That is when the DoD CIO Office published the DoD 8140.03 Manual that superseded the previous DoD 8570.01 Manual and defined how the 8140 Directive would operate. The goals of the 8140 Directive are to:
- Provide a larger array of standards-based certification and training options based on 72 work roles that the 8140 Directive currently defines. That list will change over time. The 72 work roles run the gamut, from software developer and data scientist to AI engineer and cyber defense incident responder. Under the 8140 program, “Cyber” includes cybersecurity and IT.
- Allow DoD workers to choose between certification and training options. For example, learners can select their certification for well-defined work roles or assessment-based training for emerging technologies. The goal is to widen the aperture to allow the choice of creative, compelling learning options that make learning easier, more hands-on and more practical.
- Attract, upskill and retain a more inclusive, diverse workforce and track their progress. Moving forward, the DoD workforce must reflect the unique diversity of skills, perspectives and experiences found in the overall population. Plus, all workers will have a record of their learning achievements.
We’re excited to help put the 8140 Directive to work.
Mutual Goals, Similar Perspectives
CompTIA shares very similar goals to D8140. Why? Because we listen very carefully to technologists, corporations, non-profits and governments around the world. As a result, we have a comprehensive, holistic perspective. Our certification and training offerings have grown over the years to include IT, cybersecurity, data, software development and AI. We provide a unique depth and breadth of foundational and advanced offerings. We don’t just focus on traditional “cybersecurity” in isolation. We have naturally reached the same conclusions and are addressing the same needs as D8140.
CompTIA has had the privilege of working closely with the DOD CIO 8140 leadership team, including its leader, Mark Gorak, Principal Director for Resources and Analysis in the office of the Chief Information Officer (CIO). Together, we have also been able to work with additional workforce authorities, including Seeyew Mo, Assistant National Cyber Director for the White House, and Christopher Paris, Acting Director, Cyber Workforce at the U.S. Department of Veterans Affairs. It’s been quite the ride.
With D8140’s Mark Gorak at the September 2023 Billington Annual Conference
Recently, for example, we have worked closely with the D8140 contractors to refine their procedures and a few policies. In one case, we provided information that helped them train the generative AI solution used to evaluate training and certification program content. In another case, we have assisted in organizing how training entities are listed. CompTIA’s Subject Matter Experts (SMEs) have also co-presented at various events from Washington, D.C. to Frankfurt, Germany. It’s refreshing to experience this level of cooperation. This is all in the same spirit as our work with NIST NICE to create CyberSeek.
From the Pillars of IT to Critical Work Roles
Our mutual upskilling journey with the U.S. DoD started with our research and our Exam Services division’s unique ability to gather input from working SMEs. For example, some years ago, CompTIA’s very own Seth Robinson, Vice President, Industry Research, posted a blog about the four pillars of an IT framework.
The CompTIA Four Pillars of IT
Since then, we have conducted extensive research and created education offerings based on subject matter input to fulfill work roles found in each of these pillars. We have focused on key technical personas and needs. Check out the following work roles that we have identified over the years.
You’re viewing roughly 90% of tech careers that exist right now. This naturally includes many of the work roles currently defined by D8140. The wording isn’t exactly the same; many names exist for similar work roles, as found in the NIST NICE knowledge and skills definitions or the US DoD Cyber Workforce Framework (DCWF). In some ways, the name differences don’t matter. What matters is that CompTIA has already acted to expand our focus to all four pillars, and to many different work roles. We have, for example, worked closely with D8140’s Matt Isnor, Program Lead, Cyberspace Workforce Development at the United States Department of Defense and Karen Wetzel, Manager of the NICE Framework, as well as Melanie Kyle Gingrich, Interim Executive Director at the Cybersecurity Assessor and Instructor Certification Organization (CAICO), part of The Cyber AB and a key player in CMMC 2.0 education.
Tara Dean and the CompTIA team with 8140’s Matt Isnor and NICE’s Karen Wetzel
Putting 8140 to Work: The 8140 Marketplace
So, how well do CompTIA’s pathways map to the 8140 Directive? Incredibly well. One of the first certifications approved under D8140 was CompTIA Security+. That’s probably no surprise. We learned that the Security+ certification maps to 20 different work roles – among the highest of any certification or training offering. CompTIA CySA+ and PenTest+ are also officially now part of D8140. Stay tuned for many more CompTIA certifications and training offerings to be added to the D8140 Marketplace.
If you’re interested in how CompTIA education standards and certifications put D8140 to work, check out the DoD 8140 Cyber Workforce Qualification Provider Marketplace. It’s like the Google search for D8140.
TThe 8140 Cyber Workforce Qualification Provider page
Using this site, you can conduct searches to discover the certification and training offerings that have been approved or are in the process of D8140 approval. You can conduct searches by provider name, the name of an ISO or ANSI/ANAB accredited provider, or a certification, such as CompTIA Security+.
8140-Approved Certifications
At this time of this writing, CompTIA is approved for seven certifications spanning 31 work roles. Here is a list of those work roles, and we will update the list as more certifications are approved.
Certification | Work Roles |
| · 411 - Technical support specialist · 431 - Knowledge manager · 441 - Network operations specialist · 451 - System administrator · 461 - Systems security analyst · 511 - Cyber defense analyst · 521 - Cyber defense infrastructure support specialist · 531 - Cyber defense incident responder · 541 - Vulnerability assessment analyst · 612 - Security control assessor · 622 - Secure software assessor · 641 - Systems requirements planner · 671 - System testing and evaluation specialist · 722 - Information systems security manager · 723 - COMSEC manager · 752 - Cyber policy and strategy planner · 801 - Program manager · 802 - IT project manager · 804 - IT investment/portfolio manager · 805 - IT program auditor |
· 111 - All-source analyst · 141 - Warning analyst · 211 - Forensics Analyst · 212 - Cyber defense forensics analyst · 221 - Cyber crime investigator · 461 - Systems security analyst · 511 - Cyber defense analyst · 531 - Cyber defense incident responder · 541 - Vulnerability assessment analyst · 612 - Security control assessor | |
· 121 - Exploitation analyst · 212 - Cyber defense forensics analyst | |
· 221 - Cyber crime investigator · 461 - Systems security analyst · 511 - Cyber defense analyst · 531 - Cyber defense incident responder · 541 - Vulnerability assessment analyst · 612 - Security control assessor · 622 - Secure software assessor · 631 - Information systems security developer · 641 - Systems requirements planner · 651 - Enterprise architect · 652 - Security architect · 661 - Research and development specialist · 722 - Information systems security manager · 723 - COMSEC manager · 801 - Program manager · 802 - IT project manager · 803 - Product support manager · 804 - IT investment/portfolio manager · 805 - IT program auditor | |
· 411 - Technical support specialist · 441 - Network operations specialist · 451 - System administrator | |
· 411 - Technical support specialist · 451 - System administrator · 521 - Cyber defense infrastructure support specialist | |
· 441 - Network operations specialist · 451 - System administrator · 651 - Enterprise architect · 652 - Security architect |
Check the D8140 marketplace for updates as more CompTIA certifications and work roles are approved in the near future.
Expanded Offerings and Creative Learning Options
It’s not enough just to assess. Tech workers deserve creative learning solutions, as well. Learning and assessment are two very different activities and should be treated separately. When it comes to learning, we have championed hands-on, practical learning for decades. CompTIA has focused on creating labs, competitions and cyber ranges as appropriate ways to build skills. We have developed unique, adaptive learning tools that help students internalize knowledge more quickly. Our continued experimentation with adaptive learning tools that reduce repetition in learning and our work to create authentic, simulated work environments or deliver learning seamlessly in actual work environments continues. They are natural fits for the D8140 program.
We have also focused on continuing education. We have long recognized that learners need to track their learning accomplishments, what I call “indicators of achievement.” It was interesting, then, to see how D8140 also focused on monitoring learners as they continuously upskill. We have been actively working with the DoD to provide continuing education information.
Standards and Compliance
To ensure quality and fairness, all certification and training options, except for military schoolhouses and universities designated as NSA Centers of Excellence, must comply with the ISO 17024 standard or the ANSI/ANAB 2659 standard. All CompTIA certifications are created by the processes defined by ISO 17024. To learn more about why these standards matter, check out the ANSI/ANAB resource called How Credentials Differ. You may also wish to read ANAB’s Benefits of ANAB Accreditation page.
Making Wise Choices for DoD Workers: Portability
The D8140 program is in its infancy. It will continue to grow, adapt and morph along with the IT industry and the needs of the U.S. DoD. My guess is that you will see significant changes in the 8140 Directive and its offerings through the years. But one thing will never change: Most DoD tech workers transition out of the military. That means these workers will need proof of their achievements.
Never underestimate the importance of portability for military and government workers: Any central government is a major supplier of workers to the global workforce. All industry sectors, from healthcare to manufacturing and finance, hire former military tech workers. These individuals deserve to benefit from industry-recognized certifications earned while supporting the DoD.
So, there’s the latest about the 8140 program. If you have any questions, please contact us using any of the information listed on the Contact Us page or email GovernmentSales@CompTA.org. To learn more about CompTIA certifications and learning products, visit our website at www.comptia.org.
Contributors to this blog include CompTIA’s Tara Dean, Senior Account Director, Government; Patrick Lane, Director of Product Management; and Jackie Rojas, Senior Marketing Manager, Government and Partners.
