Shawn McCarthy | Where to get help on DOD security training
- By Shawn McCarthy
- May 19, 2007
Shawn P. McCarthy
Defense Department information technology managers are starting to come to terms with DOD Directive 8570.01, and many are finding the reality a bit unsettling.
The directive requires that all DOD personnel and contractors who conduct information assurance functions in assigned duty positions worldwide achieve specific levels of certification, depending on their jobs. Some parts of the requirement must be met within two years.
Because certification classes and tests can be both time-consuming and hard to come by, it can be expensive and frustrating to send employees for training and testing.
Here is a sampling of affordable alternatives.
- The Critical Infrastructures and Cyber Protection Center at Capitol College is an online program, but the classes are still taught in a live, interactive setting. Current classes are offered on five consecutive Saturdays with Certified Information Systems Security Professional-qualified practitioners.
Their solution is competitively priced at $1,650 per person. An academic and government rate of $1,400 per person is available for groups of 12 to 15. Details can be found at GCN.com/771.
- Transfer the certification requirement to contractors. Although this applies to contract employees rather than DOD personnel, it is reasonable to expect contractors to pick up the cost for training their employees.
Depending on how contracts are structured, contractors may be required to provide certification without seeking additional government funding.
- DOD reports that Defensewide Information Assurance Program personnel are available to provide briefs and support regional or major command workshops for 8570 implementation and planning. Managers seeking training should work within their Component Human Resources offices to plug into a regional plan. In some cases, discount training may be available.
- Cyberciege is a network management simulation game that allows participants to role-play as network managers ' with a strong focus on security.
Although this solution doesn't lead directly toward certification, it provides good practice for real-world network issues.
The game, which was developed in part by the Center for Information Systems Security Studies and Research at the Naval Postgraduate School, allows participants to buy and configure computers, servers, operating systems and other network devices.
The DOD components of the certification testing must use certifications approved by the office of the Assistant Secretary of Defense for Networks and Integration as minimum certification requirements.
Some people are confused by the difference between 8570.1 and 8570.1-M.
- 8570.1 is the Information Assurance Training, Certification, and Workforce Management directive issued Aug. 15, 2004. It establishes policies and gives details on what certifications are needed and what's involved. Details can be viewed at GCN.com/772.
- 8570.1-M is the Information Assurance Workforce Improvement Program directive issued Dec. 19, 2005. It's more of a manual about who needs to be certified, with guidance and procedures for the training, certification and management of the DOD workforce. Details can be viewed at GCN.com/773.
Many different groups offer 8570.1 certification and training.
By doing a little early research and price comparison, managers should be able to find affordable solutions for their training needs.
Planning is essential, because some of the trainers will offer only a couple of courses this summer and fall.Shawn P. McCarthy is senior analyst and program manager at IDC Government Insights, in McLean, Va. E-mail him at email@example.com.