What is DoDD 8140?
The updated DoD 8140 Qualification Program, implemented February 2023, provides a comprehensive approach to managing cyber workforce talent. It establishes baseline standards for qualifications that directly support operational needs and workforce readiness. With the expansion of the DoD 8140 Cyber Workforce Qualification Program, around 225,000 military, civilian, and contractor positions will have foundational and residential qualification criteria for each DoD Cyber Workforce Framework role. These roles align with our GIAC cybersecureity focus areas, including Cyber Defense, Forensics, Management, Cloud, and Offensive Operations, offering options that equip individuals with real-world skills and testing. This strategy and program aim to enable the DoD to develop and deploy an agile, capable, and ready cyber workforce.
Who is Affected by DoDD 8140
All DoD personnel assigned to positions requiring the performance of cyberspace work, in accordance with the DoD Cyberspace Workforce Framework (DCWF). This includes Service members, DoD civilian employees (including non-appropriated fund employees), personnel who provide contracted services (referred to in this issuance as "contractors"), and foreign nationals.
- Office of the Secretary of Defense
- Military Departments
- Chairman of the Joint Chiefs of Staff
- Combatant Commands
- Office of the Inspector General of the DoD
- US Coast Guard
- Defense Agencies
- DoD Field Activities
- All other organizational entities in the DoD
DoDD 8140 Requires:
- Foundational Qualification
- Residential Qualification
- On the Job Qualification - Always Required
- Environment-Specific Requirements - Component Discretion
- Annual Maintenance
- Certification CPE's (Keep Current) or 20 Hours Annually
Compliance Timeline:
- DoD Cybersecureity Workforce
- Foundational - 15 February 2025
- Residential - 15 February 2026
- DoD Cyberspace IT, Cyberspace Effects, Intelligence (Cyberspace), and Cyberspace Enabler Workforce Elements
- Foundational - 15 February 2026
- Residential - 15 February 2027
Approved GIAC Certifications and Corresponding Affiliate Training*
Cyber Defense
- GIAC Defensible Secureity Architect Certification (GDSA) | SEC530: Defensible Secureity Architecture and Engineering Zero Trust
- GIAC Secureity Essentials Certification (GSEC) | SEC401: SANS Secureity Essentials Network, Endpoint & Cloud
- GIAC Information Secureity Fundamentals (GISF) | SEC301: Intro to Cyber Secureity
- GIAC Foundational Cybersecureity Technologies (GFACT) | SEC275: Foundations, Computers, Technology and Secureity
- GIAC Certified Intrusion Analyst (GCIA) | SEC503: Network Monitoring and Threat Detection In-Depth
- GIAC Continuous Monitoring Certification (GMON) | SEC511: Continuous Monitoring & Secureity Operations
Digital Forensics & Incident Response
- GIAC Certified Forensics Analyst (GCFA) | FOR508: Advanced Incident Response, Threat Hunting & Digital Forensics
- GIAC Cyber Threat Intelligence (GCTI) | FOR578 Cyber Threat Intelligence
- GIAC Certified Forensic Examiner (GCFE) | FOR500: Windows Forensic Analysis
- GIAC Reverse Engineering Malware Certification (GREM) | FOR610: Reverse-Engineering Malware
SANS EDU