DoDD 8140 | SANS Institute

What is DoDD 8140?

The updated DoD 8140 Qualification Program, implemented February 2023, provides a comprehensive approach to managing cyber workforce talent. It establishes baseline standards for qualifications that directly support operational needs and workforce readiness. With the expansion of the DoD 8140 Cyber Workforce Qualification Program, around 225,000 military, civilian, and contractor positions will have foundational and residential qualification criteria for each DoD Cyber Workforce Framework role. These roles align with our GIAC cybersecurity focus areas, including Cyber Defense, Forensics, Management, Cloud, and Offensive Operations, offering options that equip individuals with real-world skills and testing. This strategy and program aim to enable the DoD to develop and deploy an agile, capable, and ready cyber workforce.

Learn More

Who is Affected by DoDD 8140

All DoD personnel assigned to positions requiring the performance of cyberspace work, in accordance with the DoD Cyberspace Workforce Framework (DCWF). This includes Service members, DoD civilian employees (including non-appropriated fund employees), personnel who provide contracted services (referred to in this issuance as "contractors"), and foreign nationals.

Office of the Secretary of Defense
Military Departments
Chairman of the Joint Chiefs of Staff
Combatant Commands
Office of the Inspector General of the DoD
US Coast Guard
Defense Agencies
DoD Field Activities
All other organizational entities in the DoD

DoDD 8140 Requires:

Foundational Qualification
- Proficiency Levels - Basic, Intermediate and Advanced
- Options - Certification (GIAC), Training (SANS) and Education (SANS EDU)
Residential Qualification
- On the Job Qualification - Always Required
- Environment-Specific Requirements - Component Discretion
Annual Maintenance
- Certification CPE's (Keep Current) or 20 Hours Annually

Compliance Timeline:

DoD Cybersecurity Workforce
- Foundational - 15 February 2025
- Residential - 15 February 2026
DoD Cyberspace IT, Cyberspace Effects, Intelligence (Cyberspace), and Cyberspace Enabler Workforce Elements
- Foundational - 15 February 2026
- Residential - 15 February 2027

Approved GIAC Certifications and Corresponding Affiliate Training*

*Additional certification options are continuously being added to the DoD8140 Directive.

8140 Framework Categories

The 8140 Framework Categories are a high-level grouping of common cybersecurity functions. Select a category below to help you identify the right certifications and affiliate training for your current or desired cybersecurity role.

Cyber IT

Personnel who design, build, configure, operate, and maintain IT, networks, and capabilities. This includes actions to prioritize implement, evaluate, and dispose of IT as well as information resource management; and the management, storage, transmission, and display of data and information.

Learn More

Cybersecurity

Personnel who secure, defend, and preserve data, networks, net-centric capabilities, and other designated systems by ensuring appropriate security controls and measures are in place, and taking internal defense actions. This includes access to system controls, monitoring, administration, and integration of cybersecurity into all aspects of engineering and acquisition of cyberspace capabilities.

Learn More

Cyber Enablers

Personnel who perform work roles to support or facilitate the functions of cyber IT, cybersecurity, cyberspace effects, or intelligence workforce (cyberspace) work roles. This includes actions to support acquisition, training and leadership activities.

Learn More

Cyber Effects

Personnel who plan, support, and execute cyberspace capabilities where the primary purpose is to externally defend or conduct force projection in or through cyberspace.

Learn More

Intelligence (Cyberspace)

Personnel who collect, process, analyze, and disseminate information from all sources of intelligence on foreign actors' cyberspace programs, intentions, capabilities, research and development, and operational activities.

Learn More

Software Engineering

Learn More

Data/AI

Coming Soon!

Additional Information

DoD 8140 Cyber Workforce Qualification Provider Marketplace DoD CIO Cyber Workforce Recording

Reviews

Read what others have to say about SANS Training.

As our C4 systems become netcentric and more linked with our weapons systems, it is essential that our IA workforce be up to the task of securing our networks. I am proud to be on the cyber defense line with such a competent industry partner that understands the needs of the defense department and is willing to work with us to help accomplish this difficult task.

Mike Knight

- Naval NetWar Command

Training offered by SANS pertains to best practices so rubber hits the road.

Michael Emmons

- USMC

As part of the Raytheon IIS Information Security Engineering group, we send nearly all of our new hires through the SANS Security Essentials Bootcamp training classes to ensure they have the fundamental skills necessary to work in our environment. We view GIAC certifications as an essential part of this process. GIAC Certification helps ensure both our management and our customers that our employees understand how to build secure systems.

Monty McDougal

- Raytheon

US Department of Defense 8140 Mandate

What is DoDD 8140?

Who is Affected by DoDD 8140

DoDD 8140 Requires:

Approved GIAC Certifications and Corresponding Affiliate Training*

Cyber Defense

Digital Forensics & Incident Response

Offensive Operations

Cloud Security

Leadership

Industrial Control Systems

SANS EDU

8140 Framework Categories

Additional Information

Reviews