Department of Defense Expands List of Approved Baseline Certs
Get ready for some acronyms, because the Defense Department's Approved Baseline Certifications chart is basically one big collection of same. The chart, which basically divides IT security workers into roles, levels, and specialties, expanded this month, with a handful of credentials either new to the fold entirely, or newly approved for some of the various roles.
Let's have a look:
Source: IASE DoD Approved 8570 Baseline Certifications (Updated February 2019)
Meet and Understand the Approved Baseline Certs
The first row of the chart is for Information Assurance Technicians, across levels I, II, and III. You'll see the level of complexity and background/experience requirements as you move from left to right therein, with entry level stuff at left, mid-career/mid-range stuff in the middle, and higher-end/master/expert level stuff at the right.
Go down a row, and you're in Information Assurance Manager country, with the same general left to right march through complexity, background, and experience at work. Notice this is where the first new item appears (in red) under both IAM Level II and IAM Level III labels. I'll explain all of the new items in detail after marching through the rest of this chart.
The acronym for the third row is a mouthful: IASAE stands for Information Assurance System Architect or Engineer. These are technical specialists who work with design and implementation of information assurance environments, and act as a higher-level of support or guidance for the two preceding levels throughout the information assurance lifecycle.
The fourth row acronym, CSSP, stands for Cyber Security Service Provider. This covers positions within security-focused IT operations that offer security-based services to the rest of the overall agglomeration of information assurance job roles in the chart.
Where others focus on ensuring and maintaining security in various operations and activities, these job roles focus on delivering secure, vetted services to consumers of such things, and on ensuring that the infrastructure over which services are delivered is secure.
A CSSP is called upon to investigate when and as security incidents are reported; such incidentd must be handled, documented, and responded to. This level gained two new items in the latest update, one for CSSP Infrastructure Support, the other for CSSP Incident Responder.
The fifth row in the chart also belongs to the Cyber Security Service Provider realm. At left is the Auditor role, responsible for routine and regular assessments of security posture, compliance, and testing thereof.
The final item in that row belongs to the Manager role. The manager is the person responsible for planning, budgeting, and managing the CyberSecurity Service Provider function. Each of these two roles also gained a new certification in the latest update too.
Items Added or Approved for New Roles in February 2019
CCISO — Certified Chief Information Security Officer
Offered by EC-Council / Approved for IAM.III, CSSP Manager
CFR — CyberSec First Responder
Offered by CertNexus / Approved for CSSP Infrastructure Support, Auditor
CHFI — Computer Hacking Forensics Investigator
Offered by EC-Council / Approved for CSSP Incident Responder
There's a lot of time, effort and expense involved in making it onto this table. It almost serves as a guarantee of sorts for future uptake of the certs named, which often translates into training and testing dollars for the sponsoring organizations. It's quite an accomplishment, and items get added only sparsely and seldom.
For IT pros interested in (a) information security/cybersecurity topics and (b) possible employment with government (or those of its contractors who adhere to these guidelines), however, it's a roadmap to future cert planning and pursuit.