The Plain Writing Act of 2010 requires government agencies to adhere to government-issued guidelines to ensure that the public can understand government communications. Sadly, that requirement may not be apparent in the directives and instructions of the US Department of Defense (DoD). Trying to understand terms such as directive, memorandum, instruction, and issuances is challenging. Determining what specific directives or instructions mean can feel overwhelming.
What Is a DoD Directive?
DoD directives describe or establish policies that govern or regulate operations of the DoD required by law, the Executive branch, or the Secretary of Defense. Directives may address the following:
- Define missions
- Provide authority
- Assign responsibilities
Directives are designed for long-term or ongoing actions and are not used for one-time assignments. A memorandum may be issued as a directive if time limits prohibit using the directives system.
What Is a DoD Instruction?
DoD instructions guide DoD components on the implementation of a policy, plan, or action. It defines operational standards, assigns responsibilities, and outlines specific actions for executing a directive. The DoD may publish various documents to supplement instructions. These publications may include documents such as:
DoD 8570.01-m is an example of a publication issued in support of DoD 8570.
What Is DoD 8570?
- Privileged users and Information Assurance (IA) managers must be qualified, trained, and certified to baseline requirements.
- IA personnel must be tracked to ensure that all positions are staffed according to directive standards.
- IA training and certification must be monitored and recorded.
The goal of Directive 8570 was to ensure mission readiness for cybersecurity personnel. As part of 8570, the DOD issued 8570.01-m which is a manual that outlines skill levels, categories, and functions of cybersecurity roles. Directive 8140 has replaced 8570; however, 8570.01-m has not been replaced.
What Is DoD 8570.01-m?
DoD 8570.01-m lists approved IT certifications for each role identified under 8570. The DoD uses the certifications to ensure IA and cybersecurity staff are trained in the latest cybersecurity defenses. The DOD divides these roles into four broad categories.
- Information Assurance Technical (IAT)
- Information Assurance Management (IAM)
- Information Assurance Security Architecture and Engineering (IASAE)
- Cyber Security Service Provider (CSSP)
Each IA category has three levels of certification. The CSSP role has three areas of specialization.
The Information Assurance Technical (IAT) category is focused on technical knowledge. Individuals in this group can move toward management positions at level 3.
The category of Information Assurance Management (IAM) is more focused on management and decision-making when working with cybersecurity and information assurance personnel. IAM is a path toward management roles in government cybersecurity.
Information Assurance Workforce System Architecture and Engineering (IASAE) is a category for engineers and architects who design and secure information systems.
The Cybersecurity Services Provider has three areas of specialization:
- Information Systems Security Architecture Professionals are chief security architects and analysts.
- Information Systems Security Engineering Professionals focus on problem-solving to strengthen security systems.
- Information Systems Security Management Professionals are security specialists focusing on the management of the cybersecurity ecosystem.
Some changes in certification requirements are expected as part of DoD directive 8140; however, the precise changes will not be known until late 2022 or early 2023.
Understanding DoD Directives and Instructions
Navigating government documents can be challenging. When a new directive replaces an existing one, determining the changes and what they mean for an organization can be frustrating. Instead of trying to wade through the government-issued publications, consider talking to Cask Government Services.