DoD Directive 8570.01 Certification Requirements

DoD 8570 requires two certifications for compliance, an approved IA certification based on your assigned IAT level and a Computing Environment (CE) certification based on the equipment and software you work with for your primary duties. The DoD 8570 Information Assurance Workforce Improvement Program website has a good FAQ section that answers many questions regarding the requirements. The specific FAR clause for contractors, which references the requirement, is displayed below along with direct links to the DoD source.

DISA 8570 IAWIP Frequently Asked Questions: http://iase.disa.mil/eta/iawip/iaetafaq.html#G6

"252.239-7001 Information Assurance Contractor Training and Certification.

As prescribed in 239.7103(b), use the following clause:

INFORMATION ASSURANCE CONTRACTOR TRAINING AND CERTIFICATION

(JAN 2008)

(a) The Contractor shall ensure that personnel accessing information systems have the proper and current information assurance certification to perform information assurance functions in accordance with DoD 8570.01-M, Information Assurance Workforce Improvement Program. The Contractor shall meet the applicable information assurance certification requirements, including—

(1) DoD-approved information assurance workforce certifications appropriate for each category and level as listed in the current version of DoD 8570.01-M; and

(2) Appropriate operating system certification for information assurance technical positions as required by DoD 8570.01-M.

(b) Upon request by the Government, the Contractor shall provide documentation supporting the information assurance certification status of personnel performing information assurance functions.

(c) Contractor personnel who do not have proper and current certifications shall be denied access to DoD information systems for the purpose of performing information assurance functions.

(End of clause)"

Source Link: http://farsite.hill.af.mil/reghtml/regs/far2afmcfars/fardfars/dfars/dfars252_237.htm#P503_29044

8570 IA Baseline Certification Requirement:

For the 8570 IA baseline certification, you must have one of the certifications listed above based on the IA level your position is assigned.

Source Link: http://iase.disa.mil/eta/iawip/content_pages/iabaseline.html#baseline-cert

8570 Computing Environment (CE) Certification Requirement:

The official requirement can be found on page 23 of the current approved DoD 8570.01-M

DoD 8570.01-M, December 19, 2005

"C3.2.4.8.3. In addition to the IA baseline certification requirement for their level, IATs with privileged access must obtain appropriate Computing Environment (CE) certifications for the operating system(s) and/or security related tools/devices they support as required by their employing organization. If supporting multiple tools and devices, an IAT should obtain CE certifications for all the tools and devices they are supporting. At a minimum the IAT should obtain a certification for the tool or device he or she spends the most time supporting. For example, if an IAT is spending most of his or her time supporting security functions on a CISCO router, the IAT should obtain a CE certification for that equipment."

Source Link: http://www.dtic.mil/whs/directives/corres/pdf/857001m.pdf