Skip to main content
Everything You Need to Know About the DoD 8140 Directive

Everything You Need to Know About the DoD 8140 Directive

Looking for an at-a-glance breakdown of the DoD 8140 Directive? This comprehensive guide provides a clear and concise overview. From key points and work role mapping to compliance timelines and practical implications, the guide is packed with the essential details to help you understand and apply the directive.

Download the Guide
Jump to:

Mapped. Approved. Mission-Ready.

Learn more about DoD 8140 through a series of short videos covering key topics, along with a full interview featuring Matt Isnor, Program Lead for Cyberspace Workforce Development in the DoD CIO Office and one of the principal architects of the 8140 program.

How to Become 8140 Compliant

Learn what it takes to meet DoD 8140 requirements, including qualification pathways, role alignment, and timelines for both service members and contractors.

Watch Here

What is DoD8140

Explore the purpose and scope of DoD 8140, how it replaces legacy frameworks, and what it means for managing and validating cyber roles across the Department of Defense.

Watch Here

Benefits for Security Leaders

See how DoD 8140 helps leaders align talent to mission needs, improve readiness, and create a more standardized, accountable cyber workforce.

Watch Here

Benefits for Individuals

Understand how DoD 8140 clarifies career paths, validates skills, and helps individuals navigate training and qualification expectations across cyber roles.

Watch Here

Workforce Development and Retention Tips

Discover how DoD 8140 supports long-term workforce planning by enabling better hiring decisions, targeted development, and stronger retention of cyber talent.

Watch Here

What to Expect from the DoD 8140 Directive Guide

Implemented in 2023, the DoD 8140 establishes a comprehensive, unified framework for developing a resilient and capable cybersecurity workforce. To address expanding requirements, the DoD has standardized cybersecurity training, certifications, and education processes to ensure the affected job roles are well-equipped and confidently prepared.

What’s Inside?

  • Who is affected by Dod 8140?
  • What are the DoD 8140 requirements?
  • Approved certification and training
  • Work role mapping to certifications
  • Timeline and key dates
Blue Icon of a Book Surrounded By Arrows

Who is Affected by DoD 8140

All DoD personnel assigned to positions requiring the performance of cyberspace work, in accordance with the DoD Cyberspace Workforce Framework (DCWF). This includes Service members, DoD civilian employees (including non-appropriated fund employees), personnel who provide contracted services (referred to in this issuance as "contractors"), and foreign nationals.

  • Office of the Secretary of Defense
  • Military Departments
  • Chairman of the Joint Chiefs of Staff
  • Combatant Commands
  • Office of the Inspector General of the DoD
  • US Coast Guard
  • Defense Agencies
  • DoD Field Activities
  • All other organizational entities in the DoD
Military Team in Cyber Operations Room

DoD 8140 Qualification Requirements and Compliance Timeline

Overview of required qualification elements under DoD 8140, including foundational and residential requirements, proficiency levels, certification/training pathways, ongoing maintenance obligations, and key workforce compliance deadlines.

Requirements

Foundational Qualification

  • Proficiency Levels - Basic, Intermediate and Advanced
  • Options - Certification (GIAC), Training (SANS) and Education (SANS EDU)

Residential Qualification

  • On the Job Qualification - Always Required
  • Environment-Specific Requirements - Component Discretion

Annual Maintenance

  • Certification CPE's (Keep Current) or 20 Hours Annually

Compliance Timeline

DoD Cybersecurity Workforce

  • Foundational - 15 February 2025
  • Residential - 15 February 2026

DoD Cyberspace IT, Cyberspace Effects, Intelligence (Cyberspace), and Cyberspace Enabler Workforce Elements

  • Foundational - 15 February 2026
  • Residential - 15 February 2027

Approved GIAC Certifications and Corresponding Affiliate Training

8140 Framework Categories

The 8140 Framework Categories are a high-level grouping of common cybersecurity functions. Select a category below to help you identify the right certifications and affiliate training for your current or desired cybersecurity role.

Servers with Cog

Cyber IT

Personnel who design, build, configure, operate, and maintain IT, networks, and capabilities. This includes actions to prioritize implement, evaluate, and dispose of IT as well as information resource management; and the management, storage, transmission, and display of data and information.

Learn More
Browser Page with Lock and Shield

Cybersecurity

Personnel who secure, defend, and preserve data, networks, net-centric capabilities, and other designated systems by ensuring appropriate security controls and measures are in place, and taking internal defense actions. This includes access to system controls, monitoring, administration, and integration of cybersecurity into all aspects of engineering and acquisition of cyberspace capabilities.

Learn More
Three Figures Under Lock and Shield

Cyber Enablers

Personnel who perform work roles to support or facilitate the functions of cyber IT, cybersecurity, cyberspace effects, or intelligence workforce (cyberspace) work roles. This includes actions to support acquisition, training and leadership activities.

Learn More
Monitor With Cog

Software Engineering

Learn More
Cloud with Lines Going into It

Data/AI

Coming soon!

Learn More

Additional Information

Military Man in an operations center

Customer Reviews

  • Slide 1 of 3

    As our C4 systems become netcentric and more linked with our weapons systems, it is essential that our IA workforce be up to the task of securing our networks. I am proud to be on the cyber defense line with such a competent industry partner that understands the needs of the defense department and is willing to work with us to help accomplish this difficult task.

    Mike KnightNaval NetWar Command
  • Slide 2 of 3

    Training offered by SANS pertains to best practices so rubber hits the road.

    Michael EmmonsUSMC
  • Slide 3 of 3

    As part of the Raytheon IIS Information Security Engineering group, we send nearly all of our new hires through the SANS Security Essentials Bootcamp training classes to ensure they have the fundamental skills necessary to work in our environment. We view GIAC certifications as an essential part of this process. GIAC Certification helps ensure both our management and our customers that our employees understand how to build secure systems.

    Monty McDougalRaytheon

Download Your Comprehensive Guide to the DoD 8140 Directive

US

Subscribe to GIAC’s Monthly Newsletter

Receive expert insights, priority access to certifications, essential updates on regulatory changes and industry developments.