Approximately 2,100 professionals in the Defense Intelligence community are gathered this week at the 2010 Annual Department of Defense Intelligence Information Systems (DoDIIS) Worldwide Conference, hosted by the DIA’s (Defense Intelligence Agency) Directorate for Information Management. There is a lot of buzz in the air about the status of the DoD 8570, as December 2010 was set as the deadline for compliance. I have been very interested in 2 key questions:
- How close are the components to achieving 8570 Compliance?
- How effective has the DoD 8570 been in improving the Information Assurance / Cyber Security Work Force in the DoD?
I found from talking to folks and attending some presentations that the DoD 8570 can be considered a success story, but that it has also exposed significant problems. It’s a success in that internal studies have shown that 8570 certified IA professionals can detect threats better, that certified individuals who are trained in their respective “Computing Environment” (such as CCNAs or other vendor certified individuals) are better at defending systems in Red Team tests performed at agency events, and that overall IA skills performance is measurably superior for individuals that have taken the steps towards training and certifying for 8570 compliance. There is also the extremely important fact that retention of talent is 100% better in units that are pushing for certification.
On the problematic side, however, overall compliance of the components seems to be guess work and a moving target. Officials are reporting “somewhere between 60% and 70% compliance so far”. Identifying the IA workforce is not cut and dry, apparently. It is also suggested from officials that ‘we will never make 100% compliance”, largely due to turnover.
Last note before I get back to the show: As many have expected, it looks very likely that the DIAP will extend the deadline out an additional year. CAVEAT: This does NOT mean that the components will be changing their deadlines: The Navy, Air Force, Marines and Army may very well aim for compliance by year end, and this means that the IA workforce needs to keep plowing ahead with there certification and training missions.
Barry Kaufman, CISSP, CEH, MCSE, ITILv3
Worldwide Line of Business Executive, InfoSec and Boot Camps
Fast Lane US: www.fastlaneus.com