DoD 8570

How to Achieve DoD 8570 IAM Level III Compliance

Beth Osborne
August 13, 2018 by
Beth Osborne

The Department of Defense Information Assurance Training, Certification, and Workforce Management (DoD IAM)contains a plethora of different exams to test competence in the IT workforce. Within the DoD directive, Level 3 includes a series of baseline certifications that further validate I.T staff's skills and expertise.

Certifications within DoD IAM Level 3 comprises of three exams. An applicant only needs to acquire one of the approved certifications for each Information Assurance (IA) category. Those interested in Level 1 or 2 DoD certifications will not need to satisfy lower level stipulations if they are a DoD Level 3 IAM certificate holder. Conversely, lower level certifications cannot be used to qualify for a higher one.

Holding such certifications increases your value to a hiring HR manager, help remain up-to-date on advancements in technology, and aid employees to reach success at a faster rate than pursuing a career in IT without these certifications. They also unlock communities of IT leaders that provide networking opportunities with professionals that can further accelerate your career.

Save on DoD 8570 training

Save on DoD 8570 training

Certification boot camps available for every position category, specialty and level.

DoD 8570 IAM Level 3 Certifications' Requirements

Each unique DoD Level 3 certification offered by the DoD comes with its own set of requirements and is something that should be considered while selecting which is best for the IT professional and proceeding in formulating a study plan. Infosec Institute offers training boot camps with the highest pass rates in the IT industry. Links to each boot camp for the respective exam can be found in the links below.

Certified Information Security Manager (CISM) – A distinguished certification for information security professionals that showcases an understanding of IT and business.


  • Acquire a minimum of five years in the IT field and three years in IT management work within the IT job practice analysis areas (Governance, Risk Management, Program Development and Management, Incident Management).

    *This can be completed 10 years prior to taking the exam and up to 5 years after passing the exam.

  • Fill out the CISM Application within 5 years from passing the exam.
  • Schedule and pass the CISM Exam (450 points on an 800-point scale)
  • Adhere to the ISACA Code of Professional Ethics
  • Minimum of 20 contacts hours of CPE per year and 120 contact hours total over 3 years.

Certified Information Systems Security Professional (CISSP) – Globally recognized measurement of competency in designing, engineering, and implanting IT security programs.


  • Minimum five years paid full-time work experience within two of the eight domains in the CISSP (Asset Security, Security Architecture and Engineering, Security and Risk Management, Identity and Access Management, Software Development Security, Communication and Network Security, Security Assessment and Training, Security Operations).

    *A four-year college degree or other CISSP approved credential (CAEIAE degree or ISC2approved certification such as CompTIA Security+, CISA, or MCSE titles) fulfills up to one year of required experience but cannot be combined for more than one hour.

  • Schedule and pass the CISSP Exam (700 points on a 1000-point scale)
  • Acquire an endorsement from a practicing ISC2 credential holder.
  • *Link to endorsement form can be found here.
  • Adhere to the ISC2 Code of Ethics.
  • Acquire 120 continuing professional education credits within 3 years.

    *80 credits must be Type A credits.

The (ISC)2 also offers an Associate toward CISSP that allows individuals to prove their IT knowledge without fulfilling the requirements above. Those interested must simply pass the (ISC)2examination, pay dues, follow the CPE minimum necessities. From there, Associate certificate holders can begin working on the stipulations above to obtain their CISSP.

Global Information Assurance Certification (GIAC) – Examination for IT security professionals in managerial or supervisory positions.


  • Choose which GIAC Certification you wish to pursue.

    *There is a multitude of different certifications you can acquire through the GIAC ranging from Intermediate to Expert difficulty.

  • Schedule and pass the GIAC exam (68% required)

    *There are no prerequisites for registering for the GSLC exam.

  • Renew certification after 4 years.

It is important to evaluate each exam in detail to decide which makes the most sense to pursue. While only one is required, each one possesses their own strengths and weaknesses, whether they be the field of emphasis, cost, or other requirements after passing the exam. Infosec Institute offers courses for these exams as well as many others within the IT domain. They have been providing students with reliable study material and information security training for over 15 years. These utilities are powerful tools in preparation for these acquiring any one of these revered certifications.

Save on DoD 8570 training

Save on DoD 8570 training

Certification boot camps available for every position category, specialty and level.

DoD 8570 IAM Level 3 Information Assurance Functions

Understanding the computing and network environment, as well as enclave is essential within an IA career, and across all the examinations within the DoD IAM Level 3. The Computing Environment (CE) is a server with several devices operating from it. These devices can include the traditional computer, satellite, remote sensors, etc. The network environment is connected to an enclave, or in other words, two different networks controlled by security procedures and policies. It is divided from the rest of the network, limiting internal access to a section of the given network through firewalls, administrative restrictions, and VPNs.

Completing Level 3 of the DoD IAM will open many options within worthwhile careers. An IAM Level 3 certificate holder can expect to make $90-170K a year. Common job titles include top-level:

  • Information Assurance Engineer
  • Infrastructure Cloud Engineer
  • Cybersecurity Engineer
  • Risk Management Engineer
  • Information Assurance Manager
  • Information Assurance Analyst
  • Security Control Assessor
  • Solution Architect

Individuals in these careers generally are responsible for ensuring customer's Information Systems are secure and functional and developing security procedures and standards. The road to acquiring the DoD 8570 IAM Level 3 has been found to be a rewarding path for many.



Beth Osborne
Beth Osborne