Comply with DoD 8570/8140
Certify your Information Assurance (IA) workforce with baseline certification requirements detailed in the Department of Defense’s 8570.01-M. With a boot camp for nearly every DoD-approved IA baseline certification, we prepare your team to pass their certification exams on the first attempt — guaranteed.
Prepare for a CMMC assessment
Are you a Department of Defense supplier? Prepare for your Cybersecurity Maturity Model Certification (CMMC) assessment with Infosec’s awareness and training solutions. From CMMC Certified Professional certification boot camps to meeting all training requirements detailed in NIST SP 800-171 and NIST 800-172, we have you covered.
What is the Cybersecurity Maturity Model Certification (CMMC)?
The Department of Defense Cybersecurity Maturity Model Certification (CMMC) is a framework to enhance the cybersecurity practices of organizations involved in the defense supply chain. The CMMC program is a compliance requirement built to ensure that organizations, contractors and subcontractors meet cybersecurity requirements and are prepared to protect sensitive unclassified information.
The three CMMC levels advance progressively, depending on the type of information handled by the organization. The program also requires CMMC assessments, which verify to the DoD that clear cybersecurity standards are in place.
Cybersecurity Maturity Model Certification
Learn everything you need to know about the new Department of Defense Cybersecurity Maturity Model Certification (CMMC) framework. We're here to help train you on the CMMC certification process — whether you're an aspiring CMMC Assessor or one of the more than 300,000 companies in the Defense Industrial Base supply chain that need to comply with CMMC.
Why choose Infosec for CMMC certification training?
Our comprehensive training and boot camps are built to teach the essential skills and expertise needed to navigate complex CMMC certification and DoD 8570/8140 requirements. Live, instructor-led training guarantees your team gets certified on their first attempt. Experience role-based learning paths live online, on-demand or in person.
Cyber-AB Licensed Training Provider and Licensed Partner Publisher
Infosec is a Licensed Training Provider (LTP) and a Licensed Partner Publisher (LPP) for the Cybersecurity Maturity Model Certification Accreditation Body (Cyber-AB), an independent accreditation entity created in January 2020 that’s responsible for establishing, managing, controlling and administering the CMMC assessment, certification, training and accreditation processes for the defense supply chain.
Get peace of mind with training guarantees
If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Here’s how our boot camp guarantees help you maximize your employee training budget and meet your business objectives:
Exam Pass Guarantee: If your employee doesn’t pass their exam on the first attempt, they get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
100% Satisfaction Guarantee: If your employee is not 100% satisfied with their boot camp at the end of the first day, they may withdraw and enroll in a different online or in-person course.
Knowledge Transfer Guarantee: If an employee leaves within three months of obtaining certification, we will train a different employee at the same organization tuition-free for up to one year.
Maximize your training budget with flexible purchase options
Your team’s training needs don’t start and stop with federal budget cycles. Meet DoD 8570/8140 requirements with training built for federal teams and contractors and stay under your Government Purchase Card limit. With Infosec’s flexible payment options, you can purchase group training now, train when it best suits your schedule and save with volume discounts.
Infosec accepts all forms of approved training requests and procurement systems. We are currently an approved vendor for the following programs:
Veteran Readiness & Employment
Train how, when and where your team learns best
Boot camp certification for every information assurance level
Information assurance workers doing business with the federal government are contractually obligated to hold different certifications depending on their role. They must understand how to safeguard data from cyber threats and maintain its accuracy, reliability and accessibility.
The different DoD-approved certifications for each role are outlined below, along with the Infosec certification training to help you achieve your 8570/8140 certification.
Boot Camps certification for every position category or specialty and level
Award-winning training you can trust
Training mapped to NICE Workforce Framework for Cybersecurity
Infosec Skills connects employee job descriptions to an established workforce development framework. Your organization can take a bottoms-up approach to any training initiative by mapping development plans to specific NICE Knowledge and Skill Statements, Work Roles or even the Competencies deemed most critical to employee success.
Frequently asked questions
What does the CMMC certification stand for?
CMMC stands for Cybersecurity Maturity Model Certification, which assesses and enhances the cybersecurity posture of the Defense Industrial Base (DIB).
Who created the CMMC Framework?
The CMMC Framework was developed by the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD A&S) and other federal stakeholders. Its purpose is to ensure the safeguarding of sensitive unclassified information shared with contractors and subcontractors.
What is the CMMC model?
The Cybersecurity Maturity Model Certification (CMMC) program is designed to align with the U.S. Department of Defense's (DoD) information security requirements for Defense Industrial Base (DIB) partners. The CMMC model has three increasingly progressive levels for measuring cybersecurity maturity. CMMC 2.0 eliminates all maturity processes and all CMMC unique security practices. Our CMMC boot camps teach you the current CMMC levels, and we update the training as CMMC changes occur. In the boot camp, you learn what goes into each of the following levels:
CMMC 2.0 Level 1 (Foundational)
Same as previous level 1
CMMC 2.0 Level 2 (Advanced)
Based on NIST SP 800-171
Triennial 3rd party assessments for critical national security information
Previous Level 3
CMMC 2.0 Level 3 (Expert)
Based on a subset of NIST SP 800-172
Previous Level 5
How do you get certified in the CMMC?
CMMC 2.0 covers three compliance levels, Level 1 “Foundational,” Level 2 “Advanced” and Level 3 “Expert.” Certified CMMC Professional (CCP) is a gateway to becoming a Certified CMMC Assessor (CCA), and it also certifies you as a valuable resource for consulting agencies, CMMC Third-Party Assessor Organizations (C3PAOs) and organizations needing CMMC 2.0 support and guidance.
To earn your CCP, you’ll need to work with a Licensed Training Provider like Infosec to complete your training, which typically lasts three to five days. Then you will take and pass the CCP exam to earn a CCP certification. To advance and earn your CCA, you must follow various steps, including submitting the DoD Suitability Application, participating in three Level 2 assessments and taking CCA training.
Refer to the Cyber AB website for the full details.
When does the CMMC go into effect?
The initial version of the CMMC framework was released in January 2020, and the first 72 candidates for the Provisional Assessor program were selected by the CMMC Accreditation Body (CMMC-AB) in August 2020. CMMC 2.0 was released in November 2021 based on feedback from the community.
Who needs a CMMC certification?
CMMC is being incorporated into the Defense Federal Acquisition Regulation Supplement (DFARS), and by 2025 all suppliers will need a certification in order to bid on contracts. Contractors can achieve a CMMC level for their entire enterprise network or for a particular segment or enclave, depending on where the protected information is handled and stored. The ecosystem to support these assessments continues to be refined, so there are numerous career opportunities for those becoming a CCP or CCA.
What is the difference between DoDD 8140 and 8570?
Department of Defense Directive 8570 was published in 2005 to provide guidance around the training, certification and management of DoD personnel and contractors. It was replaced in 2015 by DoDD 8140, which expanded upon 8570 to include the NIST NICE Framework and help cybersecurity workers understand the knowledge, skills and abilities (KSAs) they need to launch and further their careers; a greater emphasis has been placed on hands-on training. However, there is no manual yet written for the practical implementation of 8140, so the 8570.01-M manual continues to be used.
What are the five levels of security clearance for DoD?
The DoD has five categories for Information Assurance workers:
- Information Assurance Technician (IAT)
- Information Assurance Manager (IAM)
- Information Assurance System Architecture & Engineering (IASAE)
- Cybersecurity Service Providers (CSSP)
- Computing Environment (CE)
The IAT, IAM and IASE categories include three progressive levels, with Level 1 covering the computing environment, Level 2 covering the network environment and Level 3 covering the enclave environment as well as advanced network and computing environments. The CSSP category is further broken down into five specializations: Analyst, Infrastructure Support, Incident Responder, Auditor and Manager. DoD 8570.01-M also requires a CE certification based on the operating system and related security tools and devices being used.
What are the DoD 8570 IAT certifications?
To meet DoD 8570.01-M Information Assurance Technician (IAT) requirements, you must earn one of the following certifications:
- IAT I: A+, Network+, SSCP, CND, CCNA-Security
- IAT II: Security+, CySA+, CCNA Security, GICSP, GSEC, SSCP, CND
- IAT III: CASP+, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP
How long does it take to get CMMC certified?
Organizational CMMC certification can vary in length, depending on the organization's cybersecurity maturity, desired CMMC level and the systems' complexity. Generally, it takes several months to a year or more to undergo the assessment, address gaps and obtain the CMMC certification.
It can take individuals several months to earn a CCP or CCA, depending on how soon they can complete the required training and the other steps outlined on the CMMC-AB website.
What are the DoD 8570 IAM certifications?
To meet DoD 8570.01-M Information Assurance Manager (IAM) requirements, you must earn one of the following certifications:
- IAM I: Security+, CAP, GSLC, CND, Cloud+, HCISPP
- IAM II: CASP+, CAP, CISM, CISSP (or Associate), GSLC, CCISO, HCISPP
- IAM III: CISM, CISSP (or Associate), GSLC, CCISO
What are the DoD 8570 IASAE certifications?
To meet DoD 8570.01-M Information Assurance System Architecture & Engineering (IASAE) requirements, you must earn one of the following certifications:
- IASAE I: CASP+, CISSP (or Associate), CSSLP
- IASAE II: CASP+, CISSP (or Associate), CSSLP
- IASAE III: CISSP-ISSAP, CISSP-ISSEP
What are the DoD CSSP certifications?
To meet DoD Cybersecurity Service Providers (CSSP) requirements, you must earn one of the following certifications:
- CSSP Analyst: CySA+, CEH, CFR, GCIA, GCIH, GICSP, SCYBER, CCNA Cyber Ops, CCNA-Security, Cloud+
- CSSP Infrastructure Support: CySA+, CEH, GICSP, SSCP, CHFI, CFR, Cloud+, CND
- CSSP Incident Responder: CySA+, CEH, CFR, GCFA, GCIH, SCYBER, CCNA Cyber Ops, CCNA-Security, CHFI
- CSSP Auditor: CySA+, CEH, CISA, GSNA, CFR
- CSSP Manager: CISM, CISSP-ISSMP, CCISO
What are the DoD CE certifications?
According to 8570-01-M, “In addition to the IA baseline certification requirement for their level, IATs with privileged access must obtain appropriate Computing Environment (CE) certifications for the operating system(s) and/or security related tools/devices they support as required by their employing organization. If supporting multiple tools and devices, an IAT should obtain CE certifications for all the tools and devices they are supporting. At a minimum the IAT should obtain a certification for the tool or device he or she spends the most time supporting. For example, if an IAT is spending most of his or her time supporting security functions on a CISCO router, the IAT should obtain a CE certification for that equipment.”
Does Infosec work with VetsInTech?
Yes, we partner with VetsInTech to help train and support our transitioning military, veterans and spouses. The program includes three weeks of intense training focused on building the skills required to earn the A+, Network+ and Security+ certifications. Check out our industry alliances page to learn more.
What is the NICE Workforce Framework for Cybersecurity?
The NICE Workforce Framework for Cybersecurity (NIST Special Publication 800-181) is used to help categorize cybersecurity work and job duties across the public, private and academic sectors. Infosec’s cyber training library is mapped to over 620 Knowledge and Skill Statements and all 52 Work Roles to support any implementation of the NICE Framework: standard Work Roles directly from the NICE Framework, Competency-based Work Roles, Task-based Work Roles or custom Work Roles.