Analysis
Critical infrastructure
News
The Skills Gap - Training & Development

DoD Cyberspace Workforce Qualification & Management Program focuses on targeted, flexible approaches

February 20, 2023
DoD Cyberspace Workforce Qualification & Management Program focuses on targeted, flexible approaches

The U.S. Department of Defense (DoD) published the DoD Manual (DoDM) 8140.03 Cyberspace Workforce Qualification & Management Program, the third issuance of the DoD 8140 policy series. The Cyber Workforce Qualification Program modernizes DoD talent management, allowing for more targeted and flexible approaches within the cyber human capital lifecycle. 

The policy series’ third installment, DOD Manual 8140.03 was last revised in December 2021 and offers a more specialized and adaptable approach to the lifecycle of the cyber workforce. The document implements policy, assigns responsibilities, and prescribes procedures for the qualification of personnel identified as members of the DoD cyberspace workforce. It also identifies members of the DoD cyberspace workforce based on the cyberspace work role(s) of the position(s) assigned, as described in DoD Instruction (DoDI) 8140.02. 

With the implementation of the DoDM 8140.03, DoD Components will have a broad set of options to manage and achieve a qualified cyber workforce in the areas of information technology, cybersecurity, cyber effects, cyber intelligence, and cyber enablers.

“The 8140 policy series unifies cyber workforce development efforts under a common umbrella and facilitates greater mobility across population types,” Patrick Johnson, director of workforce innovation directorate at the DoD, said last week in a media statement. “The manual will guide the Department’s ability to verify and advance capabilities for all 225,000 DoD cyber workforce civilians, military personnel, and contractors. Together, the upcoming DoD Cyber Workforce Strategy and DoD 8140 will enable the DoD to develop and deploy an agile, capable, and ready cyber workforce.”

The DoD directs service members and DoD civilian employees assigned to a position coded with a DoD Cyberspace Workforce Framework (DCWF) work role code, referred to as ‘cyberspace workforce positions,’ to be fully qualified and identified as such in authoritative manpower and personnel systems in accordance with DoD Directive (DoDD) 8140.01, DoDI 8140.02, and this issuance. It also seeks adherence to the Office of Personnel Management (OPM) General Schedule Qualification Standards and the Federal Wage System Qualifications for the minimum qualification requirements for specific civilian occupation series.

The Qualification Program shall use the DCWF, along with other appropriate references, to develop a DoD cyberspace workforce with a common understanding of cyberspace concepts, principles, and applications. It also requires that DoD personnel filling cyberspace workforce positions are qualified to perform these duties and operate in coordination with warfighters, business, and mission system owners. It also calls for review and updates knowledge, skills, and abilities (KSAs) of the DoD cyberspace workforce on a continuous basis. 

The program will implement a cyberspace workforce development and sustainment process consisting of foundational (i.e., education, training, personnel certification, or experience qualification alternative); resident (i.e., on-the-job qualification and discretionary component environment-specific requirements); and CPD requirements. It will also document foundational areas to support consistency and reciprocity across the DoD. OSD and DoD components will manage the development and implementation of qualification requirements in the resident and CPD areas. 

The requirements established by this issuance are explicitly for the purpose of defining minimum requirements to serve in positions that are coded for specific cyberspace work roles. They should not be construed to modify, replace, or conflict with the General Schedule Qualifications experience, education, and proficiency requirements established by the OPM. Additionally, they also require contractors to be fully qualified by qualification standards and requirements in accordance with DoDD 8140.01 and this issuance. 

Furthermore, the new program utilizes the DCWF, as detailed in DoDD 8140.01, DoDI 8140.02, and this issuance, for standardizing qualification criteria for cyberspace work roles across the DoD. It also maintains a total force management perspective when staffing identified and authorized DoD cyberspace workforce positions with qualified DoD civilian employees and service members, augmented, where appropriate, by contractors in accordance with DoDI 1100.22. 

It also accepts, to the extent appropriate and possible, foundational qualification data from other OSD and DoD Components to maximize reciprocity across the enterprise. It further requires cyberspace personnel meets security classification standards and sensitivity levels commensurate with their position, in accordance with DoDI 5200.02 and DoD Manual 5200.02.

The DoD cyberspace workforce structure is based on work roles outlined in the DCWF. The DCWF includes work performed by the entire cyberspace workforce, including personnel who build, secure, operate, defend, and protect DoD and U.S. cyberspace resources, conduct related intelligence activities, enable future operations, and project power in and through cyberspace in accordance with DoDD 8140.01. 

The DoD Cyberspace Workforce Qualification and Management Program establishes enterprise baseline requirements by work role according to proficiency level to enhance cyberspace mission readiness across the DoD. The program outlines qualification standards and requirements for each work role. These standards and requirements do not replace but are used in conjunction with, OPM Qualification Standards. All training that meets the requirements of the DoD Cyberspace Operations Forces will be accepted as meeting this program’s qualification standards and requirements. 

The program is designed to develop a cyberspace workforce with a common understanding of the concepts, principles, and applications of cyberspace functions to enhance interoperability across organizations and mission sets. Cybersecurity KSAs must be integrated into the qualification requirements of all cyberspace work roles regardless of workforce element alignment.  

Specifically, the program consists of foundational qualification areas, residential qualification areas, and continuous professional development (CPD). To achieve a qualification, personnel assigned to positions coded to the DCWF must meet both the foundational and resident qualification requirements outlined for each work role at the assigned proficiency levels.

The program allows for options within the foundational qualification area at each proficiency level. This allows for flexibility in implementation and workforce management. To be considered, personnel must complete any one of the three foundational qualification options to satisfy the foundational portion of qualification and demonstrate experience as an alternative to foundational qualification. 

Deviations from the enterprise model are allowed through the authority of the CWMB in accordance with the CWMB Charter. If any one area of the foundational qualification option has not been defined or is not available for an individual work role, there will be an option between the two remaining foundational qualification areas.

If qualification requirements are only available or defined for one foundational qualification area, those requirements must be satisfied to achieve the qualification. When the required conditions are satisfied, experience may be accepted as an alternative to the foundational qualification.

If education, training, certification, or experience requirements are defined for a specified work role, position, or occupation in regulation, statute, or other DoD policy, the optional structure of this program does not override the other requirement. The other requirement may be accepted to satisfy the foundational requirements of this issuance. 

If the content is undefined or does not exist for one or more foundational qualification areas for a given work role, the office of primary responsibility (OPR) as designated in DoDD 8140.01 should evaluate and recommend qualification requirements for the undefined areas. The on-the-job qualification area of the qualification matrix must be completed to achieve the qualification. Lastly, CPD requirements commence upon completion of foundational and resident qualification requirements.

The issuance of the DoD program comes at a time when there exists a mounting need for cybersecurity professionals to broaden training and break barriers while closing the skills gap. Organizations should consider boosting the recruitment of teachers for broadening cyber education programs and providing cybersecurity professionals with greater possibilities to gain requisite competencies.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base