Everything You Need to Know About the DoD 8140 Directive

Looking for an at-a-glance breakdown of the DoD 8140 Directive? This comprehensive guide provides a clear and concise overview. From key points and work role mapping to compliance timelines and practical implications, the guide is packed with the essential details to help you understand and apply the directive.
Download the Guide
GIAC DOD 8140 Directive

What to Expect from the DoD 8140 Directive Guide

Implemented in 2023, the DoD 8140 establishes a comprehensive, unified framework for developing a resilient and capable cybersecurity workforce. To address expanding requirements, the DoD has standardized cybersecurity training, certifications, and education processes to ensure the affected job roles are well-equipped and confidently prepared.

What’s Inside?

  • Who is affected by Dod 8140?
  • What are the DoD 8140 requirements?
  • Approved certification and training
  • Work role mapping to certifications
  • Timeline and key dates
Download the Guide
470x382_DoD_Soilders_Computer5.jpg

Who is Affected by DoD 8140

All DoD personnel assigned to positions requiring the performance of cyberspace work, in accordance with the DoD Cyberspace Workforce Framework (DCWF). This includes Service members, DoD civilian employees (including non-appropriated fund employees), personnel who provide contracted services (referred to in this issuance as "contractors"), and foreign nationals. 

  • Office of the Secretary of Defense
  • Military Departments
  • Chairman of the Joint Chiefs of Staff
  • Combatant Commands
  • Office of the Inspector General of the DoD
  • US Coast Guard
  • Defense Agencies
  • DoD Field Activities
  • All other organizational entities in the DoD
470x382_DoD_Soilders_Computer3.jpg

DoD 8140 Requires:

  • Foundational Qualification
    • Proficiency Levels - Basic, Intermediate and Advanced
    • Options - Certification (GIAC), Training (SANS) and Education (SANS EDU)
  • Residential Qualification
    • On the Job Qualification - Always Required
    • Environment-Specific Requirements - Component Discretion
  • Annual Maintenance
    • Certification CPE's (Keep Current) or 20 Hours Annually

Compliance Timeline:

  • DoD Cybersecurity Workforce
    • Foundational - 15 February 2025
    • Residential - 15 February 2026
  • DoD Cyberspace IT, Cyberspace Effects, Intelligence (Cyberspace), and Cyberspace Enabler Workforce Elements
    • Foundational - 15 February 2026
    • Residential - 15 February 2027

Approved GIAC Certifications and Corresponding Affiliate Training*

*Additional certification options are continuously being added to the DoD8140 Directive.

8140 Framework Categories

The 8140 Framework Categories are a high-level grouping of common cybersecurity functions. Select a category below to help you identify the right certifications and affiliate training for your current or desired cybersecurity role.
GIAC IT Cyberspace
Cyber IT
Personnel who design, build, configure, operate, and maintain IT, networks, and capabilities. This includes actions to prioritize implement, evaluate, and dispose of IT as well as information resource management; and the management, storage, transmission, and display of data and information.
Learn More
GIAC Cyber Security
Cybersecurity
Personnel who secure, defend, and preserve data, networks, net-centric capabilities, and other designated systems by ensuring appropriate security controls and measures are in place, and taking internal defense actions. This includes access to system controls, monitoring, administration, and integration of cybersecurity into all aspects of engineering and acquisition of cyberspace capabilities.
Learn More
GIAC Cyberspace Enablers
Cyber Enablers
Personnel who perform work roles to support or facilitate the functions of cyber IT, cybersecurity, cyberspace effects, or intelligence workforce (cyberspace) work roles. This includes actions to support acquisition, training and leadership activities.
Learn More
GIAC Cyberspace Effects
Cyber Effects
Personnel who plan, support, and execute cyberspace capabilities where the primary purpose is to externally defend or conduct force projection in or through cyberspace.
Learn More

Download Your Comprehensive Guide to the DoD 8140 Directive

Accounting
Agriculture
Automotive
Banking/Finance
Business Services/Consulting
Chemicals
Computer Services/Consulting
Computer Software
Consumer Electronics
Consumer Package Goods
Education
Energy - Nuclear
Energy - Oil & Gas
Engineering & Construction
Food & Beverage
Govt - Canada - Civilian - Federal
Govt - Canada - Civilian - Reg or Local
Govt - Canada - Law Enforcement
Govt - Canada - Military
Govt - Contractor
Govt - EMEA Region - Civilian
Govt - EMEA Region - Law Enforcement
Govt - EMEA Region - Military
Govt - Other Regions - Civilian
Govt - Other Regions - Law Enforcement
Govt - Other Regions - Military
Govt - US - Civilian - Federal
Govt - US - Civilian - State or Local
Govt - US - Law Enforcement
Govt - US - Military
Health Care
Hospitality
Insurance - Health
Insurance - Other
Legal
Logistics & Supply Chain
Manufacturing - Aerospace
Manufacturing - Defense
Manufacturing - Industrial
Manufacturing - Other
Media & Entertainment
Metals & Mining
Nonprofit
Other
Pharmaceutical/Biotechnology
Real Estate
Retail Trade
Software
Technology
Telecommunications
Transportation
Travel & Tourism
Utilities - Other
Utilities - Power
Utilities - Water
Wholesale Trade
United States
Canada
United Kingdom
Spain
Belgium
Denmark
Norway
Netherlands
Australia
India
Japan
Singapore
Afghanistan
Aland Islands
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire, Sint Eustatius, and Saba
Bosnia And Herzegovina
Botswana
Bouvet Island
Brazil
British Indian Ocean Territory
Brunei Darussalam
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Cook Islands
Costa Rica
Cote D'ivoire
Croatia (Local Name: Hrvatska)
Curacao
Cyprus
Czech Republic
Democratic Republic of the Congo
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Falkland Islands (Malvinas)
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Heard And McDonald Islands
Honduras
Hong Kong
Hungary
Iceland
Indonesia
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Korea, Republic Of
Kosovo
Kuwait
Kyrgyzstan
Lao People's Democratic Republic
Latvia
Lebanon
Lesotho
Liberia
Liechtenstein
Lithuania
Luxembourg
Macau
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia, Federated States Of
Moldova, Republic Of
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands Antilles
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Macedonia
Northern Mariana Islands
Oman
Pakistan
Palau
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Reunion
Romania
Russian Federation
Rwanda
Saint Bartholemy
Saint Kitts And Nevis
Saint Lucia
Saint Martin
Saint Vincent And The Grenadines
Samoa
San Marino
Sao Tome And Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Sint Maarten
Slovakia
Slovenia
Solomon Islands
South Africa
South Georgia and the South Sandwich Islands
South Sudan
Sri Lanka
St. Helena
St. Pierre And Miquelon
Suriname
Svalbard And Jan Mayen Islands
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania, United Republic Of
Thailand
Togo
Tokelau
Tonga
Trinidad And Tobago
Tunisia
Turkey
Turkmenistan
Turks And Caicos Islands
Tuvalu
Uganda
Ukraine
United Arab Emirates
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (British)
Virgin Islands (U.S.)
Wallis And Futuna Islands
Western Sahara
Yemen
Zambia
Zimbabwe

By providing this information, you agree to the processing of your personal data by GIAC as described in our Privacy Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Reviews

Read what others have to say about SANS Training.
As our C4 systems become netcentric and more linked with our weapons systems, it is essential that our IA workforce be up to the task of securing our networks. I am proud to be on the cyber defense line with such a competent industry partner that understands the needs of the defense department and is willing to work with us to help accomplish this difficult task.
Mike Knight
- Naval NetWar Command
Training offered by SANS pertains to best practices so rubber hits the road.
Michael Emmons
- USMC
As part of the Raytheon IIS Information Security Engineering group, we send nearly all of our new hires through the SANS Security Essentials Bootcamp training classes to ensure they have the fundamental skills necessary to work in our environment. We view GIAC certifications as an essential part of this process. GIAC Certification helps ensure both our management and our customers that our employees understand how to build secure systems.
Monty McDougal
- Raytheon