1300 - 1330 (Montgomery and Miller) DLA Industry Day Briefing 8570 Reporting - June 9 2021 Update V2.pptx


Original Source
Contract Opportunity
Related Agency
June 7, 2021



8570 IA / Cyber Reporting
Joseph A. Miller, DLA 8570 Lead
June 9, 2021
DoD 8570.01 Transitioning to DoD 8140.01
DFARS 252.239.7001, 7002 -3, & 7003 Clauses
Contract Requirements 8570
DOD 8570.01-Manual (M) Requirement
8570 - Who needs to be Certified
DoD Approved 8570 Baseline Certifications
What is a CE
Source: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
DoD 8570 Transitioning to DoD 8140Source: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
Cyber Workforce Management Program 8570
(a) Certifications, Based on DoD Approved 8570 Baseline Certifications.
Cyber Workforce Framework 8140
(a) Qualifications, Based on Education, Training, or Personnel Certifications (Formally Known as DoD Approved 8570 Baseline Certifications).
DoDD 8140.01 was reissued on 5 October 2020
DoDI 8140.01 Currently with the Office of General Counsel for finalizing Legal Sufficiency Review
DoDM 8140.01 AC - Currently in Formal Coordination with DoD Services and DoD Components

DFARS 252.239.7001 ClauseSource: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
252.239-7001Information Assurance Contractor Training and Certification.
As prescribed in239.7103(b), use the following clause:
(a) The Contractor shall ensure that personnel accessing information systems have the proper and current information assurance certification to perform information assurance functions in accordance with DoD 8570.01-M, Information Assurance Workforce Improvement Program. The Contractor shall meet the applicable information assurance certification requirements, including
(1) DoD-approved information assurance workforce certifications appropriate for each category and level as listed in the current version of DoD 8570.01-M; and
(2) Appropriate operating system certification for information assurance technical positions as required by DoD 8570.01-M.
(b) Upon request by the Government, the Contractor shall provide documentation supporting the information assurance certification status of personnel performing information assurance functions.
(c) Contractor personnel who do not have proper and current certifications shall be denied access to DoD information systems for the purpose of performing information assurance functions.
DFARS 252.239.7002-3 ClauseSource: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
239.7102-3Information assurance contractor training and certification.
(a) For acquisitions that include information assurance functional services for DoD information systems, or that require any appropriately cleared contractor personnel to access a DoD information system to perform contract duties, the requiring activity is responsible for providing to the contracting officer
(1) A list of information assurance functional responsibilities for DoD information systems by category (e.g., technical or management) and level (e.g., computing environment, network environment, or enclave); and
(2) The information assurance training, certification, certification maintenance, and continuing education or sustainment training required for the information assurance functional responsibilities.
(b) After contract award, the requiring activity is responsible for ensuring that the certifications and certification status of all contractor personnel performing information assurance functions as described in DoD 8570.01-M, Information Assurance Workforce Improvement Program, are in compliance with the manual and are identified, documented, and tracked.
(c) The responsibilities specified in paragraphs (a) and (b) of this section apply to all DoD information assurance duties supported by a contractor, whether performed full-time or part-time as additional or embedded duties, and when using a DoD contract, or a contract or agreement administered by another agency (e.g., under an interagency agreement).
(d) See PGI239.7102-3for guidance on documenting and tracking certification status of contractor personnel, and for additional information regarding the requirements of DoD 8570.01-M.

DFARS 252.239.7003 ClauseSource: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
239.7103Contract clauses.
(a) Use the clause at252.239-7000, Protection Against Compromising Emanations, in solicitations and contracts involving information technology that requires protection against compromising emanations.
(b) Use the clause at252.239-7001, Information Assurance Contractor Training and Certification, in solicitations and contracts involving contractor performance of information assurance functions as described in DoD 8570.01-M.

Contract Requirements 8570

COR, COTR, and Government PM/ISSO/ISSM shall define the appropriate 8140/8570 credentials based on applications/systems.
DoD Approved 8140/8570 Baseline and CE Certification lists as well as the 8570 Deliverable Report template will be added as attachments to the PWS/Solicitation.
DFARS 252.239-7001 IA Contractor Training and Certification clause shall also be included in the RFQ.

The vendor shall be required to provide resumes and 8140/8570 certifications for Key Personnel at time of proposal submission.
Source: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
Contractor Requirement 8570

Awardee will be required to provide the COR the 8140/8570 report on a monthly basic.
First report should be a comprehensive report covering all 8140/8570 Contractor personnel.
Vendor will only be required to report updates/changes on a monthly basis thereafter (or report no changes).Source: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
DOD 8570.01-Manual (M) Requirements
What constitutes a position requiring an DoD Approved 8570 Baseline Certification?
DoD 8570.01-M C1.4.4.7. Identify, track, and monitor IA personnel performing IA functions (as described in Chapters 3, 4, 5, 10, and 11) to ensure that IA positions are staffed with trained and certified personnel (see chapter 7).
A link is provided for the DoD 8570.01.M below:
What are the acceptable 8570 requirements for Contractors (depends on certification required)?
Based on functions details in the Statement of Work (SOW)
DoD Approved 8570 Baseline Certifications vary by the category and level of the functions.
Contractor must have a valid background investigation
IA Technical Contractor personnel must also have
Computing Environment (CE) certification
Privileged access statement
Successful Certified and Qualified for FISMA Cybersecurity Workforce Reporting in DoD Cyberscope (DCS)
Source: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
8570 - Who needs to be Certified
8570 Training, Certifications, and Workforce requirement
All members of the Cyberspace / IA Workforce
Include Civilians, Military, Foreign Nationals, Local Nationals, and Contractors
Applies if duties are performed Full Time, Part time, or embedded duties
DLA requires all Contractors supporting IA/Cyber functions to have a DoD Approved 8570 Baseline Certification upon day one (1) of supporting a DLA contract
DLA requires all contractors to have Computing Environment (CE) certificate in accordance with their DLA contract. (If applicable as a Category IAT and/or a Category CNDSP/CSSP position.)
Multiply Tools / Devices = Multiply Certifications
Minimal one (1) CE that pertain to predominant time supporting a function
Provide a copy of all current certifications to the Contracting Officer at time of award
Remain in good standing during the contract period of performanceSource: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
8570 Some IAT Level II Functions
IAT Level II personnel provide network environment (NE) and advanced level CE support.
Personnel performing these functions, regardless of their occupational title (e.g., system administrator, help desk technician, information system technician, mechanic, infantry, logistics coordinator) shall be identified as part of the IA workforce and must comply with the requirements.
T-II.3. Support, monitor, test, and troubleshoot hardware and software IA problems pertaining to the NE.
T-II.5. Perform IA related customer support functions including installation, configuration, troubleshooting, customer assistance, and/or training, in response to customer requirements for the NE.
T-II.26. Implement applicable patches including IAVAs, IAVBs, and TAs for their NE.
T-II.30. Support Security Test and Evaluations (Part of C&A Process).Source: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
DOD 8570.01M:
When is a Computing Environment (CE) is required?
When a person has been designated as an IAT or (CND-SP/CSSP) is:
1) part of the IA Workforce;
2) technical in nature;
3) will apply IA/security controls at levels I, II, or III;
4) is considered a trusted individual and a privileged user
5) is required to have a certification at the appropriate level (Baseline Certification)
6) a certification or training that attests to specific system Application / Operating SystemSource: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
DoD Approved 8570 Baseline Certifications
Source: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
What is a CE
Computing Environment (CE) Per DoD 8570.01M, Local Area Network(s) Server Host and its Operating System, Peripherals, and Applications.
8570 Baseline Certification Example Security+ CE or CCNA Security
Computing Environment Windows Server 2016, VMWare
Source: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
The contract documents 8570 requirements
Source: DoD CIO Cyber Team / DLA 8570 Workforce As of June 9, 2021
Questions & Answers