Defense’s updated plan focuses on role-specific requirements and comes as the agency’s cyber workforce strategy is slated for imminent release.
The Defense Department’s Chief Information Officer, John Sherman, updated the agency’s cyber workforce plan on Wednesday, as part of ongoing efforts to modernize the agency’s talent management.
Sherman issued DOD Manual 8140.03, the Cyberspace Workforce Qualification and Management Program—the third issue of this policy series, which was last updated in December 2021—to provide a more targeted and flexible approach within the cyber workforce lifecycle.
Specifically, DOD’s Cyberspace Workforce Qualification and Management Program creates a series of baseline requirements by role and proficiency level “to enhance cyberspace mission readiness across the DOD.” The manual noted that the standards and requirements are to be used in conjunction with the Office of Personnel Management’s Qualification Standards. Additionally, all training that meets DOD Cyberspace Operations Forces requirements will be accepted.
Furthermore, the program is aimed at developing a cyberspace workforce “with a common understanding of the concepts, principles and applications of cyberspace functions to enhance interoperability across organizations and mission sets,” the plan stated.
The 8140 Manual replaces DOD’s 8570 Manual, Information Assurance Workforce Improvement Program—last updated in 2015—which focused on qualifying a portion of the cybersecurity workforce on information assurance and on computer network defense professionals. The previous iteration of the plan—8140.02 detailed work roles and outlined DOD’s Cyberspace Workforce Framework. The new 8140.03 manual will allow for a wide set of options for DOD components to manage and achieve a qualified workforce in IT, cybersecurity, cyber effects, cyber intelligence and cyber enablers, according to the announcement.
At an April 2021 Senate Armed Services Committee testimony, Sherman noted that the policy series was more role specific for skills and professional development.
“[DOD 8140] provides a targeted, role-based approach to identify, develop, and qualify cyber personnel by leveraging the DOD Cyber Workforce Framework,” Sherman said. “The [policy series] will require workforce members to demonstrate a foundational understanding at the work role level while also addressing personnel capability and continuous professional development at the work role level. Through these mechanisms, we will be able to track and manage cyber workforce capabilities across the DOD enterprise.”
“The 8140 policy series unifies cyber workforce development efforts under a common umbrella and facilitates greater mobility across population types,” Patrick Johnson, director of the workforce innovation directorate, said. “The manual will guide the department’s ability to verify and advance capabilities for all 225,000 DOD cyber workforce civilians, military personnel and contractors. Together, the upcoming DOD Cyber Workforce Strategy and DOD 8140 will enable the DOD to develop and deploy an agile, capable and ready cyber workforce.”
According to the plan, cybersecurity knowledge, skills and abilities will be integrated into qualification requirements for each cyber workforce role. The program has three qualification areas: foundational, residential and continuous professional development. Workers must meet the foundational and residential qualifications for each role’s required proficiency level, which can be classified as basic, intermediate or advanced, and the agency details requirements for each level.
According to the plan on-the-job qualifications—as well as education, training, certification or experience requirements—must also be met. However, experience could serve as an alternative to the foundation areas of education, training and personnel certifications. Additionally, continuous professional development requirements begin upon completing the foundational and residential qualification requirements.
Moreover, the updated plan also outlines cyberspace personnel information management requirements.
The updated plan comes as the agency is set to release its new cyber workforce strategy to guide overall staffing and recruitment efforts in the near future.