topic Re: DoD 8140 and CISSP in Military Group

DoD 8140 and CISSP

bjf1 — Tue, 29 Oct 2024 14:19:26 GMT

I currently hold a CISSP.

Referring to DoD 8140 IT qualification matrix (https://public.cyber.mil/wid/dod8140/qualifications-matrices/), many roles are qualified with a SSCP but not a CISSP. Does this mean I would need to ALSO earn a SSCP to qualify for these? In the 8570, CISSP was considered a "superset" of SSCP so anything that required a SSCP could be met with a CISSP. Is this no longer the case?

A lot of work roles are impacted! Example of a few:

451 System Admin/Basic (because SSCP is listed for Intermediate)

451 System Admin/Intermediate

671 System Testing and Evaluation Specialist/Basic

671 System Testing and Evaluation Specialist/Intermediate

632 Systems Developer/Basic

632 Systems Developer/Intermediate

632 Systems Developer/Advanced

411 Technical Support Specialist/Basic

411 Technical Support Specialist/Intermediate

411 Technical Support Specialist/Advanced

and so many others!

Re: DoD 8140 and CISSP

DiSangue — Tue, 29 Oct 2024 15:04:03 GMT

The short answer is no, you do not need to earn SSCP in addition to CISSP. A CISSP will qualify you for multiple roles at different levels. Most of the time, these are minimum requirements.

For example, if we look at 451-System Administrator, a Security+ or SSCP would be a minimum requirement but CISSP would also meet this requirement dependant on the Grade that the SA is being highed at. I'm currently an IT Manager (DoD) and review contracts and/or hiring actions, I must ensure this minimum requirement has been met.

With the new 8140, there are a lot of nuanse to meet requirements. For the longest time, Security+ was the defacto minimum standard.

Re: DoD 8140 and CISSP

bjf1 — Tue, 29 Oct 2024 17:11:01 GMT

Thank you so much for your response DiSangueViewer.

Is there some place this is documented? I searched extensively and wasn't able to find anything stating that a CISSP would qualify for an SSCP qualification in the DoD 8140 requirements.

Re: DoD 8140 and CISSP

bjf1 — Tue, 29 Oct 2024 17:17:37 GMT

I really hope we can find some DoD documentation on this as stated in the previous reply. As a follow-on, even the ISC2 website seems to indicate that CISSP does not qualify for SSCP. For example, at https://www.isc2.org/Insights/2024/07/How-Does-US-DoD-8140-Impact-CISSPs shows what is met with CISSP and System Administrator is NOT listed under IT (Cyberspace).

Have you seen DoD documentation that says that CISSP meets SSCP qualifications for 8140?

Re: DoD 8140 and CISSP

Kaity — Mon, 09 Dec 2024 16:46:43 GMT

Hi all!

We're working on an article about the impact of 8140 (replacing 8570) and how it might effect individuals moving upward in their roles, or help bring folks to the cyber roles. If anyone has thoughts on the matter and would like to be included in our article, please give me a shout!

Re: DoD 8140 and CISSP

bjf1 — Tue, 10 Dec 2024 15:41:01 GMT

I see several potential concerns, but am waiting for clarifications as the standards develop. I am hoping that the DoD will allow CISSP to be grandfathered in for roles that it was accepted for under 8570 (like System Admin) because if not, it will cause massive impacts for contracting organizations and the people serving in those roles.