This post was originally published by   .

Earlier this week, (ISC)² announced that the DoD approved both the HCISPP and CCSP certifications to its DoD 8570 Approved Baseline Certifications table on the DoD Cyber Exchange website.

Why does this matter?

This means that the entire roster of (ISC)² certifications are now required for different security workforce categories within the Department, depending on the functional area the role covers. Approval for these additions came from the DoD Senior Information Security Officer and a recommendation by the Cyber Workforce Advisory Group (CWAG) Certification Committee.

The HCISPP has been approved for the following categories:

  • Information Assurance Manager Level 1 (IAM 1)
  • IAM Level II (IAM II)

The CCSP has been approved for the following categories:

  • Information Assurance System Architect and Engineer Level III (IASAE III)
  • Information Assurance Technician Level III (IAT III)

This also points to a raised level of importance that the DoD sees related to healthcare privacy data and cloud security; two areas that have been under near-constant attack and part of high-profile ransomware breaches within the past year. As last week’s #RansomwareWeek here on the (ISC)² Blog showed, the level of threat is only increasing as ransoms are paid and precedents are set. Breaches of cloud platforms, whether direct hits or through a third-party supplier, are high-risk scenarios, and healthcare systems and data are particularly sensitive as hospital networks cannot sustain prolonged outages without endangering patient safety.

As Dr. Casey Marks, chief qualifications officer for (ISC)² expressed at the time, “The addition of the HCISPP and CCSP certifications to the DoD’s requirements for certain cybersecurity roles points to the growing need to protect and defend health information and cloud data from targeted attacks. These certifications attest that their holders have broad, experience-based mastery of security concepts in real-world situations. Adding such professionals to the front lines of national cyber defense is an encouraging step by the DoD.”

Government agencies have trusted (ISC)² to train and certify their cybersecurity personnel for more than two decades. (ISC)² offers nine distinct Information Assurance (IA) certifications that meet the requirements for 11 of the 14 work roles defined in DoDD 8140.01 and DoD 8570.01-M. In accordance with these two regulations, personnel performing Information Assurance (IA) functions are obligated to obtain one of the certifications required for their position, category/specialty and level in order to fulfill the IA baseline certification requirement.

To review all the (ISC)² certifications that are required for certain levels of DoD Information Assurance roles, please visit:


No posts to display