DoD 8140 / 8570 cert checklist

Which certification does your DoD role actually require?

IAT and IAM Level I–III, mapped to the certifications DoD has approved for each — every entry links to where it came from. This is a reference list, not a determination of your eligibility.

DoD 8140 has superseded DoD 8570 for military and civilian positions — but many contractor and job-posting references still use the 8570 IAT/IAM levels below.

DoD transitioned to the 8140 Cyber Workforce Qualification Program on February 15, 2023. For military and civilian cyber positions, 8570’s IAT/IAM levels have been replaced by 8140’s work-role qualification matrices. Contractor positions remain under 8570 rules until a pending federal acquisition regulation update takes effect, and many job postings (including on USAJOBS and defense-contractor boards) still describe openings using the 8570 IAT/IAM language below — which is why this checklist covers it. Certifications earned under 8570 may or may not carry over to a specific 8140 work role; there is no blanket mapping between the two systems.

DoD Cyber Exchange — "DoD 8570 IA Program Transition to DoD 8140 CWQP" fact sheet

On this data: This is the correct official page for the per-level certification table, but it now requires CAC/PIV login and could not be loaded during this build (July 12, 2026) — it redirected to a military SAML sign-in wall. Check it directly, or with your agency/security office, before relying on the lists below. Last checked July 12, 2026.

IAT — Information Assurance Technical

IAT Level I

Computing environment — individual workstations or a small segment of a network.

Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required)

CompTIA A+

CompTIA

Source ↗ (CAC sign-in)

CompTIA Network+

CompTIA

Source ↗ (CAC sign-in)

CCNA-Security previously satisfied this level; Cisco retired that certification in 2020, so it is no longer obtainable and is not listed above.

IAT Level II

Network environment — broader responsibility across a facility or system.

Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required)

CCNA-Security previously satisfied this level; Cisco retired that certification in 2020, so it is no longer obtainable and is not listed above.

IAT Level III

Enclave / advanced network and computing environment — enterprise-wide responsibility.

Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required)

CompTIA CASP+

CompTIA

CompTIA renamed CASP+ to "SecurityX" in 2024 — same credential.

Source ↗ (CAC sign-in)

CISA

ISACA

"CISA" is also the abbreviation for the federal Cybersecurity and Infrastructure Security Agency, which shows up often in cyber résumés for unrelated reasons — this checklist only matches on the full name, "Certified Information Systems Auditor," not the bare abbreviation.

Source ↗ (CAC sign-in)

CISSP

ISC2

DoD has historically also accepted the "Associate of ISC2" pathway for candidates working toward full CISSP status.

Source ↗ (CAC sign-in)

CCNP Security

Cisco

Source ↗ (CAC sign-in)

IAM — Information Assurance Management

IAM Level I

Computing environment — junior management / oversight role.

Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required)

CGRC

ISC2

ISC2 renamed "CAP" to "CGRC" in 2023 — same credential. This checklist matches on "CGRC" and its full name, not the bare "CAP" abbreviation, since "CAP" also appears in common non-cert phrases like "cap table" or "salary cap."

Source ↗ (CAC sign-in)

CompTIA Cloud+

CompTIA

Source ↗ (CAC sign-in)

CompTIA Security+

CompTIA

Source ↗ (CAC sign-in)

IAM Level II

Network environment — broader management / oversight responsibility.

Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required)

CGRC

ISC2

ISC2 renamed "CAP" to "CGRC" in 2023 — same credential. This checklist matches on "CGRC" and its full name, not the bare "CAP" abbreviation, since "CAP" also appears in common non-cert phrases like "cap table" or "salary cap."

Source ↗ (CAC sign-in)

CompTIA CASP+

CompTIA

CompTIA renamed CASP+ to "SecurityX" in 2024 — same credential.

Source ↗ (CAC sign-in)

A CISM alone is commonly mistaken for satisfying IAM Level I — DoD’s baseline has historically started CISM at Level II, not Level I.

IAM Level III

Enclave / enterprise-wide management — senior management responsibility.

Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required)

Not yet covered here: IASAE I, IASAE II, IASAE III, CSSP specialty tracks (Analyst, Infrastructure Support, Incident Responder, Auditor, Service Provider Manager). Spot something outdated? Tell us at support@climbrhq.com.

See which of these you already have

Create a free account and save your résumé — this checklist will literally mark which of the certifications above already appear on it. No fabricated matches, and Climbr never tells you that you're "qualified".