DoD 8140 / 8570 cert checklist
Which certification does your DoD role actually require?
IAT and IAM Level I–III, mapped to the certifications DoD has approved for each — every entry links to where it came from. This is a reference list, not a determination of your eligibility.
DoD 8140 has superseded DoD 8570 for military and civilian positions — but many contractor and job-posting references still use the 8570 IAT/IAM levels below.
DoD transitioned to the 8140 Cyber Workforce Qualification Program on February 15, 2023. For military and civilian cyber positions, 8570’s IAT/IAM levels have been replaced by 8140’s work-role qualification matrices. Contractor positions remain under 8570 rules until a pending federal acquisition regulation update takes effect, and many job postings (including on USAJOBS and defense-contractor boards) still describe openings using the 8570 IAT/IAM language below — which is why this checklist covers it. Certifications earned under 8570 may or may not carry over to a specific 8140 work role; there is no blanket mapping between the two systems.
DoD Cyber Exchange — "DoD 8570 IA Program Transition to DoD 8140 CWQP" fact sheet ↗On this data: This is the correct official page for the per-level certification table, but it now requires CAC/PIV login and could not be loaded during this build (July 12, 2026) — it redirected to a military SAML sign-in wall. Check it directly, or with your agency/security office, before relying on the lists below. Last checked July 12, 2026.
IAT — Information Assurance Technical
IAT Level I
Computing environment — individual workstations or a small segment of a network.Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required) ↗
CCNA-Security previously satisfied this level; Cisco retired that certification in 2020, so it is no longer obtainable and is not listed above.
IAT Level II
Network environment — broader responsibility across a facility or system.Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required) ↗
CCNA-Security previously satisfied this level; Cisco retired that certification in 2020, so it is no longer obtainable and is not listed above.
IAT Level III
Enclave / advanced network and computing environment — enterprise-wide responsibility.Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required) ↗
CompTIA CASP+
CompTIA
CompTIA renamed CASP+ to "SecurityX" in 2024 — same credential.
Source ↗ (CAC sign-in)CISA
ISACA
"CISA" is also the abbreviation for the federal Cybersecurity and Infrastructure Security Agency, which shows up often in cyber résumés for unrelated reasons — this checklist only matches on the full name, "Certified Information Systems Auditor," not the bare abbreviation.
Source ↗ (CAC sign-in)CISSP
ISC2
DoD has historically also accepted the "Associate of ISC2" pathway for candidates working toward full CISSP status.
Source ↗ (CAC sign-in)IAM — Information Assurance Management
IAM Level I
Computing environment — junior management / oversight role.Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required) ↗
CGRC
ISC2
ISC2 renamed "CAP" to "CGRC" in 2023 — same credential. This checklist matches on "CGRC" and its full name, not the bare "CAP" abbreviation, since "CAP" also appears in common non-cert phrases like "cap table" or "salary cap."
Source ↗ (CAC sign-in)IAM Level II
Network environment — broader management / oversight responsibility.Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required) ↗
CGRC
ISC2
ISC2 renamed "CAP" to "CGRC" in 2023 — same credential. This checklist matches on "CGRC" and its full name, not the bare "CAP" abbreviation, since "CAP" also appears in common non-cert phrases like "cap table" or "salary cap."
Source ↗ (CAC sign-in)CompTIA CASP+
CompTIA
CompTIA renamed CASP+ to "SecurityX" in 2024 — same credential.
Source ↗ (CAC sign-in)A CISM alone is commonly mistaken for satisfying IAM Level I — DoD’s baseline has historically started CISM at Level II, not Level I.
IAM Level III
Enclave / enterprise-wide management — senior management responsibility.Requirements vary by role, component, and contract — verify with your agency or security office before relying on this. Climbr cannot tell you whether you are eligible, qualified, or compliant for any position. DoD Cyber Exchange — DoD Approved 8570 Baseline Certifications (CAC/PIV sign-in required) ↗
Not yet covered here: IASAE I, IASAE II, IASAE III, CSSP specialty tracks (Analyst, Infrastructure Support, Incident Responder, Auditor, Service Provider Manager). Spot something outdated? Tell us at support@climbrhq.com.
See which of these you already have
Create a free account and save your résumé — this checklist will literally mark which of the certifications above already appear on it. No fabricated matches, and Climbr never tells you that you're "qualified".