DOD-Cyberspace Workforce Qualification and Management Program

NHDoD Government Solutions Newsletter

APRIL 2023 - Newsletter

1) 8140.03 Cyberspace Workforce Qualification & Management Program

2) 8214.03 Policy

3) Highlighted Training Courses

Your NHDoD Training / Resource Liaison by Location - Set up a meeting with your liaison to see if you are eligible to offset or add to your budget.

WASHINGTON: On February 15, 2023, the Department of Defense Chief Information Officer (DoD CIO), Honorable John Sherman, issued DoD Manual (DoDM) 8140.03 Cyberspace Workforce Qualification & Management Program, the third issuance of the DoD 8140 policy series.

“[DoD 8140] provides a targeted, role-based approach to identify, develop, and qualify cyber personnel by leveraging the DoD Cyber Workforce Framework (DCWF),” said John Sherman, DoD CIO, during his April 2021 testimony to the Senate Armed Services Committee. “The [policy series] will require workforce members to demonstrate a foundational understanding at the work role level while also addressing personnel capability and continuous professional development at the work role level. Through these mechanisms, we will be able to track and manage cyber workforce capabilities across the DoD enterprise.”

The Cyber Workforce Qualification Program modernizes DoD talent management, allowing for more targeted and flexible approaches within the cyber human capital lifecycle.

The DoD 8140 Manual replaces the DoD 8570 Manual, “Information Assurance Workforce Improvement Program,” which focused solely on qualifying a section of the cybersecurity workforce centered on information assurance and computer network defense professionals using a narrow set of requirements. With the implementation of the DoDM 8140.03, DoD Components will have a broad set of options to manage and achieve a qualified cyber workforce in the areas of information technology, cybersecurity, cyber effects, cyber intelligence, and cyber enablers.

“The 8140 policy series unifies cyber workforce development efforts under a common umbrella and facilitates greater mobility across population types,” said Patrick Johnson, Director, Workforce Innovation Directorate. “The manual will guide the Department’s ability to verify and advance capabilities for all 225,000 DoD cyber workforce civilians, military personnel, and contractors. Together, the upcoming DoD Cyber Workforce Strategy and DoD 8140 will enable the DoD to develop and deploy an agile, capable, and ready cyber workforce."

The Department of Defense must ensure dependable mission execution. To offensively and defensively defend our network, our information systems, and our data in order to protect a wide range of critical services, we must have a knowledgeable and skilled DoD Cyberspace Workforce that can adapt to the dynamic cyber environment and adjust resources to meet mission requirements.

The DoD Cyber Workforce Framework (DCWF) is helping to transform our workforce focus from solely information assurance to a more inclusive focus comprised of personnel who build, secure, operate, defend, and protect DoD and U.S. cyberspace resources, conduct related intelligence activities, enable future operations, and project power in or through cyberspace.  Additionally, specific acquisition, training and education, legal/law enforcement and leadership jobs are now considered part of the DoD Cyber Workforce.

The five Cyberspace Workforce Elements are:

• Cyberspace IT Workforce
• Cybersecurity Workforce
• Cyberspace Effects Workforce
• Intelligence Workforce (Cyberspace)
• Cyberspace Enablers

A qualified DoD cyberspace workforce will be better prepared to defeat highly sophisticated cyberspace adversaries and attract, recruit, and retain the best and brightest individuals by providing opportunities for growth in an environment of unique missions.

DOD CYBER WORKFORCE

About

The DoD IA Workforce includes, but is not limited to, all individuals performing any of the IA functions described in DoD 8570.01-M. IA functions focus on the development, operation, management, and enforcement of security capabilities for systems and networks. Personnel performing IA functions establish IA policies and implement security measures and procedures for the Department of Defense and affiliated information systems and networks. IA duties may be performed as primary or additional/embedded duties, by a DoD employee (civilian, including LNs, or military) or by a support contractor (including LNs).

DoD Directive 8140.01 reissued and renumbered DoD Directive (DoDD) 8570.01 to update and expand established policies and assigned responsibilities for managing the DoD cyber workforce. The qualification and certification standards of DoD 8570.01-M are still in effect until replaced by the DoD 8140.01 Manual.

STRATEGY

Cultivating the Most Capable and Dominant Cyber Workforce in the World

The scope and pace of malicious cyber activity continues to grow with new threats and attacks to the Nation’s infrastructure emerging daily. As a result of these threats and other cyber-related challenges, there is an enterprise-wide need to drive cultural change and further the development and sustainment of the cyber workforce.

To meet this requirement, the Office of the DoD Chief Information Officer (CIO), in close coordination with other Office of the Secretary of Defense Component heads; the Joint Staff; United States Cyber Command; and the military services, created this 2023–2027 DoD CIO Cyber Workforce Strategy. This strategy sets the foundation for how the Department will foster a cyber workforce capable of executing the Department’s complex and varied cyber missions.

Fostering the Workforce We Need for Today’s Global Environment

The DoD must advance the cyber workforce to meet the pacing challenges posed by our adversaries and other malicious actors while becoming the employer of choice amongst cyber professionals.

This strategy utilizes four human capital pillars—Identification, Recruitment, Development and Retention—to identify and group cyber workforce challenges. The four pillars also serve as the catalyst for targeted workforce goals, which aid the Department in unifying efforts to achieve the mission and vision of this strategy – to develop the most capable and dominant cyber workforce in the world.

• Identification - The processes of determining workforce needs or requirements and the potential or incumbent workforce to meet them.
• Recruitment - Identifying and attracting the talent needed to meet mission requirements and the process of evaluating the effectiveness of recruiting efforts.
• Development - Understanding individual and team performance requirements and providing the necessary opportunities and resources to satisfy those performance requirements.
• Retention - The incentive programs the Department employs to retain talent and the process of evaluating the effectiveness of the incentive programs.

Successful execution of this strategy will accomplish the following goals:

Goal 1: Execute consistent capability assessment and analysis processes to stay ahead of force needs.

Goal 2: Establish an enterprise-wide talent management program to better align force capabilities with current and future requirements.

Goal 3: Facilitate a cultural shift to optimize Department-wide personnel management activities.

Goal 4: Foster collaboration and partnerships to enhance capability development, operational effectiveness, and career-broadening experiences.

Achieving these goals will enable the DoD to close workforce development gaps, resource workforce management and development initiatives, stay at the forefront of technological advances, securely and rapidly deliver resilient systems, and transform into a data-centric organization with optimized data analytics.

The DoD Cyber Workforce Framework (DCWF)

Cyberspace is a warfighting domain that continues to evolve in terms of threat and complexity. As a result, the cyber workforce must also evolve to address the challenges posed by our adversaries and meet strategic mission requirements. A part of this requires reshaping our understanding of the cyber workforce to include all personnel who build, secure, operate, defend, and protect United States cyber resources; conduct cyber-related intelligence activities; and enable current and future cyber operations.

The DCWF describes the work performed by the full spectrum of the cyber workforce as defined in DoD Directive (DoDD) 8140.01. The DCWF leverages the original National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF) and the DoD Joint Cyberspace Training and Certification Standards (JCT&CS). It has a hierarchical structure with seven broad categories, 33 specialty areas, and 54 work roles. Each work role contains a definition, as well as a representative list of tasks and knowledge, skills and abilities (KSAs) describing what is needed to execute key functions. Work roles vary in terms of breadth (requirements spanning multiple sets of functions) and depth (requirements focused on a related set of functions).

The DCWF will facilitate uniform identification, tracking, and reporting required by the Federal Cybersecurity Workforce Assessment Act (FCWAA) of 2015. It will also be used to develop qualification requirements for cyber work roles that will be outlined in DoD Manual 8140. Finally, the DCWF can also be used to support a number of other DoD-wide workforce management and planning activities. For example, it can be used to facilitate supply and demand analyses, develop targeted recruitment and retention strategies, develop horizontal and vertical career paths, and standardize development of civilian position descriptions. As such, the DCWF serves as an important building block for a capable and ready cyber workforce.

To increase understanding and use of the DCWF, the DoD CIO collaborated with DISA to create the DCWF Tool, an interactive online tool for stakeholders to identify, organize, and manage the tasks and KSAs of the cyberspace workforce in accordance with the DoD policy.

Cyberspace Workforce Management

The Department of Defense (DoD) must be able to effectively structure, develop, and retain the cyberspace workforce to overcome new and evolving challenges posed by our adversaries. In support of these objectives, the DoD Cyberspace Workforce Strategy (DCWS) was signed by the Deputy Secretary of Defense in 2013. The DCWS provides overarching guidance for transforming the cyberspace workforce of military (active/reserve) and civilian personnel according to six strategic focus areas, which include approaches to recruit, train and retain staff in a competitive national environment.

A critical element of Focus Area 1 directs the development of the DoD Cyber Workforce Framework and a cohesive set of associated DoD workforce management issuances. The DoD 8140 policy set unifies the overall cyberspace workforce and establishes specific workforce elements (i.e., cyberspace information technology (IT), cybersecurity, cyberspace effects, intelligence (cyberspace), cyberspace enablers) to align, manage, and standardize cyberspace work roles and baseline qualification requirements. This evolution in cyberspace workforce management will better allow the Department to build and maintain a cyberspace workforce that can respond to dynamic mission needs.

The Cyberspace Workforce Elements are defined in DoDD 8140.01 Cyberspace Workforce Management as:

Cyberspace IT Workforce: Personnel, who design, build, configure, operate, and maintain IT, networks, and capabilities. This includes actions to prioritize portfolio investments; architect, engineer, acquire, implement, evaluate, and dispose of IT as well as information resource management; and the management, storage, transmission, and display of data and information.

Cybersecurity Workforce: Personnel who secure, defend, and preserve data, networks, net-centric capabilities, and other designated systems by ensuring appropriate security controls and measures are in place, and taking internal defense actions. This includes access to system controls, monitoring, administration, and integration of cybersecurity into all aspects of engineering and acquisition of cyberspace capabilities.

Cyberspace Effects Workforce: Personnel who plan, support, and execute cyberspace capabilities where the primary purpose is to externally defend or conduct force projection in or through cyberspace.

Intelligence Workforce (Cyberspace): Personnel who collect, process, analyze, and disseminate information from all sources of intelligence on foreign actors’ cyber programs, intentions, capabilities, research and development, and operational activities.

Cyberspace Enablers: Personnel who support or facilitate the functions of cyberspace IT, cybersecurity, cyberspace effects, and/or intelligence workforce (cyberspace) work roles.

Federal Cyber Workforce Assessment Act (FCWAA)

The FCWAA of 2015 (contained in Public Law 114-113) requires the coding of filled and vacant cyber positions across the Federal Government (civilian positions by April 2018 and military positions by September 2018). DoD policy guidance for civilian positions is currently under development and is expected to be issued in the May-June 2017 timeframe. Military guidance will be issued in September 2017. The DoD Cyber Workforce Framework is the Department’s standardized cyber workforce lexicon of work roles that will be used for coding positions. This coding effort will be used to support a number of DoD-wide workforce management and workforce planning activities. For example, it can be used to develop role-based training, facilitate supply and demand analyses, develop targeted recruitment and retention strategies, and develop horizontal and vertical career paths.

DoD Cyber Excepted Service (CES) Personnel System

Section 1599f of Title 10, Chapter 81, U.S.C. authorizes the Department of Defense (DoD) to establish the Cyber Excepted Service (CES) personnel system as an Enterprise-wide approach for managing civilian cyber professionals. By providing the needed agility and flexibilities for the recruitment, retention, and development of high quality cyber professionals, the CES will enhance the effectiveness of the Department’s cyber defensive and offensive mission. In partnership with the Principal Cyber Advisor (PCA), the Office of the Under Secretary of Defense for Personnel & Readiness (USD(P&R)), and the Office of the Under Secretary of Defense for Intelligence (USD(I)), the Office of the DoD CIO developed the first four policies for implementing this new personnel system. Upon the Department’s issuance of the personnel policies, CES implementation and hiring will begin with Phase 1 organizations- U.S. Cyber Command, Joint Forces HQ DoD Information Networks, and DoD CIO Cybersecurity. After the conclusion of Phase 1, Phase 2 implementation will occur at the Defense Information Systems Agency (DISA) Headquarters (Ft. Meade) and the Service Cyber Components. Ongoing Department cyber mission assessment activities may identify other organizations for CES in the future and is subject to the fulfillment of collective bargaining obligations as required.

Cyber Information Technology Exchange Program (CITEP)

CITEP provides a unique opportunity for DoD Components and private sector organizations to share best practices, gain a better understanding of cross-sector information technology operations and challenges, and partner to address these challenges. In addition, CITEP can be used to enhance the Information Technology (IT) and Cybersecurity (IT/Cybersecurity) competencies and technical skills of employees from the DoD civilian information technology workforce and their peers from the private sector.

The Information Technology Exchange Program (ITEP) by adding the term “Cyber and” before “Information”, therefore renaming to Cyber and Information Technology Exchange Program (CITEP). DoD and private sector employees who work in the field of cyber operations or information technology can participate in an exchange between the two sectors.

Prospective Participants from DoD:

To be eligible for a detail DoD employees must:

   >   Be at the GS-11 level and above.
   >  Work in the information technology field.
   >  Be considered to be an exceptional employee.
   >  Be expected to assume increased responsibilities in the future.

Exceptional employee means performance meets or exceeds all standards established at the fully successful level or above and makes significant contributions towards achieving organizational goals. Participating organizations should target highly motivated, disciplined employees.

While detailed to a private sector organization, a DoD employee remains a federal employee without loss of employee rights and benefits.

Length of Detail:

An assignment shall be for a period of not less than three months and not more than one year, and may be extended in three-month increments for a total of not more than one additional year by both the CITEP Component POC and private sector organizations. This extension may be granted in three-month increments not to exceed one year.

Continued Service Obligation:

DoD employees are required to return to their employing Component upon completion of the detail for a time period equal to the length of the detail, plus any extensions.

Payment of Salary and Allowances:

DoD has full responsibility for payment of all salary and allowances to their employees participating in CITEP. DoD employees participating in CITEP are entitled to all benefits afforded to similar employees of their respective lending organizations, including medical care, according to subscribed plans and Worker’s Compensation for injuries sustained in the line of duty.

Business Training and Travel Expenses:

The receiving organization (recipient of the CITEP participant) may pay for any business training and travel expenses incurred by the employee while participating in CITEP. The employee shall provide vouchers and all supporting receipts to the receiving organization for review and approval.

Prohibition:

A private sector organization may not charge the DoD or any agency of the federal government, as direct or indirect costs under a federal contract, for the costs of pay or benefits paid by that organization to an employee assigned to a DoD Component for the period of the detail.

Prospective Participants from Private Sector:

For the purposes of CITEP, private sector employees may come from nonpublic or commercial individuals and businesses, nonprofit organizations, academia, scholastic institutions, and nongovernmental organizations.

A private sector employee desiring to participate in CITEP must:

Be a U.S. citizen.

Depending on the nature of the exchange detail, participants may be required to hold a security clearance. The sponsoring DoD Component is responsible for determining the appropriate level of clearance.

While detailed to DoD, a private sector employee is deemed to be an employee of the DoD for certain purposes and is bound by applicable federal and DoD regulations regarding personal conduct, security requirements and ethical behavior.

The private sector employee may not have access to any trade secrets or to any other non-public information which is of commercial value to the private sector organization from which such employee originates. The private sector employee may also continue to receive pay and benefits from the private sector organization.

Length of Detail:

An assignment shall be for a period of not less than three months and not more than one year, and may be extended in three-month increments for a total of not more than one additional year by both the CITEP Component POC and private sector organization. This extension may be granted in three-month increments not to exceed one year.

Payment of Salary and Allowances:

The private sector organization has full responsibility for payment of all salary and allowances to their employees participating in CITEP. Private sector employees participating in CITEP are entitled to all benefits afforded to similar employees of their respective lending organizations, including medical care, according to subscribed plans and Worker’s Compensation for injuries sustained in the line of duty.

Business Training and Travel Expenses:

The receiving organization (recipient of the CITEP participant) may pay for any business training and travel expenses incurred by the employee while participating in CITEP. The employee shall provide vouchers and all supporting receipts to the receiving organization for review and approval.

Prohibition:

A private sector organization may not charge the DoD or any agency of the federal government, as direct or indirect costs under a federal contract, for the costs of pay or benefits paid by that organization to an employee assigned to a DoD Component for the period of the detail.

2. POLICY:

The DoD:

a. Directs Service members and DoD civilian employees assigned to a position coded with a DCWF work role code (referred to in this issuance as “cyberspace workforce positions”) to be fully qualified and identified as such in authoritative manpower and personnel systems in accordance with DoDD 8140.01, DoDI 8140.02, and this issuance.

b. Adheres to the Office of Personnel Management (OPM) General Schedule Qualification Standards and the Federal Wage System Qualifications for the minimum qualification requirements for specific civilian occupation series. The requirements established by this issuance:

(1) Are explicitly for the purpose of defining minimum requirements to serve in positions that are coded for specific cyberspace work roles.

(2) Should not be construed to modify, replace, or conflict with the General Schedule Qualifications experience, education, and proficiency requirements established by the OPM.

c. Requires contractors to be fully qualified by qualification standards and requirements in accordance with DoDD 8140.01 and this issuance. DoDM 8140.03, February 15, 2023 SECTION 1: GENERAL ISSUANCE INFORMATION 4

d. Utilizes the DCWF, as detailed in DoDD 8140.01, DoDI 8140.02, and this issuance, for standardizing qualification criteria for cyberspace work roles across the DoD.

e. Maintains a total force management perspective when staffing identified and authorized DoD cyberspace workforce positions with qualified DoD civilian employees and Service members, augmented, where appropriate, by contractors in accordance with DoDI 1100.22.

f. Accepts, to the extent appropriate and possible, foundational qualification data from other OSD and DoD Components to maximize reciprocity across the enterprise.

g. Requires cyberspace personnel meet security classification standards and sensitivity levels commensurate with position in accordance with DoDI 5200.02 and DoD Manual 5200.02