8140 FAQ
Click the bar for each question to toggle to the response.
DoD 8140 serves the broader DoD cyber workforce, DoD Components carrying out cyber missions and all DoD cyber positions required to perform cyber work. DoD 8140 supports military service member, DoD civilians, and contractor employees performing cyber work within the scope of their assigned cyber element (IT, cyber enablers, cyber effects, cyber (intel), or cybersecurity). DoD 8140 will be updated to address other relevant functional communities.
The DoD Directive (DoDD) 8140.01 was initially signed August 11, 2015, change 1 was released on July 31, 2017, and was rereleased on August 5, 2020. The Directive unifies the overall cyber workforce and establishes specific workforce elements (e.g., information technology (IT), cybersecurity, cyber effects, cyber (intel), and cyber enablers) to align, manage and standardize cyber work roles, baseline qualifications, and training requirements. It establishes the DoD Cyberspace Workforce Framework (DCWF) as the authoritative reference for the identification, tracking, and reporting of DoD cyberspace positions and foundation for developing enterprise baseline cyberspace workforce qualifications. The Directive also establishes the Cyber Workforce Management Board with representation from the Offices of the DoD CIO, Under Secretary of Defense for Acquisition and Sustainment (A&S), Under Secretary of Defense for Research and Engineering (R&E), Under Secretary of Defense for Personnel and Readiness (USD(P&R)), Under Secretary of Defense for Intelligence & Security (USD(I&S)), the Director, National Security Agency/Chief, Central Security Service (DIRNSA/CCSS), Under Secretary of Defense for Policy (USD(P)), the Chairman of the Joint Chiefs of Staff, and other DoD Components.
The DoDD 8140.01 does NOT address operational employment of the work roles. Operational employment of the DoD cyber workforce is determined by the Joint Staff, Combatant Commands, and other DoD Components to address mission requirements.
DoD 8140 Implementation resources can be found here: https://www.dodemergingtech.com/
Copies of the DoD 8140 issuances can be found on Cyber Exchange here: https://www.dodemergingtech.com/dod-workforce-innovation-directorate/documents-library/
Your Content Goes Here
No. DoD 8140 does not replace or infringe on any DoD Component responsibilities, functions or authorities. Organizations are still required to comply with relevant DoD Component, command, or community specific requirements.
DoD Components may require personnel performing cyber job functions to complete specific certifications or training in addition to those identified in the DoD 8140 Manual. Confirm with your direct supervisor or your Cyber Workforce Advisory Group representative that you are categorized and qualified at the right level and meet the appropriate DoD Component-specific requirements.
Yes. As part of the DoD’s formal staffing process, USD(P&R) conducted a “National consultation rights” (NCR) review during which the unions had an opportunity to comment on the DoD 8140 Manual. The national unions concurred without comment.
National consultation rights (NCR) do not absolve the unions from fulfilling their local bargaining obligations as appropriate prior to implementation of DoD policy.
They can participate in plans for meeting the DoDM 8140.03 requirements for the DoD civilian cyber workforce.
For example:
- Who needs to be qualified is non-negotiable.
- Order/priority to qualify the local cyber workforce may be negotiated.
- The number of retests the organization will fund may be negotiated.
The recognized cyber occupations under DoD 8140 are 2210 Information Technology Management, 1550 Computer Science, 0332 Computer Operations, and 0335 Computer Clerk and Assistant.
Positions aligned to these occupations must be coded in accordance with DoD 8140 requirements.
Yes, all cyber positions must be coded. Any DoD civilian position with a designated cyber occupational series is expected to have a designated cyber work role. Exemptions must have documented justification for non-cyber coding. DoD Components should review all positions to decide whether they require the performance of cyber work.
Yes. DoD civilian employees and military service members must achieve 1) foundational qualification requirements within nine months of assignment to a cyber work role and 2) resident qualification requirements within 12 months of assignment to a cyber work role. Foundational and residential qualification requirement timelines are concurrent.
The contracting officer of each organization should ensure that contract support personnel are appropriately qualified.
DoD Components should not pay for contractors to obtain/retain required certifications. However, DoD Components may provide additional training on local or DoD specific system procedures.
Human resources and functional community managers should first review position requirements and apply work role codes as appropriate to military and civilian billets in authoritative manpower systems. The DCWF Workforce Coding and Identification Guide, found on Cyber Exchange, includes further information on military and civilian occupational series that are often engaged in cyber work and have additional requirements for coding. Periodic reviews of position requirements and subsequent updates to work role coding should be completed to account for newly added positions, to reflect any changes to the position duties and incorporate any updates made to the DCWF.
Once DCWF work role coding has been completed in the manpower system, human resources and functional community managers must ensure those work roles are applied to the corresponding personnel records within authoritative personnel system of record. Once this activity is completed, system managers will be able to extract reports of all positions and personnel engaged in cyber activities.
Yes, training that meets the requirements of the DoD Cyber Operations Forces satisfies the requirements of the DoDM 8140.03.
Personnel assigned to a position that is coded with a DCWF work role must meet the foundational, residential, and continuous professional development qualification requirements outlined for each work role at the assigned proficiency level(s).
It is the DoD Component’s responsibility to ensure compliance with these areas in accordance with DoD 8140.
Within two years of the effective date of DoDM 8140.03, published on February 15, 2023, all DoD civilians and military service members in cyber work roles under the cybersecurity workforce element must be qualified. Within three years of the effective date of DoDM 8140.03 (15 February 2026), all DoD civilians and military service members in work roles under the cybers IT, cyber effects, intelligence (cyber) and cyber enabler workforce elements must be qualified. Thereafter, all incumbents and new hires must be trained, qualified in accordance with DoDM 8140.03.
OSD and DoD Component heads, or a delegated authority, may waive the qualification requirements for DoD civilian employees and military service members only under severe operational or personnel constraints. Waivers may not exceed six months, except in an emergency situation during a deployment to a combat environment. Consecutive waivers for DoD civilian employees and military service members are not authorized.
Government contracting representatives can refer to the DFARS Subpart 239.71 for qualification standards.
The Federal Government is actively working on updates to the DFARS. As soon as the full timeline for updates are understood, DoD CIO will provide additional guidance regarding contractor timelines.
For more information about the Cyber Workforce Qualification Program, contact the DoD CIO Workforce Innovation Directorate at: osd.mc-alex.dod-cio.mbx.cyberspace-workforce-tag@mail.mil
Each major DoD Component is represented by at least one voting member at the Cyber Workforce Advisory Group (CWAG). Each CWAG representative has the role of gathering input from their DoD Component’s cyber workforce to submit to the CWAG. Contact your DoD Component’s Office of Primary Responsibility (OPR) point of contact to provide direct feedback.