The Defense Department issued DoD Directive 8140.01 Aug. 11, 2015, to update and expand established policies and assigned responsibilities for managing the DoD cyberspace workforce.
The directive authorizes establishment of a DoD cyberspace workforce management council to ensure that the requirements of this directive are met. The council will be comprised of representatives from the Offices of the DoD Chief Information Officer (DoD CIO), Under Secretary of Defense for Personnel and Readiness (USD(P&R)), Under Secretary of Defense for Policy (USD(P)), Under Secretary of Defense for Intelligence (USD(I)), the Joint Staff, the Director, National Security Agency/Chief, Central Security Service (DIRNSA/CHCSS), and other DoD Components.
The directive unifies the overall cyberspace workforce and establishes specific workforce elements (cyberspace effects, cybersecurity, and cyberspace information technology (IT)) to align, manage and standardize cyberspace work roles, baseline qualifications, and training requirements. This directive does not address operational employment of the work roles. Operational employment of the cyberspace workforce will be determined by the Joint Staff, Combatant Commands, and other DoD Components to address mission requirements.
This directive applies to OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff (CJCS) and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense (IG DoD), the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (referred to collectively in this directive as the “DoD Components”).
It is DoD policy that:
a. The DoD maintains a total force management perspective to provide qualified cyberspace government civilian and military personnel to identified and authorized positions, augmented where appropriate by contracted services support. These personnel function as an integrated workforce with complementary skill sets to provide an agile, flexible response to DoD requirements.
b. The appropriate mix of military and government civilian positions and contracted support designated to perform cyberspace work roles is determined in accordance with DoD Instruction (DoDI) 1100.22.
c. Civilian, military, and contracted support personnel assigned to perform cyberspace work roles must meet qualification standards established in supporting issuances, in addition to other existing workforce qualification and training requirements assigned to billets and position requirements (e.g., acquisition, intelligence, communications). DoD Component contracting officials apply subpart 239.71 of the Defense Federal Acquisition Regulation Supplement for contracted support designated to perform cyberspace workforce work roles.
d. DoD Component compliance with this directive is monitored via authoritative manpower and personnel systems as an element of mission readiness and as a management review item. Compliance with requirements of this directive must be included in DoD and DoD Component-level inspection programs and readiness reporting.
e. Nothing in this directive replaces or infringes the responsibilities, functions, or authorities of the DoD Component heads or other OSD officials as prescribed by law or Executive order, assigned in chartering DoDDs, or detailed in other DoD policy issuances or, as applicable, in Director of National Intelligence policy issuances.
f. All authorized users of DoD IT receive initial cybersecurity and information assurance awareness orientation as a condition of access, and thereafter must complete annual cybersecurity and information assurance refresher awareness.
This directive is available from the DoD Issuances Website at http://www.dtic.mil/whs/directives, or go directly to the PDF at http://www.dtic.mil/whs/directives/corres/pdf/814001_2015_dodd.pdf.