DoD 8140 Approved Certifications: Where CompTIA and EC-Council Fit
Share
A practical guide to DoD 8140 certification requirements — what the framework is, how it replaced 8570, which certifications qualify, and how to build a compliant certification path for federal and military cyber careers.
If you want to work in cybersecurity for the U.S. Department of Defense — as military personnel, a civilian employee, or a contractor — you'll encounter DoD 8140 certification requirements. Understanding this framework is essential for anyone targeting federal cyber roles, and the right certifications can open doors to stable, well-compensated government and defense careers.
This guide explains what DoD 8140 is, how it works in 2026, and where CompTIA and EC-Council certifications fit.
What Is DoD 8140?
DoD 8140 (formally DoD Directive 8140.01, "Cyberspace Workforce Management") is the U.S. Department of Defense framework that defines training, qualification, and certification requirements for the entire DoD cyber workforce.
It applies to anyone — military, civilian, or contractor — who works on DoD information systems, networks, or cyber operations. Even if you mostly work for non-DoD organizations, you'd need 8140-compliant qualifications to do certain DoD-related work.
How 8140 Replaced 8570
DoD 8140 replaced the older DoD 8570 directive. The key differences:
| Aspect | DoD 8570 (old) | DoD 8140 (current) |
|---|---|---|
| Focus | Information Assurance (IA) certifications | Broader cyber workforce roles |
| Approach | Strict baseline certification lists | Role-based, work-role aligned |
| Scope | IA technical and management roles | Multiple cyber domains |
| Framework alignment | IA categories (IAT/IAM/IASAE) | DCWF work roles, NICE framework |
The transition has been completed in stages, with full compliance for all cyber-related workforce elements required by February 15, 2026. The shift moves away from broad certification categories toward role-based qualification aligned to the DoD Cyber Workforce Framework (DCWF).
A Note on Legacy Terminology
Even though 8140 replaced 8570, you'll still encounter old 8570 terminology — particularly IAT Levels (I, II, III), IAM Levels, and IASAE Levels — in job postings, contracts, and HR systems. This legacy language persists during the transition, so it's worth understanding both the old categories and the new work-role model.
The Seven DoD-Approved CompTIA Certifications
CompTIA certifications are well-represented in DoD-approved baseline lists. Seven CompTIA certifications have been approved for DoD 8140/8570, covering multiple job roles:
- CompTIA A+ — foundational IT roles.
- CompTIA Network+ — networking roles.
- CompTIA Security+ — the cornerstone security baseline (covers many roles).
- CompTIA Cloud+ — cloud infrastructure roles.
- CompTIA PenTest+ — penetration testing roles.
- CompTIA CySA+ — cybersecurity analyst roles.
- CompTIA SecurityX (formerly CASP+) — advanced/senior roles.
These vendor-neutral, ANSI-accredited (ISO 17024) certifications cover a wide range of DoD cyber work roles, making CompTIA a central part of most DoD-compliant certification paths.
Where EC-Council Certifications Fit
EC-Council certifications are also recognized within DoD frameworks for certain roles:
- CEH (Certified Ethical Hacker) — recognized for offensive/red-team-adjacent and certain analyst roles.
- CHFI (Computer Hacking Forensic Investigator) — relevant for forensics-related work roles.
- CCISO — relevant for senior security management roles.
EC-Council certs complement CompTIA certs in DoD contexts, particularly for specialized offensive and forensics roles.
Note: IT-MASTER Co. is an authorized EC-Council partner expanding our catalog. For CEH, CHFI, and other EC-Council courseware and vouchers, contact us.
The Cornerstone: Why Security+ Matters Most
Among all DoD-approved certs, Security+ is the single most important for most people targeting DoD cyber roles. Here's why:
- It satisfies the baseline requirement for the largest number of common DoD cyber roles.
- It's the cert most frequently referenced in DoD job postings (often phrased as "IAT Level II" requirements, which Security+ satisfies).
- It's affordable and accessible (no eligibility barrier).
- It's the foundation that higher DoD-approved certs build on.
If you're targeting DoD cyber work and can only earn one cert to start, Security+ is almost always the right choice. See CompTIA Security+ collection.
Mapping Certs to DoD Roles (Legacy IAT/IAM Levels)
While 8140 uses work roles, the legacy IAT/IAM level language still appears widely. A rough mapping of how CompTIA certs align to the legacy levels:
IAT (Information Assurance Technical) — Hands-On Technical Roles
- IAT Level I: A+, Network+, (and others) — entry technical roles.
- IAT Level II: Security+, CySA+, (and others) — intermediate technical roles. This is the most common requirement in job postings.
- IAT Level III: CySA+, SecurityX (CASP+), (and others) — advanced technical roles.
IAM (Information Assurance Management) — Management Roles
- IAM Level I–III: Security+, CySA+, SecurityX, CISSP, (and others) — management roles by level.
IASAE (System Architect and Engineer) — Architecture Roles
- IASAE Levels: SecurityX (CASP+), CISSP, (and others) — architecture/engineering roles.
Note: exact mappings are subject to change under 8140's evolving work-role model. Always verify current requirements against official DoD sources and the specific job posting.
Building a DoD-Compliant Certification Path
For someone targeting DoD cyber careers, a practical certification path:
Entry Level (Foundation + IAT II)
- A+ — IAT Level I, systems foundation.
- Network+ — networking foundation.
- Security+ — IAT Level II, the cornerstone. This unlocks most entry-to-mid DoD cyber roles.
Mid Level (Specialization)
Senior Level (Advanced/Architecture)
- SecurityX — IAT Level III / IASAE, senior technical roles. or CISSP — management/architecture roles.
This path satisfies DoD requirements at increasing levels while building a coherent career. For the full roadmap, see CompTIA Cybersecurity Career Pathway: From Tech+ to SecurityX.
Special Considerations for DoD Careers
A few things to know about DoD cyber careers beyond certifications:
Security Clearances
Many DoD cyber roles require a security clearance (Secret, Top Secret, TS/SCI). Clearances are separate from certifications — you need both for many positions. Clearances are typically sponsored by an employer.
Continuing Education
DoD-approved certs must be kept current. CompTIA certs renew via Continuing Education (CE) credits or higher certs — see CompTIA CE vs Certified Without Expiration.
Experience Requirements
8140's work-role model emphasizes hands-on skills and experience, not just certifications. Military cyber training and experience often count toward qualification.
For Veterans
Military cyber experience translates well to DoD civilian and contractor roles. Veterans often have relevant experience that, combined with 8140-compliant certs, qualifies them for federal cyber positions.
Why DoD-Compliant Certs Have Broad Value
Even if you're not specifically targeting DoD work, DoD-approved certifications carry broad value:
- They're ANSI-accredited (ISO 17024) — a mark of quality.
- They're widely recognized beyond government, in private-sector hiring.
- They signal a vetted, standardized level of competence.
- They keep federal/defense career options open even if you start in the private sector.
Earning DoD-approved certs is a smart move regardless of whether you immediately pursue government work — it maximizes your career optionality.
The Bottom Line
DoD 8140 (which replaced 8570) defines certification and qualification requirements for the U.S. Department of Defense cyber workforce. Seven CompTIA certifications — A+, Network+, Security+, Cloud+, PenTest+, CySA+, and SecurityX — are DoD-approved and central to most compliant certification paths, with EC-Council certs (CEH, CHFI, CCISO) recognized for specialized roles.
Security+ is the cornerstone — it satisfies the most common DoD requirements (often phrased as "IAT Level II") and is the right starting point for most DoD-targeting candidates. Build from foundation (A+ → Network+ → Security+) through specialization (CySA+/PenTest+) to senior level (SecurityX/CISSP), and remember that clearances and experience matter alongside certifications.
DoD-approved certs carry broad value beyond government too — making them a smart investment for any cybersecurity career.
Get Started
- 📘 Build the DoD-compliant foundation: A+ → Network+ → Security+.
- 🗺️ See the full pathway: CompTIA Cybersecurity Career Pathway.
- 🛡️ Build security awareness free: cyberawareness.pro.
For CEH, CHFI, and other EC-Council courseware and vouchers, contact IT-MASTER Co.