Skip Links

Here's one major employer that requires its IT folks to be certified

The Defense Department approves, funds and requires IT certification

By Linda Leung, Network World
July 25, 2007 07:12 AM ET

We’ve devoted many issues of this newsletter to discuss whether certifications are becoming less important than work experience and business skills. Judging by the most recent skills pay surveys by Foote Partners, employers are now more likely to give pay hikes to experienced folks vs. certified techies (search the newsletter index for our discussions on this topic).

Reader Gene Simpson wrote in to say there is one major employer that does require certifications of its IT employees and contractors – the Department of Defense. Simpson CISSP, CISA, CCIE #15256, is a computer security specialist and a MIST student at the University of Maryland, University College studying information assurance. He writes:

“Both surveys and the industry press have predicted the demise of the IT certification industry. Studies show declines in certifications awarded, and in the salaries awarded for certified skills. The conventional wisdom of today is that IT certifications are not worth the paper they are printed on.

“All of this makes Department of Defense Directive 8570 all the more remarkable. DOD 8570.01-M, issued in December of 2005, requires that many civilian and military IT professionals have information assurance certifications.

“The directive requires new hires to agree to obtain certification as a “condition of employment” within 6 months of being hired. In addition, many DOD contracts are to require the contractor to report on the certification status of IT professionals working on the contract. And under current plans, requires that by the end of 2008, 40% of the affected IT professionals are to have one of the approved certifications. To facilitate this, the National Defense Authorization Act for Fiscal Year 2006 authorizes the Pentagon to pay for certifications for members of the armed forces (see title 10, chapter 101 of the United States Code).

“DOD 8570.01-M specifies a list of approved information assurance certifications issued not by the military, but by the certification industry. This list is split into two tracks, technical and managerial, with three levels each. For each track and level, there are specific industry certifications approved to meet the requirement.

“DOD 8570.01-M Approved IT Certifications:

Technical Level 1
A+
Network+
SSCP

Technical Level 2
GSEC
Security+
SCNP
SSCP

Technical Level 3
CISA
CISSP
GSE
SCNA

Managerial Level 1
GISF
GSLC
Security+

Managerial Level 2
GSLC
CISM
CISSP

Managerial Level 3
GSLC
CISM
CISSP

“In addition to the approved list of certifications, which are vendor-neutral, DOD 8570-01-M specifies that system administrators with admin and/or root privileges (privileged users in DOD parlance) “MUST OBTAIN APPROPRIATE COMPUTING ENVIRONMENT (CE) CERTIFICATIONS for the operating system(s) they support” The DOD has taken a strong stand on the IT certification debate. In the DOD 8570.01-M manual, the Pentagon has approved 12 IT certifications, and classified them into three levels of difficulty. It has also made these certifications a reportable requirement for the hiring, promotion, and retention of many IT professionals working in both the DOD and for military contractors, and Federal law has been modified to allow the Pentagon to pay for certifications for members of the armed forces. Furthermore, the directive contains language requiring system and network administrators to obtain vendor certifications for the systems they operate.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News