CASP Now Approved for DoD 8570

The CompTIA Advanced Security Practitioner (CASP) certification is a newer certification from CompTIA that is starting to get more attention. It was recently approved as one of the certifications by Department of Defense (DoD) and is listed on the same level as the CISSP certification in some categories.

 I have written about the (CASP) certification in the past in these blogs:

• General information about CASP
• CASP Beta Exam
• CASP Sample Questions

Where Does CASP Fit In?

A common question that many people ask is "Where does the CASP fit in when compared to other security certifications. The following list includes some common security certifications from easiest to most difficult:

• Microsoft Security Fundamentals
• CompTIA Security+
• ISC2 SSCP
• CompTIA CASP
• ISC2 CISSP

There are other certifications but these are some that are commonly pursued by many individuals.

It's easier to understand how the CASP fits into the DoD certifications if you understand the basics of the certification levels. The following topics explain the DoD IT hierarchy, shows how different certifications fit into different levels.

DoD Approved 8570 Baseline Certifications

As an extension of Appendix 3 to the DoD 8570.01-Manual, several certifications have been approved as Information Assurance (IA) baseline certifications for the IA Workforce. Personnel performing IA functions must obtain one of the certifications required for their position category or specialty and level.

This page provides a listing of the specific certifications required at each level, but here's a short summary.

DoD Information Technology Hierarchy

The DoD IT hierarchy is divided into three general levels (Level I, Level II, and Level III) and each of the IA levels are related to one of these levels.

Level I

Level I is the basic computing environment and often referred to as a local computing environment. In general, this refers to desktop and laptop computers and hand held computing devices. A computing environment may have one or more servers.

Level II

Level II is the networking environment. It can include an operations network, a logistics network, and a human resources network.   Level II networks are connected to Level I computing environments.

Level III

Level III refers to an enclave environment. It consists of two or more networks controlled by enclave security policies and procedures. A Level III enclave environment is connected to one or more Level II network environments.

Information Assurance Technical (IAT)

In general, IAT positions include anyone that require privileged access to a DoD information system Computing, Network, or Enclave environment. For example, anyone requiring administrative access for a system fits into this category. IAT Level I

• A+
• Network+
• SSCP

IAT Level II

• GSEC
• Security+
• SSCP

IAT Level III

• CISA
• GCIH
• CISSP
• CASP

Information Assurance Management (IAM)

In general, IAM positions include anyone that has responsibility for managing information system security for a DoD Information System Computing, Network, or Enclave environment.

IAM Level I

• CAP
• GSLC
• Security+

IAM Level II

• CAP
• GSLC
• CISM
• CASP
• CISSP

IAM Level III

• GSLC
• CISM
• CISSP

Information Assurance System Architect and Engineer (IASAE)

In general, IASAE positions include anyone that has responsibility for the design, development, implementation, and/or integration of a DoD IA architecture, system, or system component for a DoD Information System Computing, Network, or Enclave environment?

IASAE Level I

• CASP
• CISSP

IASAE Level II

• CASP
• CISSP

IASAE Level III

• CISSP - ISSEP
• CISSP - ISSAP

Summary

The CompTIA Advanced Security Practitioner (CASP) certification is now approved for certain DoD levels. Because of this, you can expect to see this certification to get more recognition and respect going forward. In some cases, this is on the same level as the CISSP certification.