Military and civilian personnel in Department of Defense Cyber Workforce Framework cybersecurity work roles must meet foundational qualifications by Feb. 15, 2025, as part of a sweeping standardization effort.
Many such personnel already have the requisite certifications, which is why they’re first: DOD wanted a “soft opening” for the DCWF, said Matthew Isnor, program lead for the Cyber Workforce Development Office of the DOD CIO, during a TechNet Augusta 2024 panel Wednesday.
DOD Directive 8140 went into effect in October 2020 to unify the military’s cyber workforce; establish specific elements such as IT and intelligence; and standardize work roles, qualifications and training. The directive created the DCWF to be a reference for these positions and qualifications.
“The DCWF is a total-force effort,” Isnor said. “But it’s only military and civilian right now.”
Click the banner below to keep up with all of our TechNet Augusta 2024 coverage.
Directive 8140 Is a ‘Talent Management Program’
Personnel in IT, cyber effects, cyber intelligence and cyber enabler work roles won’t need to meet their DCWF qualifications until Feb. 15, 2026, and DOD is still working on a timeline for artificial intelligence and software engineering work roles. Though work roles continue to be added, personnel should be placed in positions aligned to the right ones ahead of deadlines for 8140.
“It’s a talent management program,” Isnor said. “That’s what we want to be able to implement for you guys, to make sure that we have standardization across the board, and everyone in the department is capable of doing this.”
Implementing 8140 will grant senior DOD leadership long-sought-after, granular visibility into how qualified personnel are and where skills gaps exist. Unlike its predecessor, the directive will optimize organizational and on-the-job training, Isnor said.
Additionally, 8140 opens the door to maneuverable career pathing within DOD, which should improve retention — once personnel can see how different work roles progress and what skills they need.
“We’re really just in Phase 1,” Isnor said.
The Defense Federal Acquisition Regulation Supplement
DOD owes Congress a report on 8140’s progress in April 2025. In the meantime, branches are developing their own 8140 guidance. The Army’s is currently in staffing and must first be approved by command headquarters before release, said Nathan Colodney, deputy of the Army CISO and deputy director of cybersecurity for Army headquarters.
The Pentagon is also updating the Defense Federal Acquisition Regulation Supplement, a set of rules for its contractors and subcontractors, to align with the DCWF. The General Services Administration and Office of Management and Budget must approve the DFARS, which is about eight months away from release, Isnor said.
To learn more about TechNet 2024, visit our conference page. You can also follow us on X (formerly Twitter) at @FedTechMagazine to see behind-the-scenes moments.