https://armypubs.army.mil/epubs/DR_pubs/DR_a/ARN43679-PPM_CIO-066-000-WEB-1.pdf
DEPARTMENT OF THE ARMY
CHIEF INFORMATION OFFICER
107 ARMY PENTAGON
WASHINGTON DC 20310-0107
CS-SEC-PW-066
SAIS-CS (25-1rrrr) 28 April 2025
MEMORANDUM FOR SEE DISTRIBUTION
SUBJECT: Transition from Department of Defense 8570.01-M to Department of
Defense Manual 8140.03
1. References.
a. DoDM 8140.03 (Cyberspace Workforce Qualification and Management Program)
b. AR 25-2 (Army Cybersecurity Program)
c. DoDD 8140.01 (Cyberspace Workforce Management)
d. DoDI 8140.02 (Identification, Tracking, and Reporting of Cyberspace Workforce
Requirements)
e. CIO memorandum (Cyberspace Workforce Qualification Requirements), 26 Feb 2024
2. Purpose. This policy memorandum details the Headquarters Department of the
Army's (HQDA) strategy for transitioning from the Department of Defense (DoD)
8570.01-M to the DoDM 8140.03 framework. This framework is designed to identify,
develop, and qualify the Army's cyberspace workforce. The primary objective is to
ensure a standardized, capable, and resilient cyberspace workforce to protect and
defend Army networks and systems.
3. Background.
a. The transition from DoD 8570.01-M to DoDM 8140.03 was launched to update
and consolidate the DoD's approach to cyberspace workforce qualification and
management. The former framework, DoD 8570.01-M, centered primarily on specific
certifications and did not sufficiently address the dynamic and diverse nature of cyber
roles within the DoD. The new DoDM 8140.03 introduces a comprehensive, role-based
qualification framework that prioritizes practical capability and continuous professional
development.
b. The Army Chief Information Officer (CIO) directed Principal Officials,
Headquarters, Department of the Army; Commanders of Army commands, Army
service component commands, and direct reporting units; and senior leaders of
agencies and activities the option to continue under the DoD 8570.01-M requirements
SAIS-CS (25-1rrrr)
SUBJECT: Transition from Department of Defense 8570.01-M to Department of
Defense Manual 8140.03
until Army CIO issued further guidance, to include an implementation schedule for
DoDM 8140.03.
4. Applicability.
a. In accordance with Army Regulation (AR) 25-2, paragraph 2-7, the Army CIO,
representing the Secretary of the Army, is responsible for establishing policy, allocating
resources, and overseeing the Army Cybersecurity Program. This policy memorandum
adheres to the provisions stated in AR 25-2, paragraph 1-8, which allows the Army CIO
to issue policy memoranda as necessary to provide additional guidance on the policies
within AR 25-2.
b. This policy is applicable to all Army commands, organizations, and units,
encompassing Active Duty, Reserve, and National Guard components, civilian
employees, and foreign nationals assigned to cyberspace positions as outlined in
DoDI 8140.02, in alignment with the DoD Cyberspace Workforce Framework (DCWF).
c. Contractors operating under a performance work statement (PWS) are exempt
from this guidance.
5. Policy.
a. DoDM 8140.03 Cyber Workforce Qualification and Management Program,
effective 15 February 2023, introduces a three-year phased compliance schedule.
b. The designated work roles within the cybersecurity element are required to attain
foundational qualification by 1 October 2025 except for work role 462. Since this is a
new work role, it will need to obtain foundational qualifications by 15 February 2026.
(1) 212 (Cyber Defense Forensics Analyst)
(2) 462 (Control Systems Security Specialist)
(3) 511 (Cyber Defense Analyst)
(4) 521 (Cyber Defense Infrastructure Support Specialist)
(5) 531 (Cyber Defense Incident Responder)
(6) 541 (Vulnerability Assessment Analyst)
(7) 611 (Authorizing Official/Designated Representative)
(8) 612 (Security Control Assessor)
(9) 622 (Secure Software Assessor)
(10) 631 (Information Systems Security Developer)
(11) 652 (Security Architect)
(12) 722 (Information Security System Manager)
(13) 723 (COMSEC Manager)
2
SAIS-CS (25-1rrrr)
SUBJECT: Transition from Department of Defense 8570.01-M to Department of
Defense Manual 8140.03
c. Personnel assigned to DCWF work roles specified in section 5b are required to
attain residential qualification by February 15, 2026. DCWF work role 462 is required to
attain residential qualification by February 15, 2027.
d. Personnel assigned to DCWF work roles within the remaining workforce
elements (cyber-IT, cyber intel, cyber effects, cyber enablers) must achieve
foundational requirements by February 15, 2026. (Note: DCWF work role 341 must
achieve foundational qualification by February 15, 2027.) Follow-up guidance for work
roles in all other elements will be provided by the DoD CIO in coordination with
respective OPRs.
e. All elements in 5d must achieve residential qualification by February 15, 2027.
DCWF work role 341 must achieve residential qualification by February 15, 2028.
f. Residential qualifications established by commands, heads of agencies, or their
designees play a crucial role in the DoD Cyber Workforce Qualification (DCWFQ)
program. These qualifications must ensure that personnel assigned to specific work
roles within the DCWF meet the necessary standards and requirements.
g. In the absence of 8140 training, education, or certification, relevant experience
can be utilized as an alternative to meet foundational qualification requirements. As
stipulated by DoDM 8140.03, personnel must demonstrate experience that aligns with
the knowledge, skills, abilities, and tasks (KSATs) required for their specific work role.
This approach offers flexibility in workforce management and recognizes practical,
hands-on expertise. The validation of experience will be conducted by a board at the
command level, ensuring it is properly documented and verified. The Army CIO will
issue separate guidance on the board's structure, procedures, and documentation
requirements. In the interim commands can appoint officials to approve experience
qualifications.
h. All military and civilian work roles must be accurately coded in manpower and
personnel systems (i.e., Force Management System Web (FMSWeb), the Army Org
Server (AOS), Integrated Personnel and Pay System-Army (IPPS-A), and the Defense
Civilian Personnel Data System (DCPDS)).
i. The qualification requirements for all foreign nationals will be tracked once a
suitable Learning Management System (LMS) becomes available.
6. Roles and Responsibilities. See enclosure.
3
SAIS-CS (25-1rrrr)
SUBJECT: Transition from Department of Defense 8570.01-M to Department of
Defense Manual 8140.03
7. Transition Plan.
a. Spiral One: Commands ensure that all personnel in the cybersecurity work roles
specified in paragraph 5b meet foundational requirements through approved pathways
such as experience, education, training, or commercial certification, as outlined in the
Cyber.mil Qualification Matrix. As DoD CIO continues to clarify aspects of DoDM 8140.03,
commands have some leeway to determine which pathway to use to ensure
qualifications are met.
b. Spiral Two: Commands must ensure that all personnel in all other DCWF
elements defined in paragraph 5d meet foundational qualification requirements by
15 February 2026, unless otherwise noted.
c. Assessment of current personnel: Each Army command and activity will evaluate
existing cyberspace personnel to identify their current certifications, roles, and
competencies in accordance with DoDM 8140.03.
d. Training and qualification: All personnel assigned to DCWF work role will be
required to complete qualification requirements that align with their new roles under
DoDM 8140.03 by the timelines approved by the Cyber Workforce Management Board
(CWMB).
e. Civilians and military personnel occupying a new work role and proficiency levels
(example new hires) must meet foundational qualification requirements within 9 months
of assignment and residential qualifications within 12 months of assignment.
f. Army commands will establish a continuous professional development program to
ensure cyberspace workforce personnel remain current with evolving technologies and
threats, in accordance with DoDM 8140.03 requirements.
g. Commanders or designated representative may waive the qualification
requirements for Army Civilian employees and Service members for up to six months
due to severe operational or personnel constraints. Waivers must specify an expiration
date and be documented in a memorandum of record. The maximum waiver period is
six months, unless an emergency arises during a deployment to a combat environment.
h. There is no connection between proficiency level and the rank or grade of the
individual. Designation of proficiency levels should be determined by a supervising
official. The three proficiency levels to define performance expectations are:
(1) Basic. The role requires an individual to have familiarity with basic concepts
and processes and the ability to apply these with frequent, specific guidance. An
individual must be able to perform successfully in routine, structured situations.
4
SAIS-CS (25-1rrrr)
SUBJECT: Transition from Department of Defense 8570.01-M to Department of
Defense Manual 8140.03
(2) Intermediate. The role requires an individual to have extensive knowledge of
basic concepts and processes and experience applying these with only periodic high-
level guidance. An individual must be able to perform successfully in non-routine and
sometimes complicated situations.
(3) Advanced. The role requires an individual to have an in-depth understanding
of advanced concepts and processes and experience applying these with little to no
guidance. An individual must be able to provide guidance to others; and the work must
be performed as a primary or additional work role.
i. DoDI 8140.02 paragraphs 4b (3 and 5), require the use of the code “000” if the
position does not perform cyberspace tasks as a primary duty and at least one
additional cyberspace work role code must be designated. Any “000” position must also
include an explanation for the use of “000” primary code, where a position has been
determined as non-cyberspace. Such positions must be in a recognized civilian
occupation series which require, a non “000” DCWF work role code. The Cyber
Workforce Management Board will update specifics of the manner for explanation of
use of the “000” code in the future.
j. Military position identification can be aided by use of the military occupation
crosswalk, available for download at:
https://www.onetonline.org/crosswalk/MOC?b=A&s=.
8. Compliance. All Army personnel must comply with this policy and the requirements
set forth in DoDM 8140.03. Non-compliance may result in adverse action and may
impact personnel assignments and career progression.
9. Labor Relations. All statutory labor relations obligations must be met in the
implementation of this program
10. Points of Contact.
a. SAIS-CSP Policy Team: usarmy.pentagon.hqda-cio.mbx.sais-csp@army.mil.
b. SAIS-CSD: Earl Allen, Special Assistant to the Army CISO,
earl.b.allen3.civ@army.mil.
Encl LEONEL T. GARCIGA
Chief Information Officer
5
SAIS-CS (25-1rrrr)
SUBJECT: Transition from Department of Defense 8570.01-M to Department of
Defense Manual 8140.03
DISTRIBUTION:
Principal Officials of Headquarters, Department of the Army
Commander
U.S. Army Forces Command
U.S. Army Training and Doctrine Command
U.S. Army Materiel Command
U.S. Army Futures Command
U.S. Army Pacific
U.S. Army Europe and Africa
U.S. Army Central
U.S. Army North
U.S. Army South
U.S. Army Special Operations Command
Military Surface Deployment and Distribution Command
U.S. Army Space and Missile Defense Command/Army Strategic Command
U.S. Army Cyber Command
U.S. Army Medical Command
U.S. Army Intelligence and Security Command
U.S. Army Corps of Engineers
U.S. Army Military District of Washington
U.S. Army Test and Evaluation Command
U.S. Army Human Resources Command
U.S. Army Corrections Command
U.S. Army Recruiting Command
Superintendent, U.S. Military Academy
Commandant, U.S. Army War College
Director, U.S. Army Civilian Human Resources Agency
Executive Director, Military Postal Service Agency
Director, U.S. Army Criminal Investigation Division
Director, Civilian Protection Center of Excellence
Director, U.S. Army Joint Counter-Small Unmanned Aircraft Systems Office
Superintendent, Arlington National Cemetery
Director, U.S. Army Acquisition Support Center
CF:
Principal Cyber Advisor
Director of Enterprise Management
Director, Office of Analytics Integration
Commander, Eighth Army
6
Roles and Responsibilities
1. Principal Officials, Headquarters, Department of the Army; Commanders of
Army commands, Army Service Component Commands, and Direct Reporting
Units; and Senior Leaders of Agencies and Activities will:
a. Provide oversight to ensure compliance with DoDM 8140.03 and related Army
policies.
b. Regularly evaluate the effectiveness of the cyberspace workforce programs and
make necessary adjustments.
c. Conduct comprehensive assessments of the current cyberspace workforce to
identify skill gaps and personnel readiness.
d. Ensure that all personnel are aware of and understand the new policies related
to cyberspace roles and responsibilities.
e. Facilitate access to training programs and resources that cover the DCWF work
role.
f. Conduct regular audits to ensure adherence to qualification and certification
requirements.
g. Address non-compliance issues through remedial training or reassignment as
needed.
h. Provide periodic reports on the status of cyberspace workforce qualification and
management programs to higher headquarters.
i. Identify the resources required to implement DoDM 8140.03 for inclusion in the
planning, programming, budgeting, and execution process.
j. Code and validate all billets/position data in the manpower and personnel
systems with the DCWF work role and proficiency levels per DoDI 8140.02.
k. Collaborate with the servicing G-1 and Human Resource Management Division
and Force Management to review and update civilian position descriptions (PDs) to
align with the tables of distribution and allowances (TDA) manpower and personnel
system billets in accordance with DoDI 8140.02. Commands can use the AutoNOA tool
to update and modify PDs to the greatest extent possible at https://autonoa.army.mil.
l. Ensure that MTOE, TDA, military occupational specialties, and civilian
occupational series are updated to reflect requirements for cyber-related functional
areas, military and civilian work roles, credentials, and security clearances.
Enclosure
m. Code personnel with the billet identification number (FM ID) of the billet they
currently fill to enable robust cyberspace workforce data analytics.
2. Assistant Secretary of the Army for Acquisition, Logistics, and Technology
(ASA (ALT)) will:
a. Allocate resources, including funding and personnel, to support the
development and maintenance of the cyberspace workforce.
b. Oversee the procurement of necessary technology and tools to enhance
cybersecurity capabilities.
c. Verify that adequate support for cyberspace workforce requirements is planned,
resourced, and documented and can be executed in a timely manner in accordance
with DoD 8140.01, DoDI 8140.02, DoDM 8140.03 and other applicable NIST, CNSS,
DoD, and Army issuances.
d. Verify that acquisition community personnel with cybersecurity development
responsibilities meet the standard qualification criteria in accordance with DoDD
8140.01.
e. Monitor compliance with cyberspace workforce policies and standards within
the ASA(ALT) domain.
f. Conduct regular audits and assessments to ensure compliance to qualification
and certification requirements.
g. Support the Army CIO, DCS G-6, and other Army stakeholders in the
development, implementation, and maintenance of an effective cybersecurity strategy
for both new and existing systems. This strategy should align with DoD policies,
standards, and architectures for all IT, enabling receiving units to comply with DoD and
Army-approved processes into the sustainment phase. Cybersecurity strategies should
also consider the impact on personnel requiring compliance with DoDM 8140.03.
h. Provide guidance to program managers and acquisition professionals on
complying with DoDM 8140.03.
i. Collaborate with the Army CIO and other cybersecurity leaders to align
acquisition strategies with cyberspace workforce initiatives.
3. Army Chief Information Officer will:
a. Develop policies related to the Army's cyberspace workforce.
b. Provide oversite and guidance for resources, including funding and
2
personnel, to support the development and maintenance of the cyberspace workforce.
c. Oversee the procurement of necessary technology and tools to enhance
cybersecurity capabilities.
d. Monitor compliance with cyberspace workforce policies and standards within
the Army.
e. Order regular audits and assessments to ensure adherence to DCFWQ
program and requirements.
f. Coordinate the collection and analysis of qualification data for the cyberspace
workforce to fulfill internal and external reporting requirements in accordance with DoDI
8140.02 and DoDM 8140.03.
g. Plan for and incrementally complete the requirements stated in DoDM 8140.03,
paragraph 4.3(a).
h. Represent the Army on the Cyber Workforce Management Board (CWMB) and
assign a representative to the Cyberspace Workforce Advisory Group (CWAG).
i. Foster collaboration between service components and external agencies to
share best practices and resources related to cyberspace workforce development.
4. Deputy Chief of Staff, G-1 will:
a. Assign a PD for personnel occupying cyberspace positions using the criteria
found in DoDM 5200.02 and DoDI 1400.25, Vol. 731, and document the PD in the
Defense Civilian Personnel Data System.
b. Develop and implement strategies for workforce planning that align with the
competencies and roles defined in DoDM 8140.03 and DoDI 8140.02. This includes
identifying personnel needs and ensuring that the Army has sufficient qualified
cyberspace workforce personnel.
c. Oversee the assignment and distribution of personnel to ensure that qualified
individuals are placed in cyberspace roles that match their skills and competencies.
d. Collaborate with CYBERCOM, TRADOC, Cyber COE, and other entities to
ensure that training programs are developed and implemented to meet the
requirements of DoD 8140.03.
e. Facilitate professional development by encouraging continuous professional
development and lifelong learning among Army personnel in cyberspace workforce
roles.
3
f. Identify, monitor, and track qualifications of DoD civilian and military employees
assigned to a DCWF work role using an authoritative personnel system.
g. Provide advice on collective bargaining obligations related to cyberspace
workforce requirements.
h. Conduct workforce assessments to analyze the civilian cyberspace workforce to
identify skill gaps, training needs, and opportunities for career advancement. This
assessment will help inform recruitment and training efforts.
i. Monitor compliance to DoDM 8140.03 requirements and provide support to
civilian personnel and their supervisors in achieving the necessary qualifications.
j. Inform civilian cyberspace workforce personnel about available training,
qualification, and career development opportunities.
5. Deputy Chief of Staff, G-3/5/7 will:
a. Review Army policies and programs to ensure personnel involved in
cyberspace operations are properly trained and qualified according to the standards set
by DoDM 8140.03.
b. Collaborates with Army CIO and other relevant entities, to ensure a cohesive
approach to cybersecurity training and workforce management.
c. Identify, monitor, and track the DCWF work roles and proficiency levels for both
DOD civilian and military billets.
6. Deputy Chief of Staff, G-6 will:
a. Collaborate with the Assistant Chief of Staff G-1 and other entities to develop an
enterprise capability that can be used to obtain data for identifying, monitoring, and
tracking the DCWFQ of military and Army Civilian employees assigned to a DCWF work
role.
b. Provide HQDA principal officials and commanders or heads of ACOMs, ASCCs,
DRUs, installations, activities, and units operating under the DCWF, with guidance on
identifying, tracking, monitoring, and reporting procedures for personnel involved in
cyberspace work roles and authorized/privileged users as outlined in DoDM 8140, DoDI
8500 and AR 350.01. Ensure information being reported is from an authoritative
database or personnel system.
c. Allocate resources to implement and sustain the cyberspace workforce
4
qualification and management program as part of the Army planning, programming,
budget, and execution process.
d. Publish a roadmap by October 1, 2025, detailing how the DCS G-6 will
Transfer the responsibility of managing cyber training back to commanders and agency
heads in FY26. Work with your budget team for guidance on the POM process.
e. Provide the Army CIO with a quarterly DoDM 8140 foundational and residential
qualification cyber workforce readiness report on military and civilians to ensure
compliance with DoDM 8140.03.
f. Identify and provide Headquarters, Department of the Army, Army commands,
Army service component commands, direct reporting units, and senior leaders of
agencies and activities with a list of recommended training sites for continue
professional development of cyber workforce skills.
g. In compliance with DoDD 8140.01, conduct annual meetings with commands to
validate training requirements and funding in support of their cyberspace workforce, as
directed by fiscal year program objective memorandum planning guidance, utilizing
digital platforms for virtual education and training environments to reduce costs.
h. Ensure that an appropriate budget and planning guidance are established and
implemented at the HQDA level to support and maintain training for a qualified
cyberspace workforce.
i. Publish a frequently asked questions document on implementation guidance and
distribute it to HQDA principal officials, commanders, and heads of ACOMs, ASCCs,
DRUs, installations, activities, and units operating under DCFW.
j. Establish strategic communication with Army commands to outline the
implementation of DoDM 8140.03 across the Army.
k. Oversee compliance with DoDM 8140.03 and other related cybersecurity and
cyberspace regulations throughout the Army Unified Network.
l. Perform assessments and audits to verify that all units meet the established
standards for cyberspace personnel.
m. Advocate for funding and resources to enhance cyberspace workforce
capabilities and training programs.
5