Cyberspace IT/Cybersecurity Workforce (Cyber IT/CSWF)
Cyberspace Information Technology Workforce (Cyber IT): Personnel who design, build, configure, operate, and maintain information technology, networks, and capabilities. This includes actions to prioritize portfolio investments, architect, engineer, acquire, implement, evaluate, and dispose of information technology and services; as well as information resources management, and the management, storage, transmission, and display of data and information.
Cyberspace IT/Cybersecurity Workforce (Cyber IT/CSWF): Personnel who secure, defend, and preserve data, networks, net-centric capabilities, and other designated systems by ensuring appropriate security controls and measures are in place, and taking internal defense actions. This includes access to system controls, monitoring, administration, and integration of cybersecurity into all aspects of engineering and acquisition of cyberspace capabilities.
Core Cyber IT/CSWF User: An Authorized User (military, civilian, or contractor) who requires knowledge, skills, and abilities in both technical and managerial aspects of Cyber IT/CSWF. The Core User group is focused on delivering cyber capabilities to the DON and includes those who design, develop, operate, maintain, and defend data, networks, network centric capabilities, computing capabilities, and communications. It also includes personnel who manage risk and protect DON networks and information systems (IS).
SECNAV M-5239.2, signed June 2016, mandates identification, tracking, and reporting of personnel within the Cyber IT/CSWF and use of qualifications (i.e. commercial certifications; or Navy Enlisted Classification code (NEC); or academic degree) to validate Cyber IT/CSWF baseline and continuous knowledge and skills. It also updates and clarifies the position and personnel coding process, sets qualifications criteria, and establishes program management procedures.
Cyber IT/CSWF functions must be identified and managed, and personnel performing cybersecurity functions will be appropriately screened, trained, and qualified. Qualified Cyber IT/CSWF personnel must be identified and integrated into all phases of the system development life cycle. The guidance and standards detailed in the qualification requirements and Cyber IT/CSWF matrices apply to positions and personnel designated as Cyber IT/CSWF. The Cyber IT/CSWF includes any uniformed military, civilian, or contractor personnel who have privileged access or major Cyber IT/CSWF management responsibilities.
The Navy's Credentials Program Office/Navy Credentialing Opportunities On-Line (COOL) may fund for eligible Navy (not USMC) military and DON civilian (not contractor) Cyber IT/CSWF personnel's initial certification exam and annual maintenance fees.
- Navy COOL can fund for initial certification exam (up to 3 Navy-funded attempts) to meet Cyber IT/CSWF SA certification requirement) and annual maintenance fees, but only for the year it is due (not in advance; not in arrears).
- Navy COOL cannot fund for training, study/prep materials, memberships, CL, or other non-exam fees.
- Requests for exam/fee funding will be handled on a first come, first served basis. Eligible Cyber IT/CSWF personnel should take advantage of funding as soon as practicable as the program is subject to funding constraints as the year progresses. DON Civilian and Personnel*
Cyber IT/CSWF personnel obtaining commercial certification(s) (military, civilian, and contractor), for the purpose of Cyber IT/CSWF qualification, shall have their certification recorded in TWMS. Identification of certification specifics within TWMS will be one of the criteria required before DON payment of expenses including certification provider continuing education and/or certification maintenance fees.
Certified Cyber IT/CSWF (military, civilian, and contractor) should routinely check with their local command Cyber IT/CSWF-PM to verify their entry within the DON/Navy/Marine Corps authoritative manpower, personnel, and readiness databases accurately depicts their qualification status.
The local command Cyber IT/CSWF-PM may have the requirement to ensure his/her Cyber IT/CSWF personnel are qualified. However, ultimately, it is the individual Cyber IT/CSWF member's responsibility to understand the requirements to comply with Cyber IT/CSWF qualification requirements and earn/maintain their own certification. The individual Cyber IT/CSWF member must be proactive and keep appraised of changes/updates that the certification agency makes to their certification requirements. Cyber IT/CSWF personnel should not rely on the certification agency to inform them of changes.
All Cyber IT/CSWF individuals (military, civilian, or contractor) have a separate requirement (outside the certification agency Continuous Learning (CL) requirements) to do CL because of their assignment to the DON's Cyber IT/CSWF. All Cyber IT/CSWF personnel must accomplish CL. Cyber IT/CSWF individuals shall participate annually in 40 hours of CL activities. These CLP activities might be applicable to the certification agency's certification maintenance requirements. It will be the responsibility of the certification holder to verify the Navy's CLP activities they wish to apply towards their associated certification held to meet the certification agency's CL requirements.