EC-Council’s C|CISO and C|HFI Programs approved as Baseline certifications for the US Department of Defense IA Workforce under DoD 8140

EC-Council announces the official approval of both the Certified Chief Information Security Officer (CCISO) and the Computer Hacking Forensic Investigator (CHFI) programs as new baseline skill certification options for the U.S. Department of Defense (DoD) cyber workforce in several categories. Specifically, the CCISO program is a recognized certification for the DoD IAM Level II, IAM Level III, and CSSP Manager, all specialized cyber management personnel classifications within the DoD’s information assurance workforce. CHFI is now recognized as a baseline certification for CSSP Incident Responder.

The CCISO and CHFI recognitions fall under the auspices of DoD Directive 8140 (formerly 8570) Information Assurance Workforce Improvement Program. Directive 8140 provides clear guidance to information assurance training, certification, and workforce management across all affected components of the DoD. The 8140 directive applies to OSD (Office of the Secretary of Defense), All Military Departments, Office of the Chairman of the Joint Chiefs of Staff (CJCS), Combatant Commands, Office of the Inspector General of the DoD (IG DoD), Defense Agencies, DoD Field Activities, and all organizational Entities within the DoD (Collectively “DoD Components”).

The directive divides the total cyber security workforce into four primary categories: Information Assurance Technician, Information Assurance Manager (IAM), Information Assurance Architect and Engineering (IAAE), and Cyber Security Service Providers (CSSP). CCISO has been added to the list of certifications for IAM and CSSP professionals, while CHFI has been added to the CSSP Incident Responder category.

Military service members, contractors, and foreign employees across all job descriptions in the IA workforce must show 100-percent compliance with this directive, and now CCISO and CHFI are options to achieve and maintain compliance. This shows the DoD’s focus on increasing training and preparation of the U.S. military workforce in cybersecurity. The CCISO program has been selected due to its focus on executive-level cybersecurity skills as well as its hands-on approach to training. The CHFI program was chosen due to its rigorous focus on incident response and forensics, electronic evidence collections, and digital forensic acquisitions.

“CCISO and CHFI are valuable additions to Department of Defense Directive 8140. CCISO and its five domains, governance, risk management, project management, core competencies, and strategic management, complement the learning objectives of the cybersecurity workforce of the US government. CHFI brings a forensically sound approach to systems auditing, investigation, and incident response. These are critical skills across the DoD IA workforce and we are proud to support the military workforce upskilling with our programs.” said Jay Bavisi, CEO, EC-Council Group and Chairman of the Board, EC-Council University.

Bavisi added: “We are proud to have completed the rigorous process of evaluation required by the various components of the Department of Defense required before an acceptance of this level is granted. The selected certifications had to achieve ANSI 17024 accreditation, unanimous support and sponsorship from each of the military services, as well as pass an external 3rd party review commissioned by the Information Assurance Workforce Improvement Program at DoD before being considered for this prestigious honor.”


  • CCISO and CHFI are now officially recognized as Baseline Certification programs in the DoD 8140.
  • CCISO is now recognized as a baseline certification option for Information Assurance Manager Level 2 (IAM II), Information Assurance Manager Level 3 (IAM III) and Cybersecurity Service Provider Manager (CSSPM)
  • CHFI is now recognized as a baseline certification for CSSP Incident Responder.
  • CCISO and CHFI certifications were officially approved in December of 2018 and added to the DISA Baseline Certifications chart in February of 2019.
  • DISA Cyber Security Baseline certifications and the official chart of approved programs can be found here:
  • More information about EC-Council and our Federal and Government programs can be found at

About EC-Council

EC-Council has been the world’s leading information security certification body since the launch of their flagship program, Certified Ethical Hacker (CEH), which created the ethical hacking industry in 2002. Since the launch of CEH, EC-Council has added industry-leading programs to their portfolio to cover all aspects of information security including EC-Council Certified Security Analyst (ECSA), Computer Hacking Forensics Investigator (CHFI), Certified Chief Information Security Officer (CCISO), among others. EC-Council Foundation, the non-profit branch of EC-Council, created Global CyberLympics, the world’s first global hacking competition. EC-Council Foundation also hosts a suite of conferences across the US and around the world including Hacker Halted, Global CISO Forum, TakeDownCon, and CISO Summit.

For more information about EC-Council, please see

Share this Article
You may also like
Recent Articles

Train with EC-Council