If you're pursuing a government or military IT job, there's a short list of certifications that can unlock six-figure careers — and three of them are CompTIA. Security+, Network+, and A+ aren't optional extras for DoD roles. They're legal requirements. The Department of Defense mandates them by name under federal policy for hundreds of thousands of military, civilian, and contractor positions.
This guide breaks down exactly how DoD 8140 works, which cert maps to which role, why Security+ is the one you absolutely cannot skip, and how to build the most efficient path from zero to fully compliant. Whether you're active duty trying to get your IT qualifications in order, a contractor eyeing a federal gig, or a career-changer targeting government work, here's what you need to know.
What Is DoD 8140?
DoD Directive 8140 (officially "Cyberspace Workforce Management") is the federal policy that governs who can work in Department of Defense IT and cybersecurity roles. It replaced the older DoD 8570 directive in 2022 and is now fully implemented across the military branches and defense agencies.
The core requirement is straightforward: anyone in a designated cyberspace workforce role must hold an approved certification for that role. This applies to military personnel, federal civilians, and contractors alike. You can't simply claim you have the skills — you need documented proof via a qualifying credential, and the DoD's approved list is specific about which credentials count.
Why does this matter at scale? The DoD's cyberspace workforce numbers in the hundreds of thousands. IT support specialists, network administrators, system administrators, security analysts, SOC operators, information system security officers — all of them fall under 8140's scope. That translates into a massive, sustained demand for CompTIA certifications that shows no signs of slowing down.
8570 vs 8140: DoD 8570 was the predecessor policy. You'll still see "DoD 8570" on job postings because many HR teams haven't updated their language. Operationally they mean the same thing — you need an approved cert, and CompTIA Security+ satisfies the most commonly required level (IAT Level II) under both frameworks.
The Three CompTIA Certs That Matter for DoD
CompTIA has three certifications on the DoD 8140 approved list, each mapping to a different tier of IT work. Understanding which cert covers which role is the first step in building your credential strategy.
| Cert | DoD 8140 Category | Typical Roles |
|---|---|---|
| A+ | Foundational | Help Desk, IT Support Specialist, Desktop Technician |
| Network+ | IT Infrastructure | Network Admin, System Admin, Infrastructure Technician |
| Security+ | Cybersecurity (IAT Level II) | Security Analyst, SOC Analyst, ISSO, System Admin (security-focused) |
A+ — The Foundational Credential
CompTIA A+ (currently the 220-1201/220-1202 Core 1 and Core 2 exam pair) covers hardware, operating systems, troubleshooting, networking fundamentals, and IT support workflows. In the DoD 8140 framework, A+ satisfies requirements for foundational-level roles — positions that focus on end-user support, help desk functions, and basic IT maintenance. If your target role is entry-level IT support within a government or defense context, A+ is your starting credential. It's also a strong foundation before pursuing Network+ or Security+.
Network+ — The Infrastructure Tier
CompTIA Network+ (N10-009) covers networking concepts, infrastructure, routing and switching, wireless, and network troubleshooting. DoD 8140 maps Network+ to IT infrastructure roles — the people responsible for maintaining and configuring the networks that everything else runs on. Network admins and system admins at DoD-affiliated organizations commonly need Network+ as part of their baseline qualification package.
Security+ — The Cybersecurity Baseline
CompTIA Security+ (SY0-701) is the most important certification on this list for most people targeting DoD work. It maps to IAT Level II — one of the most commonly required tiers across defense contractor roles, military IT positions, and civilian federal jobs. Security analysts, SOC analysts, ISSOs, and many system admin roles require IAT Level II compliance, which Security+ satisfies. More on this in the next section.
Why Security+ Is the Crown Jewel
Of the three CompTIA certs on the DoD 8140 list, Security+ carries the most weight — by a significant margin. Here's why it's the one you can't afford to skip.
IAT Level II is the most commonly required baseline. Information Assurance Technical (IAT) roles are everywhere in the DoD ecosystem. Level II is the middle tier, sitting above basic user support and below the advanced engineering roles. The overwhelming majority of contractor and civilian IT positions that require DoD 8140 compliance fall at IAT Level II — which means they require Security+. When a job posting says "DoD 8570/8140 compliant required," Security+ is almost always the cert they mean.
Without it, many roles are simply off-limits. This isn't a soft preference — it's a hard compliance requirement. An otherwise highly qualified candidate without Security+ cannot be placed in an IAT Level II role on a DoD contract. Contracting officers and security officers verify certification status. Companies that hire uncertified personnel into those roles risk losing their contracts. The cert is a gate, not a bonus.
It supports clearance eligibility. Security clearances and certification requirements operate somewhat independently, but they're related. Holding Security+ demonstrates a baseline of security knowledge that complements the clearance process. Many positions that require clearances also require Security+ as a separate, parallel requirement. Having both in order makes you a much cleaner hire.
The salary impact is real. Candidates with Security+ in DoD-adjacent roles consistently earn $10,000–$20,000 more annually than equivalent candidates without it. That's not a certification marketing claim — it's the logical result of a certification being legally required for roles with elevated compensation. Security+ holders can access positions that are simply unavailable to non-certified candidates, and those positions pay more.
Bottom line: If you're targeting any government or defense IT role beyond basic help desk, Security+ is non-negotiable. Start there if you have to prioritize.
The Recommended Study Order
There's no single right path through the trifecta — the best order depends on where you're starting from. Here are the three realistic approaches:
Best for beginners with no IT background. A+ builds hardware and OS fundamentals. Network+ adds networking depth. Security+ sits on top of both. Each exam builds naturally on the prior one.
Best if you already have hands-on IT experience — working help desk, desktop support, or similar. Skip A+ and focus on the two certs most relevant to infrastructure and security roles.
Best for career changers who want the fastest possible entry into DoD-compliant roles. Security+ alone satisfies IAT Level II. Study it in isolation if that's the one cert standing between you and a job offer.
If your goal is a specific role, work backward from the requirement. Look up three or four job postings for the position you want and identify exactly which DoD 8140 level they require. That tells you which cert to prioritize first. Don't let the "complete the whole trifecta" framing stop you from targeting the most valuable certification for your specific situation.
What Comes After the Trifecta
The CompTIA trifecta isn't a ceiling — it's a foundation. Once you have Security+ in hand and you're working in a DoD-adjacent role, there are clear paths upward depending on what direction you want to grow.
- CySA+ (Cybersecurity Analyst+) — The natural next step for Security+ holders moving into security operations. CySA+ maps to higher DoD 8140 levels and covers threat detection, SIEM analysis, vulnerability management, and incident response. It's the cert for analysts who want to specialize in defending systems rather than just understanding the concepts.
- CASP+ (CompTIA Advanced Security Practitioner) — For senior technical roles. CASP+ is CompTIA's highest-level security certification and satisfies DoD 8140 requirements for advanced technical positions. This is the path for security architects and senior security engineers.
- CISSP — The gold standard for security management roles. CISSP isn't a CompTIA cert, but it's worth knowing it's also on the DoD 8140 approved list for IAM (Information Assurance Management) roles. If your goal is security leadership rather than technical hands-on work, CISSP is the long-term target.
A word on clearances: certifications and clearances are separate tracks, but they reinforce each other. Security+ is often required as a condition of a clearance-bearing role — you need both the clearance and the cert. Starting the clearance process through an employer who sponsors it, while building your certification stack in parallel, is the fastest way into a fully qualified DoD IT career.
The PBQ Reality: Where Most People Actually Fail
Here's something the CompTIA marketing materials won't tell you clearly: all three trifecta exams — A+, Network+, and Security+ — include performance-based questions (PBQs). These are interactive, simulated lab scenarios that appear at the start of the exam. They test whether you can actually do IT tasks, not just describe them. And they're where most candidates who fail these exams actually get tripped up.
On Security+ SY0-701, you'll typically face 3–5 PBQs covering things like firewall rule configuration, VPN setup, log analysis, PKI certificate management, and cloud security architecture. On Network+ N10-009, expect 4–6 PBQs on subnetting, VLAN configuration, CLI troubleshooting, and network topology. On A+ Core 1 and Core 2, PBQs simulate hardware identification, OS troubleshooting, and configuration tasks.
The failure pattern is consistent across the CompTIA community: candidates spend months studying multiple-choice content and show up to the exam unprepared for the interactive format. They know the concepts — they just haven't practiced executing them under time pressure in an unfamiliar simulated environment.
The fix is hands-on practice. Not more reading, not more flashcards — actual scenario repetition until the task execution is automatic. That's what PBQ lab guides are designed for.
We've built hands-on PBQ lab workbooks for all three exams in the trifecta. Each guide walks through the most common PBQ scenario types step by step — no environment setup required, no expensive lab subscription.
→ Security+ SY0-701 PBQ Lab Guide — 12 hands-on scenarios covering firewall, VPN, log analysis, PKI & cloud
→ Network+ N10-009 PBQ Lab Guide — 12 labs for subnetting, routing, CLI troubleshooting & more
→ A+ Core 1 (220-1201) PBQ Lab Guide · A+ Core 2 (220-1202) PBQ Lab Guide
Each guide includes a free sample so you can see the format before you buy.
Which Cert Should You Start With?
The right answer depends on your goal:
- Targeting an IAT Level II role (most common DoD requirement)? Start with Security+ SY0-701. It's the cert that unlocks the most roles and has the biggest salary impact. Don't wait until you've done A+ and Network+ if the job you want requires Security+ now.
- Starting from zero with no IT background? Begin with A+ Core 1 and Core 2 to build foundational knowledge, then move to Network+ and Security+ in sequence. The traditional path exists because it works.
- Already working in IT and want to qualify for DoD contracts? Security+ is almost certainly the one cert standing between you and compliance. Get it first, then evaluate whether Network+ adds value for your specific role.
The CompTIA trifecta isn't just a study goal — it's a career qualification framework that opens doors in one of the most stable and well-compensated sectors in IT. The government always needs qualified IT professionals, clearance-bearing roles command premium salaries, and contractor demand for DoD 8140-compliant candidates isn't going anywhere.
Get the cert. Pass the exam. The PBQs are the part most candidates underestimate — but with the right preparation, they're the questions you can feel most confident about walking in. Grab a free sample from the Security+ PBQ Lab Guide to see exactly what hands-on practice looks like before exam day.