The U.S. Federal Government has made the NIST-CSF mandatory for all Federal Agencies while the Financial Services and Healthcare sectors have made it mandatory. There is legislation in Congress right now looking to make is mandatory for all companies doing business in the USA or with the USA. The newly launched APMG Accredited NIST Cybersecurity Professional (NCSP) Certification helps professionals and organizations apply the NIST framework in their enterprise cybersecurity programs.

Read on this interview with Rick Lemieux, co-founder of NISTCSF.com and Chief Revenue Officer of itSM Solutions LLC to learn, as an IT training service provider, how you can leverage the opportunity and gain first mover advantage.

CT: Hello Rick, thanks for spending some time with me today. Let’s start with some background information on the history of NIST Cybersecurity Professional (NCSP) Certification.

RL: The NIST Cybersecurity Professional (NCSP) training curriculum was created in partnership with UMass Lowell (UML), a NSA/DHS National Center of Academic Excellence in Cyber Defense Research (CAE-R) and accredited by APMG International.

CT: What does the curriculum of NCSP cover?

RL: The NCSP covers the knowledge, skills and abilities to:

  • Develop a strategy to educate executives and board members about the NIST Cybersecurity Framework and why they should allocate funding to launch and maintain a program
  • Create a Cybersecurity program that will become policy for the organization
  • Engineer a solution that will span the enterprise and its supply chain
  • Build and Operate a Security Operations Center (SOC) to continuously monitor and respond to changes in the documented cybersecurity profile
  • Conduct continuous business risk assessments that compares the current profile against the target profile

The target audience for the NCSP curriculum are:

  • IT, Cybersecurity and Digital Transformation Design & Implementation Engineers
  • IT, Cybersecurity and Digital Transformation Technical Operations & Business Analysts
  • IT, Cybersecurity and Digital Transformation Specialists including Pen Testers, Ethical Hackers, Software & Application Developers, Auditors and Investigators

CT: What is the market size and the market opportunity for NCSP?

RL: The market size is directly related to the number of companies globally connected to the Internet and offering some form of digital services as part of their product portfolio.

In the US, each one of these organizations regardless of their size need to be practicing NIST Cybersecurity Framework (NIST-CSF) or be open to massive government fines and class action lawsuits.

The U.S. Federal Government has now made the NIST-CSF mandatory for all Federal Agencies while the Financial Services and Healthcare have made it mandatory for their sectors. There is legislation in Congress right now looking to make is mandatory for all companies doing business in the USA or with the USA.

Rick Lemieux, Co-Founder NIST CSF and Chief Revenue Officer, itSM Solutions LLC.

Furthermore, certain U.S. States are now offering companies Safe Harbor for companies adopting and operationalizing the NIST-CSF.

Internationally the NIST-CSF has been adopted by 26 countries including Australia and Japan where the commitment to the framework is very strong.

CT: Why does the market need this training and certification?

RL: NCSP is the first accredited certification training program that teaches the knowledge, skills and abilities to engineer, operationalize and continually improve a NIST Cybersecurity Framework program across an enterprise and its supply chain.

In countries that have adopted the NIST-CSF, if a company gets breached and does not have proof that its done its best to protect itself by using the framework then the company is open to a massive fine and lawsuit from the government and those who had their personal information stolen.


Rick Lemieux, Co-Founder NIST CSF and Chief Revenue Officer, itSM Solutions LLC.

CT: Rick how can a training service provider offer this training to their customers?

RL: The process is very straightforward as this training curriculum is now available on the Leapest Learning Marketplace. They are available as Instructor-Led training as well as self-paced video training.

Step 1- If you don’t have a business buyer account on Leapest, you can sign up for free.

Step 2 – Thereafter, you can initiate a reseller agreement with itSM Solutions using the eContract functionality on Leapest

Step 3 – Following that, we will submit your application for accreditation with APMG

The whole process will take about one business week. Thereafter, the training materials can be purchased on Leapest and the exams can be sourced from APMG.

If you do not have any identified instructor resources we can connect you with some.

APMG Accredited NIST Cybersecurity Professional Certifications

CT: So how about instructors who would like to deliver this training?

RL: Then the instructors would need to

  • Register with and be approved by APMG
  • Take the NCSP class and pass the Foundation and Practitioner exams
  • Although not required, it is highly recommended that the trainer has a certification in Cybersecurity like CompTIA Security Plus, ISACA CISA or CISM or an ISC2 CISSP
Student Workbook

APMG Accredited NIST Cybersecurity Professional (NCSP) Foundation

CT: Finally, what services do you offer to support training partners?

RL: We offer marketing services to help training partners set up their websites and marketing programs. This includes participation in webinars and other conference events. We also have Subject Matter Expert services to help resellers develop and close sales opportunities. We offer content & customer support services to deal with any content or customer issues. Exam service support via APMG.

Create buyer account