Why Lawyers Should Be Certified in the NIST Cybersecurity Framework (NISTCSF) and DVMS
Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute
Introduction: Law at the Intersection of Digital Risk
In the 21st century, law practice is no longer confined to statutes, contracts, and courtroom advocacy. Every legal decision, from compliance advice to litigation strategy, unfolds in a digital environment where cybersecurity risk, regulatory oversight, and operational resilience are inseparable from business outcomes. Lawyers who advise corporations, government agencies, or nonprofit entities cannot afford to treat cybersecurity as a purely technical matter. Instead, they must view it as a governance and enterprise risk management issue, one that is central to fiduciary duties, client trust, and regulatory compliance. The DVMS (Digital Value Management System®) Foundation Certification course equips lawyers with a structured, globally recognized framework to understand, interpret, and advise on digital risk in alignment with the NIST Cybersecurity Framework (CSF) 2.0.
Cybersecurity as a Governance and Legal Responsibility
The NIST CSF 2.0 explicitly recognizes lawyers among its intended audience, alongside executives and risk managers. This is because the legal profession increasingly interprets regulatory mandates, contractual obligations, and fiduciary expectations regarding cybersecurity. Whether in securities law, privacy law, mergers and acquisitions, or litigation, lawyers are called upon to answer complex questions: What constitutes reasonable cybersecurity practices? How does governance oversight apply to supply chain risk? When does a cyber incident rise to the level of a reportable breach? The DVMS Foundation Certification ensures that lawyers are not merely responding reactively to these questions but are conversant in the risk management language and models that underpin modern regulatory frameworks.
From Compliance Checklists to Operational Resilience
Many organizations still treat cybersecurity as a compliance exercise, focused narrowly on meeting statutory minimums. Lawyers who advise such organizations risk being trapped in a “check-the-box” mentality. Yet regulators and courts increasingly evaluate whether organizations exercised due diligence and care beyond the minimum. The DVMS Foundation course emphasizes that compliance is only one outcome of an effective cybersecurity program; the goal is operational resilience—the ability to withstand, adapt to, and recover from disruptions. For lawyers, this shift in perspective is critical. It enables them to frame advice not just in regulatory checklists, but in sustaining business value, protecting clients’ interests, and anticipating systemic risks.
Strategy-Risk: A Concept Lawyers Must Grasp
A central theme of the DVMS is the concept of “strategy-risk,” which treats strategy and risk not as separate considerations but as two sides of the same coin. For legal professionals, this is especially relevant. Corporate lawyers draft strategies through corporate governance charters, compliance programs, and board resolutions. Risk lawyers evaluate exposures, liabilities, and dispute scenarios. The DVMS Foundation Certification teaches lawyers to integrate these functions, recognizing that every strategic choice carries embedded digital risks, whether an acquisition, market entry, or new technology adoption. By understanding strategy-risk, lawyers can better anticipate where legal exposure might arise, how contracts should be structured, and when to advise boards on enhanced fiduciary oversight.
Building Fluency in the NIST Cybersecurity Framework 2.0
The NIST CSF has become the global “common language” of cybersecurity risk governance. Courts, regulators, and industry associations cite its functions—Govern, Identify, Protect, Detect, Respond, and Recover—as the benchmark for reasonable security. Lawyers who lack fluency in this framework risk being sidelined in critical discussions with boards, regulators, or opposing counsel. The DVMS Foundation Certification ensures that lawyers understand how the CSF is structured, how profiles and tiers communicate maturity, and how it aligns with other standards and regulations. With this knowledge, lawyers can credibly argue whether a client met its duty of care, evaluate whether a supplier contract adequately addresses supply chain risk, or defend an organization’s risk management posture in regulatory inquiries.
Strengthening the Lawyer’s Role in Cyber Crisis Management
Cyber incidents are no longer hypothetical; they are routine. When a breach occurs, lawyers are immediately called upon to manage disclosure obligations, coordinate with regulators, assess contractual liabilities, and advise boards on fiduciary exposure. However, practical legal advice during a crisis depends on understanding the operational realities of cyber resilience. The DVMS course introduces lawyers to the CPD Model (Create, Protect, Deliver) and the FastTrack adoption approach. These models demonstrate how organizations can build resilience in phases, moving from basic hygiene to adaptive innovation. This translates into practical insight for lawyers: they can set realistic expectations for boards, negotiate more informed settlement terms, and advise on phased compliance roadmaps that withstand regulatory scrutiny.
Elevating Legal Advice Beyond the Technical Lens
One legal challenge is that cybersecurity is often framed too narrowly as a technical matter, relegated to IT departments. The DVMS approach reframes cybersecurity as an enterprise issue embedded in culture, governance, and business strategy. Lawyers who take the Foundation course learn how organizational culture, leadership accountability, and systems thinking shape cyber risk outcomes. This knowledge enables them to craft legal arguments and advice that resonate with business leaders and regulators, moving beyond technical jargon to highlight fiduciary duties, governance obligations, and stakeholder trust.
Supporting Clients Across Regulatory Jurisdictions
Laws such as the EU’s NIS2 Directive, the U.S. SEC’s cyber disclosure rules, and the Digital Operational Resilience Act (DORA) impose new governance and reporting expectations on organizations. Increasingly, regulators expect cybersecurity to be treated as part of enterprise risk management. The DVMS Foundation Certification, by teaching lawyers how to apply the NIST CSF in a governance and enterprise risk context, equips them to harmonize advice across multiple jurisdictions. Lawyers can help multinational clients adopt a standard governance model that satisfies regulators in diverse regions, reducing legal exposure and compliance costs.
Enhancing Career Value for Legal Professionals
For lawyers, professional credibility is tied to subject-matter expertise. Just as lawyers specializing in securities law often earn certifications in financial compliance, lawyers advising on digital business, privacy, or corporate governance gain a career advantage by holding a DVMS Foundation Certification. It signals to clients, boards, and regulators that the lawyer understands digital resilience’s legal and operational dimensions. As cyber risk litigation, regulatory investigations, and contractual disputes expand, lawyers with DVMS credentials will be positioned as trusted advisors in high-stakes matters.
A Practical Investment in Legal Risk Management
The cost of not understanding digital risk is far greater than the cost of professional training. A single cyber incident can cost millions, and legal liability can extend to boards, officers, and even outside counsel who fail to provide adequate advice. The DVMS Foundation course is thus not just an educational credential but an investment in risk reduction. Equipping lawyers with the knowledge to anticipate, interpret, and mitigate digital risk reduces malpractice exposure, enhances the quality of legal advice, and strengthens the lawyer’s value proposition to clients.
Conclusion: A New Mandate for the Legal Profession
The legal profession is evolving alongside the digital economy. Lawyers are no longer passive interpreters of statutes but active participants in shaping organizational resilience, trust, and compliance. The DVMS Foundation Certification provides lawyers with the language, models, and frameworks to meet this mandate. It bridges the gap between law and technology, transforming lawyers into strategic advisors who can guide organizations through the digital age’s volatility, uncertainty, complexity, and ambiguity. In short, lawyers who earn the DVMS Foundation Certification are not just adding a credential—they are positioning themselves at the heart of the digital trust and resilience movement.
About the Author
Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute
Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.
Traditional best-practice approaches to IT Service Management (ITSM), Governance, Risk and Compliance (GRC), and Cybersecurity are insufficient to manage today’s complex digital ecosystems’ resilience, compliance, and trust requirements.
The DVMS Institute Certified Training programs and publications provide detailed guidance on transforming best-practice programs into an integrated Digital Value Management System® (DVMS) that drives adaptive governance, operational resilience, and performance assurance across complex, digital supply chains.
The DVMS seamlessly aligns organizational digital Strategy, Governance, Operations, and Culture into an integrated, adaptive, and culture-driven overlay system capable of governing and assuring the delivery of resilient, compliant, and trusted digital business outcomes.
By adopting a DVMS, organizations are positioned to:
- Maintain Operational Stability Amidst Constant Digital Disruption
- Deliver Digital Value and Trust Across A Digital Ecosystem
- Satisfy Critical Regulatory and Certification Requirements
- Leverage Cyber Resilience as a Competitive Advantage
DVMS Explainer Videos
- Architecture Video: David Moskowitz explains the DVMS System
- Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
- Overlay Model – What is an Overlay Model
- MVC ZX Model – Powers the CPD
- CPD Model – Powers DVMS Operations
- 3D Knowledge Model – Powers the DVMS Culture
- FastTrack Model – Enables A Phased DVMS Adoption
Digital Value Management System® is a registered trademark of the DVMS Institute LLC.
® DVMS Institute 2025 All Rights Reserved
