Logically Speaking November 2021: CMMC Hits a Wall; Cybersecurity Remains Top Priority
November 17, 2021
Growth Opportunities

CMMC 1.0 Stalls - DIB Cybersecurity to Align with NIST 800

by Jim Gabalski, VP, Sales and Marketing


The CMMC 1.0 rollout hit a wall last week when the Department of Defense (DoD) released CMMC 2.0. In short, the CMMC 2.0 model introduces significant changes that include (1) a reduction in the number of levels --- there are now 3 levels instead of 5, (2) elimination of the maturity processes --- do, document, manage, measure, optimize, and (3) limitation of third-party assessments by C3PAOs --- Level 1 organizations and some Level 2 organizations can now self-attest. But what has not changed is that the DoD is steadfast in the requirement that all members of the Defense Industrial Base (DIB) enhance their cybersecurity practices to earn or maintain contract status. And that is why a significant training opportunity remains!

The DoD decided that the CMMC requirement will align with the well-known NIST 800–171/172 standard.  This will make compliance straightforward while streamlining assessment by using existing processes and resources. The 17 domains and 171 practices associated with CMMC 1.0, many of which were developed exclusively for CMMC, are now replaced with the 14 domains and 110 practices of the well-understood NIST 800 standard. The domains associated with NIST still include the “biggies” from CMMC that provide you with opportunities to train, including Incident Response (7 Controls),  Awareness and Training (3 Controls), Access (24 Controls), Maintenance (7 Controls), and Media Protection (8 Controls). MOST IMPORTANTA senior member of the DIB organization must sign off, or self-attest, on compliance with all controls OR be assessed by a third-party or DIBCAC Assessor and pass that assessment.  In other words, they MUST demonstrate compliance to maintain a DoD vendor contract.

What you can expect in the coming weeks is a thorough briefing from Logical Operations on how best to seize this opportunity. Yes, the model has changed and the swiftness of that change and the degree of change has shocked the CMMC-training ecosystem, as only recently did the CCP exam go into beta and training materials achieve CATM approval. Disappointing? For sure. But the opportunity to train IT professionals in the DIB to strengthen their cybersecurity practices and, in turn, increase national security is too important to let the disappointment distract us from that purpose.

Be on the lookout for emails and invitations to webinars that will help you better understand the CMMC 2.0 model and how you can take advantage of the training opportunities it affords.

Keys to Selling

CyberSAFE: The One Class EVERYONE Needs

​​​​​by Jon O'Keefe, Technology Education Jedi


Person working on laptop keeping assets secureEvery single one of your customers uses computers and the Internet. That is a phrase so rarely uttered in the training world that it bears repeating: Every single one of your customers uses computers and the Internet

While some of your customers may come to you for Excel®, project management, or leadership skills, the one thing they have in common is that they use a device every day that connects to the Internet, and that creates risk.   

Here are some facts about the current state of cybercrime: 

    1. According to TechRadar, 90% of cybersecurity incidents are caused by end users

    2. According to Hiscox, 50% of small businesses will suffer a cybersecurity incident in the next 12 months

The average cost of a data breach has risen by 10% year over year, and is now $4.24 million

  1. According to the National Conference of State Legislatures (NCSL), almost every state in the United States has enacted or is considering enacting legislation on end-user cybersecurity awareness training

This should paint a picture for you. Your customers are all vulnerable to cybercrime because cybercriminals are targeting the everyday employee with phishing attacks and social engineering. Every business is susceptible to this, and with the increasing number of remote workers, we are seeing more attacks than ever. 

Therefore, most states are mandating some form of end-user cyber awareness training, and you have the opportunity to offer the best with CyberSAFE. This class stands above other similar offerings in its ease of delivery and knowledge validation that comes in the form of a CyberSAFE certificate after the student completes a simple online exam. This can aid compliance personnel in meeting state and federal regulations, and help you win that all-important bid. 

Curriculum Corner

Bridging the Gap between CFR-310 and CFR-410 

by Jason Nufryk, Instructional Designer


A new version of CyberSec First Responder® is arriving soon, and Logical Operations, in partnership with CertNexus, is excited once again to have developed instructor-led training for this high-stakes, cybersecurity certification. The new CFR-410 courseware is very similar to its 310 predecessor. However, there are some important ways in which the two diverge, and I’d like to use this opportunity to give you a brief, high-level overview of those changes. 

First, like any courseware based on a certification, development on CFR-410 was initiated by a new version of the exam. The blueprint for the CFR-410 exam is structurally much different than previous iterations. The domains are now based on active job tasks rather than general concepts. The scope of the exam has also widened to include more than just incident response, reflecting the need for first responders to integrate with every part of an organization’s cybersecurity operations. 

Female IT professional working on computerStill, you’ll find that much of the actual detail of the exam objectives is familiar. That’s why the CFR-410 course hasn’t deviated too much from the 310 version. One thing that has prompted a change is the “Protect” domain in the new blueprint. This domain focuses on proactive security architecting. As a result, the 410 course includes a new topic on cybersecurity auditing, as well as some additional content that touches on areas like identity and access management (IAM), patch management, and so on. 

Another major change you should be aware of is that the lessons on vulnerability management (Lesson 6 in CFR-310) and penetration testing (Lesson 7 in CFR-310) have been consolidated into a single lesson on assessing the organization’s security posture (Lesson 6 in CFR-410), with the new auditing topic as the lead. This is the most prominent example of an overall effort to trim some of the course content to keep it within a reasonable five days of training, while still affording time to the new material. 

There are other changes, like the inclusion of a new widescreen PowerPoint template, and a new visual overhaul of the course images. There are also changes to some activities to make them more robust and valuable to the student, as well as using new versions of Windows® and Kali Linux™. The rest are too numerous to list here, so be on the lookout for an upcoming video in which I’ll be walking through the CFR-310 to CFR-410 bridge document in much more detail. 



Designing CyberSAFE for Everyone

by Megan Smith Branch, Chief Operating and Product Officer, CertNexus


CyberSAFE (Securing Assets for End-users) logoWhen we develop our curriculum at CertNexus, we always begin with the blueprint as a guide. Typically, this is done for high-stakes certifications, but at CertNexus, we follow the same process for our micro credentials as we do for our high-stakes, proctored exams. To develop our blueprint, we perform a job task analysis by engaging subject matter experts. Our upcoming CyberSAFE program is no exception. With the demands of directives such as CMMC, it is even more important that we apply a rigorous process to all our credential programs to provide organizations the assurance that their employees understand and are active participants in securing their organization’s data.

Diverse group of employees working togetherAs we begin revising the CyberSAFE program for release in early 2022, we want to highlight the diverse team that we have involved for this revision. Globally, we have representation from the Middle East, Singapore, United States, UK, EU, and South America. Our experts include instructors, CISOs, Security Architects, Security Consultants, and owners of businesses that have implemented end-user, cyber compliance programs. Our group is 40% female and racially diverse.

Why is this as important as the rigorous job task analysis? When a training program is designed, it is inherently representative of its creators. By engaging various points of view, we design products that are not limited by region or experience. This is even more important when we are designing a product which is intended for all end users. For more details on contributors of all our credentials, check out the contributors’ sections on the certification’s pages at certnexus.com. CyberSAFE (CBS-410) will be available in early 2022.



Latest Product Highlights



Content Revisions


Logical Operations revises student and instructor materials based on technical changes, customer feedback, and our own assessment of necessary changes. The revision notes for the most recent updates are below as well as posted on the new Content Revisions page. Use this page as a resource to quickly access and view all revision details for any of our recent course updates. 

095212 - Microsoft® Power BI®: Data Analysis Professional (Second Edition)

For revision 1.2, released November 2021, updates were made to address certification changes, customer feedback, and interface changes, including to Microsoft Edge.

095211 - Microsoft® Power BI®: Data Analysis Practitioner (Second Edition) 

For revision 1.2, released November 2021, updates were made to address customer feedback as well as interface changes, including to Microsoft Edge.

Reminder: When viewing a product on the store, check the Revision Information tab to see the summary description of the most recent revision for that product at any time.


Screenshot of revision field on Logical Operations store

Instructor Spotlight
Curriculum Corner
Teaching Prep

Inside LO