DMS DMS
Aligned to NIST SP 800-50 Rev. 1

Security training your team will finish, and your auditor will accept.

Most breaches start with a person, not a firewall. DMS turns the human layer of security into a program you can prove: short, well made modules for the role each person actually has, a verifiable certificate for every employee, and a twelve month record your auditor and your cyber-insurance carrier can read.

Train your team Watch a sample
Every roleA track built for how each person gets attacked
Per employeeVerifiable certificate on completion
12 monthsAudit and renewal ready records
QuarterlyCadence and completion built in
See the training

Real training, built for the role each person has.

Everyone starts with the all-staff essentials. People with extra exposure get a track built for the way they get attacked. Press play on any sample. Sound is optional, the captions carry it, and any sample opens full screen.

Everyone

Passwords, the rules NIST actually uses now

Length beats symbol tricks. A passphrase outlives a clever short password by centuries. This is the current SP 800-63B guidance, not the 2003 advice most people still half remember.

Finance

The vendor changed their bank details. Did they?

Business email compromise points straight at the people who can move money. The quiet email, the new account number, and the one call back that stops a fraudulent wire before it leaves.

Executives

A familiar voice, an urgent ask, on the road

Leaders get targeted by name, and now by voice. What a vishing call sounds like while you are traveling, and why the answer is always to slow down and verify on a channel you trust.

Human Resources

The one inbox that has to open files from strangers

Recruiting is a channel attackers love, because opening a resume from someone you do not know is the job. How to keep doing the job without opening the door.

Developers

December 2021, the internet holds its breath

Log4Shell, one line in a logging library, told as the habit that would have caught it. The secure development track, built for the people who ship code.

IT and privileged access

The master key in a script

The Uber breach as a habit. One tired tap on a login prompt, one password left in plain text, and an attacker holding every key in the building. For anyone with elevated access.

Each sample is one scene from a real module. The platform tracks completion and issues a certificate for everyone who finishes.

Why it works

You cannot patch a person. You can train one.

The Verizon 2025 Data Breach Investigations Report found the human element in roughly six of every ten breaches, with stolen and misused credentials a leading way in. That is the gap firewalls do not close. NIST treats awareness and role-based training as a managed program in SP 800-50 Revision 1, and maps it to the Awareness and Training controls, AT-1, AT-2, and AT-3, in SP 800-53. DMS is that program, ready to run.

~60%of breaches involve the human element, Verizon 2025 DBIR
AT-1 / 2 / 3the NIST 800-53 controls this program satisfies

What "current" looks like, using passwords as the example

Length over complexity. A 15 character minimum for a password used on its own, support for up to 64.
No scheduled resets. Change a password when there is a sign it was exposed, not every ninety days.
Block what is already breached. Known-compromised passwords get rejected the moment a user picks one.
No more security questions. No hints, no mother's maiden name.

Source: NIST SP 800-63B, Digital Identity Guidelines, Section 3.1.1.2. Our all-staff module teaches it.

Compliance

One program. The training line on most of your audits.

Security awareness training is not a nice to have in these frameworks. It is named, by citation, in each one. DMS gives you the training and the dated, per-employee records that show it happened.

HIPAA Security Rule
45 CFR 164.308(a)(5)(i)

A security awareness and training program for the workforce.

PCI DSS v4.0
Requirement 12.6

A formal security awareness program for all personnel.

FTC Safeguards Rule, GLBA
16 CFR 314.4(e)(1)

Security awareness training for staff, a binding requirement.

NY DFS Cybersecurity Reg
23 NYCRR 500.14(a)(3)

Regular cybersecurity awareness training for personnel.

ISO/IEC 27001:2022
Annex A 6.3

Information security awareness, education, and training.

NIST SP 800-53 Rev. 5
AT-1 · AT-2 · AT-3

The Awareness and Training control family, literacy and role-based.

Sample DMS certificate of completion for Marcus Hale at Northwind Logistics, Q2 2026 training cycle, showing credential ID, role track, issue date, and a verification QR code.
Proof, per person

Answer the renewal with a record, not a guess.

Cyber-insurance applications now ask whether you run security awareness training. The honest answer needs evidence. Every employee who finishes a cycle earns a certificate like this one, and your admin can export a twelve month proof packet to hand your broker at renewal.

A unique credential ID and a scannable verification link on every certificate.
Per-employee completion dates, quiz scores, and the role track they trained on.
Quarterly cadence and a completion threshold built in, because annual and one and done is what gets flagged.

Sample certificate. Name and company are illustrative.

How it works

Three steps from sign up to renewal ready.

1

Onboard your org

Sign up as the admin and invite your team by email. Employees sign in with a magic link, so there are no passwords for them to forget or reuse.

2

Everyone trains for their role

The all-staff essentials for the whole company, plus a developer track and a privileged access track for the people who need them. Pay per seat, or distribute access codes for invoiced billing.

3

Hand over the proof

Download the twelve month proof packet at renewal. Per-employee dates, scores, and certificates, structured the way carriers and auditors read them.

Train your people. Keep the receipts.

Stand up your organization, invite your team, and produce your first proof packet in days, not months.

Start your organization