Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Baldrige Cybersecurity Excellence Builder FAQs

Director Message  | About BCEB | How It Works | Training | Blogs | NIST Cybersecurity Framework
 

What is the Baldrige Cybersecurity Excellence Builder?
Does the Baldrige Cybersecurity Excellence Builder prescribe cybersecurity best practices or standards?
What is the relationship between the Baldrige Cybersecurity Excellence Builder and the Framework for Improving Critical Infrastructure Cybersecurity?
Must my organization use the Cybersecurity Framework to benefit from the self-assessment in the Baldrige Cybersecurity Excellence Builder?
Why should my organization use the Baldrige Cybersecurity Excellence Builder?
Who in my organization should use the Baldrige Cybersecurity Excellence Builder?
How can my organization use the Baldrige Cybersecurity Excellence Builder?
How do the Baldrige Excellence Framework and its Criteria for Performance Excellence currently address cybersecurity?
Does NIST plan a Baldrige-based recognition award program for cybersecurity?
 

What is the Baldrige Cybersecurity Excellence Builder?
The Baldrige Cybersecurity Excellence Builder is a voluntary self-assessment tool that enables organizations to better understand and improve the effectiveness of their cybersecurity risk management efforts. It helps leaders of organizations to identify opportunities for improvement based on their cybersecurity risks, needs, and objectives, as well as their larger organizational environment, relationships, and outcomes.

Does the Baldrige Cybersecurity Excellence Builder prescribe cybersecurity best practices or standards?
No. Use of the Baldrige Cybersecurity Excellence Builder is completely voluntary. Like the Framework for Improving Critical Infrastructure Cybersecurity PDF(Cybersecurity Framework) and the Baldrige Excellence Framework, it is not a one-size-fits-all approach. It is adaptable and scalable to an organization’s needs, goals, capabilities, and environment. It does not prescribe how an organization should structure its cybersecurity policies and operations.

What is the relationship between the Baldrige Cybersecurity Excellence Builder and the Framework for Improving Critical Infrastructure Cybersecurity?
The Baldrige Cybersecurity Excellence Builder blends the systems perspective and business practices of the Baldrige Excellence Framework with the concepts of the Cybersecurity Framework. More specifically, the Cybersecurity Framework  aligns organizational objectives, strategy, and policy landscapes into a cohesive cybersecurity program that easily integrates with organizational enterprise risk governance. These Cybersecurity Framework objectives are significantly advanced by the addition of the time-tested and trusted systems perspective and business practices of the Baldrige Excellence Framework.  The builder responds to requests from many organizations to provide a way for them to measure how effectively they are managing cybersecurity risk.

Must my organization use the Cybersecurity Framework to benefit from the self-assessment in the Baldrige Cybersecurity Excellence Builder?
No. While the principles and concepts of the Cybersecurity Framework are used in the Cybersecurity Excellence Builder, organizations with defined cybersecurity practices will be able to assess their maturity level, regardless of the basis of those practices.

Why should my organization use the Baldrige Cybersecurity Excellence Builder?
Using this self-assessment, your organization can

  • determine cybersecurity-related activities that are important to your business strategy and critical service delivery;
  • prioritize your investments in managing cybersecurity risk;
  • determine how best to enable your workforce, customers, suppliers, partners, and collaborators to be risk conscious and security aware, and to fulfill their cybersecurity roles and responsibilities;
  • assess the effectiveness and efficiency of your use of cybersecurity standards, guidelines, and practices;
  • assess the cybersecurity results you achieve; and
  • identify priorities for improvement.

Who in my organization should use the Baldrige Cybersecurity Excellence Builder?
The Baldrige Cybersecurity Excellence Builder is intended for use by the people in your organization who are concerned with and responsible for mission-driven, cybersecurity-related policy and operations. These people include board and executive management, chief security officers, chief information officers, and risk management personnel, among others.

How can my organization use the Baldrige Cybersecurity Excellence Builder?
Start by completing the Organizational Context. This section asks you to define the organizational environment that informs your cybersecurity risk management program. Discussing the answers to the Organizational Context questions might be your organization’s first self-assessment.

For a comprehensive self-assessment, your organization might follow these steps:

  • Complete the Organizational Context.
  • Answer the process questions in categories 1-6.
  • Answer the results questions in category 7.
  • Apply the assessment rubric to your responses.
  • Prioritize your actions.
  • Develop an action plan and implement it.
  • Measure and evaluate your progress.

How do the Baldrige Excellence Framework and its Criteria for Performance Excellence currently address cybersecurity?
The Baldrige Criteria for Performance Excellence reflect the leading edge of validated leadership performance practice in all critical aspects of an organization. In the Criteria, cybersecurity is included within the requirements in item 6.2, Operational Effectiveness.

Does NIST plan a Baldrige-based recognition award program for cybersecurity?
Any future Baldrige-related cybersecurity activities will depend upon users’ experience with and feedback about the builder.

 

Related Links

Baldrige Cybersecurity Excellence Builder
BCEB Process and Results Questions Excel
BCEB Self-Analysis Worksheet Excel
NIST Cybersecurity Framework

Resources

Baldrige Cybersecurity Initiative
NIST Cybersecurity Framework Industry Impacts
How Baldrige Works
Baldrige Key Terms
Baldrige Products and Services

Contacts

  • Baldrige Customer Service
    (301) 975-2036
    NIST/BPEP
    100 Bureau Drive, M/S 1020
    Gaithersburg, MD 20899-1020
Created August 23, 2018, Updated November 15, 2019