Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Baldrige Cybersecurity Initiative

Photo of Cyber thumb print with loading sign and Baldrige Framework in background.

#BaldrigeCyber

Director Message  | How It Works | Training | Blogs | FAQs | NIST Cybersecurity Framework

Baldrige Cybersecurity Excellence Builder (BCEB), Version 1.1

The Baldrige Cybersecurity Excellence Builder, Version 1.1 is a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance. This self-assessment tool blends organizational assessment approaches from the Baldrige Performance Excellence Program with the concepts and principles of the Cybersecurity Framework developed by NIST’s Applied Cybersecurity Division.

Baldrige Cybersecurity Excellence Builder Version 1.1 cover

Free Download PDF
Purchase Bulk Copies (10 per pack)

BCEB Categories 1-7 Questions and Notes Only (Excel)
BCEB Self-Analysis Worksheet (Excel)

We invite you to baldrige [at] nist.gov (submit lessons learned and comments).

BCEB BENEFITS 

  • Determine cybersecurity-related activities that are important to your business strategy and critical service delivery;
  • Prioritize your investments in managing cybersecurity risk
  • Determine how best to enable your workforce, customers, suppliers, partners, and collaborators to be risk conscious and security aware, and to fulfill their cybersecurity roles and responsibilities
  • Assess the effectiveness and efficiency of your use of cybersecurity standards, guidelines, and practices
  • Assess the cybersecurity results you achieve
  • Identify strengths to leverage and priorities for improvement

Who Should Use the BCEB?

The Baldrige Cybersecurity Excellence Builder is intended for use by leaders and managers—senior leaders, chief security officers, and chief information officers, among others—who are concerned with and responsible for mission-driven, ­cybersecurity-related policy and operations. 

How Baldrige Works with NIST Cybersecurity

The Cybersecurity Framework assembles and organizes standards, guidelines, and practices that are working effectively in many organizations. It also includes informative references that are common across critical infrastructure sectors. 

Chart showing relationship between the Framework for Improving Critical Infrastructure Cybersecurity and the Baldrige Excellence Framework for the Baldrige Cybersecurity Excellence Builder.

 

The BCEB builds on the Cybersecurity Framework to help you answer these key questions:

  • How effective and efficient are your organization’s cybersecurity approaches?
  • How good are the cybersecurity-related results you are achieving?

The questions in the BCEB lead you to manage all areas affected by cybersecurity in alignment with your organization’s characteristics and environment:

LEADERSHIP
Understand how leaders’ actions guide and sustain cybersecurity risk management.

STRATEGY
Set clear strategic priorities and objectives related to cybersecurity.

CUSTOMERS
Understand customers’ requirements and expectations for cybersecurity.

MEASUREMENT, ANALYSIS, AND KNOWLEDGE MANAGEMENT
Measure and analyze cybersecurity outcomes that matter; build and manage your organization’s cybersecurity knowledge.

WORKFORCE
Hire and retain the cybersecurity workforce you need; engage and empower your overall workforce to achieve your objectives.

OPERATIONS
Design and manage effective and efficient cybersecurity operations.

RESULTS
Track important results. Use them to inform decisions and to improve your cybersecurity policies and operations.

Are External Assessments Available?

In Phase 1 of the initiative, the Baldrige Program teamed up with NIST’s Applied Cybersecurity Division responsible for the NIST Cybersecurity Framework, to develop a self-assessment tool, using a phased approach and input from numerous industry sources. 

Pending funding, Phase 2 would involve voluntary assessments by independent experts, sharing of best practices, and voluntary recognition for exceptional performance. 

Related Links

Baldrige Cybersecurity Excellence Builder
BCEB Process and Results Questions Excel
BCEB Self-Analysis Worksheet Excel
NIST Cybersecurity Framework

Resources

Baldrige Cybersecurity Initiative
NIST Cybersecurity Framework Industry Impacts
How Baldrige Works
Baldrige Key Terms
Baldrige Products and Services

 

Contacts

  • Baldrige Customer Service
    (301) 975-2036
    NIST/BPEP
    100 Bureau Drive, M/S 1020
    Gaithersburg, MD 20899-1020
Created June 13, 2016, Updated November 15, 2019