The Baldrige Cybersecurity Excellence Builder, Version 1.0 is a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance. This self-assessment tool blends organizational assessment approaches from the Baldrige Performance Excellence Program (BPEP) with the concepts and principles of the Cybersecurity Framework developed by NIST’s Applied Cybersecurity Division (ACD).
- Determine cybersecurity-related activities that are important to your business strategy and critical service delivery;
- Prioritize your investments in managing cybersecurity risk
- Determine how best to enable your workforce, customers, suppliers, partners, and collaborators to be risk conscious and security aware, and to fulfill their cybersecurity roles and responsibilities
- Assess the effectiveness and efficiency of your use of cybersecurity standards, guidelines, and practices
- Assess the cybersecurity results you achieve
- Identify strengths to leverage and priorities for improvement
How Baldrige Works with NIST Cybersecurity
The Baldrige Cybersecurity Excellence Builder blends the organizational performance and systems perspectives of the Baldrige Excellence Framework with the holistic, enterprise-based approach of the Cybersecurity Framework.
In the Baldrige approach as applied to cybersecurity, an organization manages all areas affected by cybersecurity as a unified whole. The system consists of your cybersecurity-related approaches in the areas of leadership, strategy, customers, workforce, and operations, as well as the results you achieve. The system foundation is measurement, analysis, and knowledge management.
The background for all of these components is the Organizational Context section, in which you define your organization’s distinctive characteristics and situation.
The Baldrige Cybersecurity Excellence Builder incorporates the content outlined in the Cybersecurity Framework into those system elements. The BCEB User Tools section crosswalk shows how the items in the Baldrige Cybersecurity Excellence Builder relate to the elements of the Cybersecurity Framework.
The Baldrige Program teamed up with NIST's Applied Cybersecurity Division responsible for the NIST Cybersecurity Framework, to develop a self-assessment tool integrating Baldrige concepts and the Cybersecurity Framework. Using a phased approach and input from numerous industry sources, work began with the development of assessment criteria aligned closely with the Cybersecurity Framework. The criteria enable organizations to better understand the effectiveness of their cybersecurity efforts and identify opportunities for improvement based on the organization's cybersecurity goals and objectives. Phase I was successful.
In Phase II, the Baldrige cybersecurity efforts could proceed to voluntary assessments by independent experts, sharing of best practices, and voluntary recognition for exceptional performance. The details of this phase are yet to be determined and funding will be one important consideration. The Baldrige Performance Excellence Program is funded through user fees and by the Foundation for the Malcolm Baldrige National Quality Award.
Who Should Use the BCEB?
The Baldrige Cybersecurity Excellence Builder is intended for use by the leaders and managers in your organization who are concerned with and responsible for mission-driven, cybersecurity-related policy and operations. These leaders and managers may include senior leaders, chief security officers, and chief information officers, among others.