The Baldrige Cybersecurity Excellence Builder, Version 1.1 is a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance. This self-assessment tool blends organizational assessment approaches from the Baldrige Performance Excellence Program with the concepts and principles of the Cybersecurity Framework developed by NIST’s Applied Cybersecurity Division.
- Determine cybersecurity-related activities that are important to your business strategy and critical service delivery;
- Prioritize your investments in managing cybersecurity risk
- Determine how best to enable your workforce, customers, suppliers, partners, and collaborators to be risk conscious and security aware, and to fulfill their cybersecurity roles and responsibilities
- Assess the effectiveness and efficiency of your use of cybersecurity standards, guidelines, and practices
- Assess the cybersecurity results you achieve
- Identify strengths to leverage and priorities for improvement
Who Should Use the BCEB?
The Baldrige Cybersecurity Excellence Builder is intended for use by leaders and managers—senior leaders, chief security officers, and chief information officers, among others—who are concerned with and responsible for mission-driven, cybersecurity-related policy and operations.
How Baldrige Works with NIST Cybersecurity
The Cybersecurity Framework assembles and organizes standards, guidelines, and practices that are working effectively in many organizations. It also includes informative references that are common across critical infrastructure sectors.
The BCEB builds on the Cybersecurity Framework to help you answer these key questions:
- How effective and efficient are your organization’s cybersecurity approaches?
- How good are the cybersecurity-related results you are achieving?
The questions in the BCEB lead you to manage all areas affected by cybersecurity in alignment with your organization’s characteristics and environment:
Understand how leaders’ actions guide and sustain cybersecurity risk management.
Set clear strategic priorities and objectives related to cybersecurity.
Understand customers’ requirements and expectations for cybersecurity.
MEASUREMENT, ANALYSIS, AND KNOWLEDGE MANAGEMENT
Measure and analyze cybersecurity outcomes that matter; build and manage your organization’s cybersecurity knowledge.
Hire and retain the cybersecurity workforce you need; engage and empower your overall workforce to achieve your objectives.
Design and manage effective and efficient cybersecurity operations.
Track important results. Use them to inform decisions and to improve your cybersecurity policies and operations.
Are External Assessments Available?
In Phase 1 of the initiative, the Baldrige Program teamed up with NIST’s Applied Cybersecurity Division responsible for the NIST Cybersecurity Framework, to develop a self-assessment tool, using a phased approach and input from numerous industry sources.
Pending funding, Phase 2 would involve voluntary assessments by independent experts, sharing of best practices, and voluntary recognition for exceptional performance.