The Baldrige Cybersecurity Excellence Builder, Version 1.1 is a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identify improvement opportunities in the context of their overall organizational performance. This self-assessment tool blends organizational assessment approaches from the Baldrige Performance Excellence Program with the concepts and principles of the Cybersecurity Framework developed by NIST’s Applied Cybersecurity Division.
The Baldrige Cybersecurity Excellence Builder is intended for use by leaders and managers—senior leaders, chief security officers, and chief information officers, among others—who are concerned with and responsible for mission-driven, cybersecurity-related policy and operations.
The Cybersecurity Framework assembles and organizes standards, guidelines, and practices that are working effectively in many organizations. It also includes informative references that are common across critical infrastructure sectors.
The BCEB builds on the Cybersecurity Framework to help you answer these key questions:
The questions in the BCEB lead you to manage all areas affected by cybersecurity in alignment with your organization’s characteristics and environment:
Understand how leaders’ actions guide and sustain cybersecurity risk management.
Set clear strategic priorities and objectives related to cybersecurity.
Understand customers’ requirements and expectations for cybersecurity.
MEASUREMENT, ANALYSIS, AND KNOWLEDGE MANAGEMENT
Measure and analyze cybersecurity outcomes that matter; build and manage your organization’s cybersecurity knowledge.
Hire and retain the cybersecurity workforce you need; engage and empower your overall workforce to achieve your objectives.
Design and manage effective and efficient cybersecurity operations.
Track important results. Use them to inform decisions and to improve your cybersecurity policies and operations.
In Phase 1 of the initiative, the Baldrige Program teamed up with NIST’s Applied Cybersecurity Division responsible for the NIST Cybersecurity Framework, to develop a self-assessment tool, using a phased approach and input from numerous industry sources.
Pending funding, Phase 2 would involve voluntary assessments by independent experts, sharing of best practices, and voluntary recognition for exceptional performance.