The Baldrige Cybersecurity Excellence Builder, Version 1.1 is a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance. This self-assessment tool blends organizational assessment approaches from the Baldrige Performance Excellence Program with the concepts and principles of the Cybersecurity Framework developed by NIST’s Applied Cybersecurity Division.
- Determine cybersecurity-related activities that are important to your business strategy and critical service delivery;
- Prioritize your investments in managing cybersecurity risk
- Determine how best to enable your workforce, customers, suppliers, partners, and collaborators to be risk conscious and security aware, and to fulfill their cybersecurity roles and responsibilities
- Assess the effectiveness and efficiency of your use of cybersecurity standards, guidelines, and practices
- Assess the cybersecurity results you achieve
- Identify strengths to leverage and priorities for improvement
How Baldrige Works with NIST Cybersecurity
The Baldrige Cybersecurity Excellence Builder blends the organizational performance and systems perspectives of the Baldrige Excellence Framework with the holistic, enterprise-based approach of the Cybersecurity Framework.
In the Baldrige approach as applied to cybersecurity, an organization manages all areas affected by cybersecurity as a unified whole. The system consists of your cybersecurity-related approaches in the areas of leadership, strategy, customers, workforce, and operations, as well as the results you achieve. The system foundation is measurement, analysis, and knowledge management.
The background for all of these components is the Organizational Context, in which you define your organization’s distinctive characteristics and situation.
The Baldrige Cybersecurity Excellence Builder incorporates the content outlined in the Cybersecurity Framework into those system elements.
The Baldrige Program teamed up with NIST's Applied Cybersecurity Division responsible for the NIST Cybersecurity Framework, to develop a self-assessment tool integrating Baldrige concepts and the Cybersecurity Framework. Using a phased approach and input from numerous industry sources, a team developed assessment criteria aligned closely with the Cybersecurity Framework. The criteria enable organizations to better understand the effectiveness of their cybersecurity efforts and identify opportunities for improvement based on the organization's cybersecurity goals and objectives.
Pending funding, Phase II would involve voluntary assessments by independent experts, sharing of best practices, and voluntary recognition for exceptional performance.
Who Should Use the BCEB?
The Baldrige Cybersecurity Excellence Builder is intended for use by leaders and managers—senior leaders, chief security officers, and chief information officers, among others—who are concerned with and responsible for mission-driven, cybersecurity-related policy and operations.