Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Blogrige

The Official Baldrige Blog

Baldrige Cyber—A New Era in the Baldrige Program Begins!

Baldrige Cybersecurity text showing loading icon.
Credit: ©Titima Ongkantong/Shutterstock, ©alexmillos/Shutterstock

“Our goal is to empower [organizations] of every size and every sector with the right tools to secure themselves in a [cyber] threat landscape that is ever-evolving. Static, checklist-style compliance just won’t do. In business and in government, we all must move towards dynamic, accountable approaches to cyber risk management.”

With those words, Deputy Secretary of Commerce Bruce Andrews announced the release of the Baldrige Cybersecurity Excellence Builder, a new self-assessment tool that integrates organizational assessment approaches from the Baldrige Performance Excellence Program with the concepts and principles of the Cybersecurity Framework developed by NIST’s Applied Cybersecurity Division. The purpose of the tool is to help organizations better understand the effectiveness of their cybersecurity risk management efforts and to identify improvement opportunities in the context of their overall organizational performance.

For nearly 30 years, the Baldrige Program has been helping to ensure the long-term success and sustainability of businesses and other organizations in the United States by providing a globally recognized and emulated standard of organization-wide excellence (the Baldrige Excellence Framework), organizational assessments and tools, and the sharing of best practices of role-model organizations recognized through the Malcolm Baldrige National Quality Award.

The Baldrige Program initially helped to address the quality crisis of the eighties. As the drivers of competitiveness and long-term success evolved, so too did the Baldrige framework. Today we offer organizations of all kinds a nonprescriptive leadership and management guide that facilitates a systems approach to achieving organization-wide excellence. In recent years, Baldrige has been a powerful agent of change and improvement in all sectors, most notably health care, and now we have the opportunity to help address another national crisis, cybersecurity.

It has been said that every organization falls into one of two categories: those that have suffered a cyber-attack and know it, and those that have been attacked and don’t know it. While that may be a slight exaggeration, considering there were an estimated 300 million cyber-attacks in 2015—only 90 million of which were detected—and an annual growth rate of approximately 40% in such attacks, it is pretty safe to assume that if you haven’t been attacked, you probably will be soon. As the drumbeat of daily news stories reminds us, protecting data, information, and systems has become a more urgent necessity for just about every organization.

The Cybersecurity Framework provides organization and structure to today’s multiple approaches to managing cybersecurity risk by assembling standards, guidelines, and practices that are working effectively in many organizations. With the Baldrige approach as applied to cybersecurity, an organization manages all areas affected by cybersecurity as a unified whole. In addition, the Baldrige Cybersecurity Excellence Builder, developed in partnership with the Applied Cybersecurity Division and cross-sector industry representatives, enables an assessment of the maturity of an organization’s approaches to cybersecurity and the results achieved. The assessment rubric guides users to determine the maturity level of their cybersecurity programs, processes, and systems—classified as “reactive,” “early,” “mature,” or “role model.” The completed evaluation should lead to action plans to improve cybersecurity practices and management.

Like the Cybersecurity Framework and the Baldrige Excellence Framework, the Baldrige Cybersecurity Excellence Builder is not a one-size-fits-all approach to managing cybersecurity risk. It is adaptable to your organization’s needs, goals, capabilities, constraints, and environment.

Also, like both the Cybersecurity Framework and the Baldrige Excellence Framework, the Baldrige Cybersecurity Excellence Builder will rely heavily on public input. We invite interested users to visit our program’s website, download a copy of the draft Baldrige Cybersecurity Excellence Builder, and let us know what you think (there are instructions on how to provide feedback on the website and on the cover of the tool). Your input will be considered when it is updated and released as version 1 in Spring 2017.

Depending on industry interest and support, the next steps will be to add voluntary assessments, voluntary recognition, and/or voluntary best-practice sharing to help spread the use of the Cybersecurity Framework, the self-assessment tool, and of course, improve organizational and national cybersecurity preparedness.

Baldrige has become a catalyst for transforming organizations, and if the goals of this self-assessment tool are met, it will serve as a valuable instrument in helping organizations to better understand the robustness and effectiveness of their cybersecurity programs and practices. It also will help them in assessing how effectively those efforts align with and support larger organizational requirements, goals, objectives, and strategy.

We are excited to have the opportunity to be a part of a comprehensive initiative to help strengthen the nation’s cybersecurity infrastructure. Please join us by trying out the assessment yourself. Photo credits: ©Titima Ongkantong/Shutterstock, ©alexmillos/Shutterstock

About the author

Robert Fangmeyer

I am Bob, Director of the Baldrige Performance Excellence Program. I have been with Baldrige since 1997 serving on many of the teams in the office in many different roles. Since becoming the Deputy Director in 2011, I have led the effort to design, develop, and implement a new business model that relies even more heavily on partnerships and collaboration as well as cost control and revenue generation. As Director, I manage overall operations, focusing on enhancing our products and services, ensuring efficient and effective operations, as well as planning for strategic capability and capacity needs. In addition, I spend significant time and energy helping to lead and guide the development and implementation of the Baldrige Enterprise.  I am thrilled to be a part of the Baldrige Program where I get to work with and learn from people and organizations committed to achieving excellence.

My background includes owning and managing small service-based businesses, six years as a human resources specialist, a Bachelors degree in Psychology, and an MBA from the University of Maryland. When not working, I enjoy exercising and spending time with my wonderful wife, three kids, and Buddy, my boxer dog.

Related posts

Teams and the Magic Three

A recent Inc.com blog post by Jessica Stillman discusses Malcolm Gladwell’s new book, Revenge of the Tipping Point. The thesis of the blog post and a theme in

Happy Thanksgiving 2024

The Baldrige Performance Excellence Program gives thanks to the entire Baldrige community, especially our advisory board (Board of Overseers) and all-volunteer

Comments

Super, what a huge hill to climb!! Outstanding, to see this effort underway. I have every hope, wish, and confidence the endeavor will succeed, and millions will benefit from it. Salute!

Add new comment

CAPTCHA
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.