Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


The Official Baldrige Blog

Cybersecurity Framework 2.0 Expands Scope and Adds Focus on Governance

Baldrige Cybersecurity loading showing thumb print.
Credit: ©Titima Ongkantong/Shutterstock, ©alexmillos/Shutterstock

Since 2014, the NIST Cybersecurity Framework has been used by organizations to reduce cybersecurity risks. In 2016 (with a revision in 2019), the Baldrige Performance Excellence Program published a companion, self-improvement tool, Baldrige Cybersecurity Excellence Builder (BCEB), to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identify improvement opportunities in the context of their overall organizational performance. The self-assessment tool blended organizational assessment approaches from the Baldrige Program with the concepts and principles of the NIST Cybersecurity Framework.

Baldrige Cybersecurity Excellence Builder

One of the most common questions we receive regarding the BCEB is how it works with the NIST Cybersecurity Framework. While more information can be found online, here is the short answer (from the blog "How Does Baldrige Cyber Work with the NIST Cybersecurity Framework?").

Chart showing relationship between the Framework for Improving Critical Infrastructure Cybersecurity and the Baldrige Excellence Framework for the Baldrige Cybersecurity Excellence Builder.


The NIST Cybersecurity Framework assembles and organizes standards, guidelines, and practices that are working effectively in many organizations. It also includes informative references that are common across critical infrastructure sectors. You are encouraged to customize these based on business drivers to maximize their value to your organization. The BCEB helps with this customization by asking about your organizational characteristics and environment. The BCEB also helps you understand the effectiveness and efficiency of your cybersecurity approaches, as well as the quality of your cybersecurity-related results. 

Notably, the BCEB helps an organization determine whether it is obtaining effective and efficient results from cybersecurity initiatives, including those enacted based on the NIST Cybersecurity Framework outcomes.

Draft of the NIST Cybersecurity Framework 2.0

After reviewing more than a year’s worth of community feedback, NIST has recently released a draft of the NIST Cybersecurity Framework 2.0 (CSF 2.0), noting that there was widespread agreement that changes were warranted to address current and future cybersecurity challenges and to make it easier for organizations to use the framework. The update is intended to ensure that organizations can take steps to address those challenges and apply the Cybersecurity Framework to all types of technology environments, including cloud, mobile, and Artificial Intelligence systems. It also provides new guidance on how to use the Cybersecurity Framework in coordination with other frameworks, such as the Privacy Framework and Enterprise Risk Management guidance, to address technology risks broadly.

According to NIST, the draft CSF 2.0 reflects several major changes:

  1. An expanded scope to provide cybersecurity protection for organizations of all sizes and across all industries
  2. The addition of a “Govern” function to the pillars of a successful and holistic cybersecurity program. “Govern” represents the sixth function, along with “Identify,” “Protect,” “Detect,” “Respond,” and “Recover.” (Note: Governance is a key area in the Baldrige Excellence Framework®. For example, item 1.2, Governance and Societal Contributions, asks how an organization ensures responsible governance and how a governance system reviews and achieves accountability for senior leaders’ actions, fiscal accountability, and succession planning, among other considerations).
  3. Additional guidance on implementing CSF 2.0, including how to create profiles based on the framework

NIST is cyberframework [at] (accepting public comments on the draft) until November 4, 2023. Specifically, NIST is seeking feedback on whether the draft addresses organizations’ current and anticipated future cybersecurity challenges, is aligned with leading practices and guidance resources, and reflects comments received so far.


NIST expects the final version of CSF 2.0 to be published in early 2024. The Baldrige Program intends to update the BCEB accordingly and release BCEB 2.0 in 2024, as well. The Baldrige Program encourages organizations to explore using the NIST Cybersecurity Framework and BCEB together to understand the effectiveness of their cybersecurity risk management efforts.

2023-2024 Baldrige Excellence Framework Business/Nonprofit cover artwork

Baldrige Excellence Framework®

The Baldrige Excellence Framework® has empowered organizations to accomplish their missions, improve results, and become more competitive. It includes the Criteria for Performance Excellence®, core values and concepts, and guidelines for evaluating your processes and results.

Purchase your copy today!

Available versions: Business/Nonprofit, Education, and Health Care

Improve Your Organization’s Cybersecurity Risk Management Efforts

Baldrige Cybersecurity Excellence Builder Version 1.1 cover

Baldrige Cybersecurity Excellence Builder

The Baldrige Cybersecurity Excellence Builder, Version 1.1 is a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identify improvement opportunities in the context of their overall organizational performance. 

Download your copy today!

About the author

Dawn Bailey

Dawn Bailey is a writer/editor for the Baldrige Program and involved in all aspects of communications, from leading the Baldrige Executive Fellows program to managing the direction of case studies, social media efforts, and assessment teams. She has more than 25 years of experience, 18 years at the Baldrige Program. Her background is in English and journalism, with degrees from the University of Connecticut and an advanced degree from George Mason University.

Related posts


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.