Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


The Official Baldrige Blog

Organizational Excellence in the Cyber-Risky Age

Baldrige Cybersecurity text showing loading icon.
Credit: ©Titima Ongkantong/Shutterstock, ©alexmillos/Shutterstock

In August of 1987 Congress created a public-private partnership that spawned a global movement, the Baldrige Performance Excellence Program. This small program was given a great big purpose: to improve the quality and performance of U.S. businesses so as to improve our national competitiveness. As a nation, we struggled at that time to produce high-quality, low-cost products and services, and we were losing market share and jobs to global competition. The Baldrige Program was established to help turn that around, and for the past 29 years, we have been extremely successful, establishing a globally recognized standard of excellence used to facilitate and enable a systems approach to organizational excellence and improved outcomes in businesses, nonprofits, educational institutions, and health care providers of all kinds.

Today, there is another threat to the long-term success and sustainability of nearly every organization in the United States: ensuring appropriate cybersecurity. In our increasingly connected data-driven world, protecting data, information, and systems has become a basic necessity for organizations of all kinds and a critical national priority.

In response to President Obama’s Executive Order (EO) 13636 and in partnership with industry, the National Institute of Standards and Technology (NIST) developed the Framework for Improving Critical Infrastructure Cybersecurity (PDF). NIST's Cybersecurity Framework helps organizations understand what should be included in a robust cybersecurity risk management program, and it has now been deployed across critical infrastructure sectors and more broadly throughout the United States. Since then, numerous implementations have been developed, tailoring the Cybersecurity Framework to specific industries, associations, and even specific organizations.

So what does this have to do with the Baldrige Program and the Baldrige Excellence Framework? Those familiar with the Baldrige framework know that ensuring the security of data, information, and systems is not new to the Baldrige Criteria, and in fact it first showed up in the Information and Analysis section (Category 4) of the 2001 version.

However, over the past 15 years, the prevalence, importance, and, unfortunately, the misuse of electronic data and information have increased exponentially. In keeping with our mission and in response to an expressed need across multiple industries, we are now partnering with NIST’s Applied Cybersecurity Division to develop a Baldrige-based assessment tool aligned to the Cybersecurity Framework. This tool will enable an evaluation of not only the robustness, but also the effectiveness and “maturity” of the cybersecurity risk management programs of organizations of all kinds.

U.S. Chief Information Officer Tony Scott, who is helping to lead the President’s Cybersecurity National Action Plan, is a strong advocate of the potential benefit to be derived from a Baldrige-based cybersecurity assessment process:

“We are making strides in raising the level of cybersecurity across the nation.  Baldrige-based approaches have helped organizations to improve their performance over several decades,” said Scott. “Voluntary cybersecurity assessments using a Baldrige approach will stimulate improvement, begin to pool talent, and share solutions to the security challenges and problems organizations face today.”

Over the past six months, the Baldrige Program has been part of a working group, including the Applied Cybersecurity Division, Mr. Scott’s office, and a diverse cross section of more than 20 industry participants representing hundreds of organizations, to explore the need for, the potential of, and the pitfalls to avoid in regard to a Baldrige-based cybersecurity initiative. Industry organizations taking part in these discussions have included Baldrige Award recipients PricewaterhouseCoopers Public Sector Practice, Advocate Good Samaritan Hospital, and Boeing. Working with industry to determine the path forward is one of NIST’s core competencies and is certainly key to this effort.

“NIST’s efforts to couple the proven processes and value of the Baldrige Program with the increasingly popular Cybersecurity Framework will be voluntary and private sector-driven. We will measure this initiative’s success by its usefulness to companies and other organizations in strengthening their cybersecurity risk management,” said Willie E. May, Under Secretary of Commerce for Standards and Technology and Director of NIST. “The goal is to help organizations get even greater value from the Cybersecurity Framework by providing a way to assess and guide their cybersecurity risk management.”

The first step in this effort will be the development of a self-assessment tool—the Baldrige Cybersecurity Excellence Builder. The tool will enable organizations to better understand the effectiveness of their cybersecurity risk management efforts and identify opportunities for improvement based on their cybersecurity needs and objectives as well as their larger organizational needs, objectives, and outcomes.

We are very excited about the opportunity to partner with industry to help address this critical national need. For nearly 30 years, we have been fostering organization-wide excellence, and in 2015 we embarked on two strategic initiatives that will bring the Baldrige concepts to a much wider audience: cybersecurity and Communities of Excellence 2026. The cybersecurity initiative drills down into a critical component of organizational performance and sustainability, while COE2026 adapts Baldrige’s systems approach to achieving excellence to entire communities.

We estimate that a draft of the Baldrige Cybersecurity Excellence Builder will be available for broad public input in early-fall 2016. If you would like the opportunity to review, just send an email to baldrige [at] (baldrige[at]nist[dot]gov).

The Baldrige Foundation is also supporting our cybersecurity and Communities of Excellence efforts through advocacy and fundraising. You may visit their website for more information. ~ ~ ~ ~ ~ For over 25 years, the Baldrige Program has used a public-private partnership approach to provide U.S. organizations with a management and leadership framework to facilitate organization-wide excellence. This approach has enhanced the performance and economic competitiveness of U.S. organizations. Through the Baldrige Excellence Framework, volunteer Baldrige Examiners, and the broader Baldrige community, the program promotes excellence in business, education, health care, nonprofit, and government sectors. It also educates leaders, assesses organizational performance, honors those who are proven national role models, and supports Baldrige Award recipients in the sharing of their best practices with other organizations.  

About the author

Robert Fangmeyer

I am Bob, Director of the Baldrige Performance Excellence Program. I have been with Baldrige since 1997 serving on many of the teams in the office in many different roles. Since becoming the Deputy Director in 2011, I have led the effort to design, develop, and implement a new business model that relies even more heavily on partnerships and collaboration as well as cost control and revenue generation. As Director, I manage overall operations, focusing on enhancing our products and services, ensuring efficient and effective operations, as well as planning for strategic capability and capacity needs. In addition, I spend significant time and energy helping to lead and guide the development and implementation of the Baldrige Enterprise.  I am thrilled to be a part of the Baldrige Program where I get to work with and learn from people and organizations committed to achieving excellence.

My background includes owning and managing small service-based businesses, six years as a human resources specialist, a Bachelors degree in Psychology, and an MBA from the University of Maryland. When not working, I enjoy exercising and spending time with my wonderful wife, three kids, and Buddy, my boxer dog.

Related posts


Wonderful update.
These initiatives are VERY important to our national defense and well-being. I look forward to supporting their roll-out for the remainder of 2016 and throughout 2017.
Has there been any consideration to aligning or comparing the Baldrige Cybersecurity Excellence Builder with the Electricity Sector - Cybersecurity Capability Maturity Model (ES-C2M2)?

Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.