Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Baldrige Cybersecurity Excellence Builder Version 1.1 Released

The Baldrige Performance Excellence Program at the National Institute of Standards and Technology announces the release of the Baldrige Cybersecurity Excellence Builder, version 1.1. This update to the voluntary self-assessment tool reflects the 2019–2020 Baldrige Excellence Framework and the Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1, managed by NIST’s Applied Cybersecurity Division. This version features an increased focus on

  • ensuring an efficient and effective cybersecurity supply network;
  • ensuring that all your organization’s suppliers fulfill their cybersecurity-related roles and responsibilities; and
  • understanding linkages among your organization’s context, processes, and results.

The Baldrige Cybersecurity Excellence Builder helps organizations better understand the effectiveness of their cybersecurity risk management efforts in the context of their overall characteristics, strategic situation, and goals. It is intended for use by leaders and managers—senior leaders, chief security officers, and chief information officers, among others—who are concerned with and responsible for mission-driven, ­cybersecurity-related policy and operations.

Version 1.1 includes the following sections:

  • Introduction
  • Questions for self-assessing your cybersecurity-related processes and results
  • Assessment rubric
  • Glossary of key terms
  • Benefits of using the self-assessment tool, by organizational role
  • Crosswalk between the Baldrige Cybersecurity Excellence Builder and the Cybersecurity Framework

This self-assessment tool blends the Baldrige Program’s organizational assessment approaches with the concepts and principles of the Cybersecurity Framework. The Cybersecurity Framework assembles and organizes standards, guidelines, and practices that are working effectively in many organizations. It also includes informative references that are common across critical infrastructure sectors. In the Baldrige approach as applied to cybersecurity, an organization manages all areas affected by cybersecurity as a unified whole. The system consists of cybersecurity-related approaches in the areas of leadership, strategy, customers, measurement/knowledge management, workforce, and operations, as well as the results achieved. 

In addition, registration is open for the Baldrige Cybersecurity Workshop on Sunday, April 7, 2019, in conjunction with the Baldrige Quest for Excellence Conference, Gaylord National Harbor, National Harbor, Maryland. Using a case study approach, the workshop will familiarize you with the Baldrige Cybersecurity Excellence Builder through presentations, discussions, and exercises.

For more information on Baldrige products and services, contact the Baldrige Program at 301-975-2036 or baldrige [at] nist.gov.

Released March 28, 2019, Updated March 28, 2019