Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

White Paper (DRAFT)

Baldrige Cybersecurity Excellence Builder: Key questions for improving your organization's cybersecurity performance

Date Published: September 2016
Comments Due: December 15, 2016 (public comment period is CLOSED)
Email Questions to: baldrigecybersecurity@nist.gov

Withdrawn: April 02, 2017

Author(s)

National Institute of Standards and Technology

Announcement

The Baldrige Cybersecurity Excellence Builder (BCEB) is a voluntary self-assessment tool that enables organizations to better understand the effectiveness of their cybersecurity risk management efforts. It helps leaders of organizations identify opportunities for improvement based on their cybersecurity needs and objectives, as well as their larger organizational needs, objectives, and outcomes. Using this self-assessment, you can:

  • determine cybersecurity-related activities that are important to your business strategy and critical service delivery;
  • prioritize your investments in managing cybersecurity risk;
  • determine how best to enable your workforce, customers, suppliers, partners, and collaborators to be risk conscious and security aware, and to fulfill their cybersecurity roles and responsibilities;
  • assess the effectiveness and efficiency of your use of cybersecurity standards, guidelines, and practices;
  • assess the cybersecurity results you achieve; and
  • identify priorities for improvement.

Like the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) and the Baldrige Excellence Framework, the BCEB is not a one-size-fits-all approach. It is adaptable and scalable to your organization's needs, goals, capabilities, and environment. It does not prescribe how you should structure your organization's cybersecurity policies and operations. Through interrelated sets of open-ended questions, it encourages you to use the approaches that best fit your organization.

Specifically, feedback is sought on:

  • the relative value of different parts of the BCEB for assessing your cybersecurity risk management efforts,
  • perceived gaps in the BCEB, and
  • the user-friendliness of the BCEB.

Feedback on this draft will be incorporated into the version 1 release, scheduled for early 2017.

Abstract

Keywords

Cybersecurity Framework; risk management; risk assessment; Baldrige Excellence Management Program; self-assessment.
Control Families

Risk Assessment; Security Assessment and Authorization;

Documentation

Publication:
(Draft) Baldrige Cybersecurity Excellence Builder

Supplemental Material:
Baldrige Cybersecurity Initiative Homepage (other)
Press Release (other)

Related NIST Publications:
White Paper

Document History:
Draft White Paper (9/15/16)
White Paper (4/2/17)

Topics

Security and Privacy
general security & privacy