Baldrige Cybersecurity Initiative

#BaldrigeCyber

Director Message  | How It Works | Training | Blogs | FAQs | NIST Cybersecurity Framework

Baldrige Cybersecurity Excellence Builder (BCEB), Version 1.1

The Baldrige Cybersecurity Excellence Builder, Version 1.1 is a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identify improvement opportunities in the context of their overall organizational performance. This self-assessment tool blends organizational assessment approaches from the Baldrige Performance Excellence Program with the concepts and principles of the Cybersecurity Framework developed by NIST’s Applied Cybersecurity Division.

 

Free Download PDF
Purchase Bulk Copies (10 per pack)

BCEB Categories 1-7 Questions and Notes Only (Excel)
BCEB Self-Analysis Worksheet (Excel)

We invite you to baldrige [at] nist.gov (submit lessons learned and comments).

Who Should Use the BCEB?

The Baldrige Cybersecurity Excellence Builder is intended for use by leaders and managers—senior leaders, chief security officers, and chief information officers, among others—who are concerned with and responsible for mission-driven, ­cybersecurity-related policy and operations. 

How Baldrige Works with NIST Cybersecurity

The Cybersecurity Framework assembles and organizes standards, guidelines, and practices that are working effectively in many organizations. It also includes informative references that are common across critical infrastructure sectors. 
 

 

The BCEB builds on the Cybersecurity Framework to help you answer these key questions:

• How effective and efficient are your organization’s cybersecurity approaches?
• How good are the cybersecurity-related results you are achieving?

The questions in the BCEB lead you to manage all areas affected by cybersecurity in alignment with your organization’s characteristics and environment:

LEADERSHIP
Understand how leaders’ actions guide and sustain cybersecurity risk management.

STRATEGY
Set clear strategic priorities and objectives related to cybersecurity.

CUSTOMERS
Understand customers’ requirements and expectations for cybersecurity.

MEASUREMENT, ANALYSIS, AND KNOWLEDGE MANAGEMENT
Measure and analyze cybersecurity outcomes that matter; build and manage your organization’s cybersecurity knowledge.

WORKFORCE
Hire and retain the cybersecurity workforce you need; engage and empower your overall workforce to achieve your objectives.

OPERATIONS
Design and manage effective and efficient cybersecurity operations.

RESULTS
Track important results. Use them to inform decisions and to improve your cybersecurity policies and operations.

Are External Assessments Available?

In Phase 1 of the initiative, the Baldrige Program teamed up with NIST’s Applied Cybersecurity Division responsible for the NIST Cybersecurity Framework, to develop a self-assessment tool, using a phased approach and input from numerous industry sources. 

Pending funding, Phase 2 would involve voluntary assessments by independent experts, sharing of best practices, and voluntary recognition for exceptional performance. 

Related Links

Baldrige Cybersecurity Excellence Builder
BCEB Process and Results Questions Excel
BCEB Self-Analysis Worksheet Excel
NIST Cybersecurity Framework

Resources

Baldrige Cybersecurity Initiative
NIST Cybersecurity Framework Industry Impacts
How Baldrige Works
Baldrige Key Terms
Baldrige Products and Services