U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

White Paper (Draft)

Baldrige Cybersecurity Excellence Builder: Key questions for improving your organization's cybersecurity performance

Date Published: September 2016
Comments Due: December 15, 2016 (public comment period is CLOSED)
Email Questions to: baldrigecybersecurity@nist.gov

Author(s)

National Institute of Standards and Technology

Announcement

The Baldrige Cybersecurity Excellence Builder (BCEB) is a voluntary self-assessment tool that enables organizations to better understand the effectiveness of their cybersecurity risk management efforts. It helps leaders of organizations identify opportunities for improvement based on their cybersecurity needs and objectives, as well as their larger organizational needs, objectives, and outcomes. Using this self-assessment, you can:

  • determine cybersecurity-related activities that are important to your business strategy and critical service delivery;
  • prioritize your investments in managing cybersecurity risk;
  • determine how best to enable your workforce, customers, suppliers, partners, and collaborators to be risk conscious and security aware, and to fulfill their cybersecurity roles and responsibilities;
  • assess the effectiveness and efficiency of your use of cybersecurity standards, guidelines, and practices;
  • assess the cybersecurity results you achieve; and
  • identify priorities for improvement.

Like the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) and the Baldrige Excellence Framework, the BCEB is not a one-size-fits-all approach. It is adaptable and scalable to your organization's needs, goals, capabilities, and environment. It does not prescribe how you should structure your organization's cybersecurity policies and operations. Through interrelated sets of open-ended questions, it encourages you to use the approaches that best fit your organization.

Specifically, feedback is sought on:

  • the relative value of different parts of the BCEB for assessing your cybersecurity risk management efforts,
  • perceived gaps in the BCEB, and
  • the user-friendliness of the BCEB.

Feedback on this draft will be incorporated into the version 1 release, scheduled for early 2017.

Abstract

Keywords

Cybersecurity Framework; risk management; risk assessment; Baldrige Excellence Management Program; self-assessment.
Control Families

Risk Assessment; Assessment, Authorization and Monitoring

Documentation

Publication:
(Draft) Baldrige Cybersecurity Excellence Builder

Supplemental Material:
Baldrige Cybersecurity Initiative Homepage (other)
Press Release (other)

Related NIST Publications:
White Paper

Document History:
09/15/16: White Paper (Draft)
04/02/17: White Paper (Final)

Topics

Security and Privacy
general security & privacy