In order to help organizations evaluate the effectiveness of their cybersecurity risk management efforts, the National Institute of Standards and Technology (NIST) recently released the draft “Baldrige Cybersecurity Excellence Builder,” which acts as an assessment tool to pair with the NIST Cybersecurity Framework.
“The Baldrige Cybersecurity Excellence Builder answers a call from many organizations to provide a way for them to measure how effectively they are using the Cybersecurity Framework,” Deputy Secretary of Commerce Bruce Andrews said. “The Builder will strengthen the already powerful Cybersecurity Framework so that organizations can better manage their cybersecurity risks.”
This tool is designed to enable organizations to determine which cybersecurity actions are critical to business strategy and critical services, prioritize investments, assess how effective the use of cybersecurity standards is, assess their cybersecurity results, and identify priorities for improvement.
The Builder is based on the Baldrige Performance Excellence Program, and, like the Framework, is intended to be adaptable to the size and scope of an organization. “A series of questions helps define the organization’s current approaches to cybersecurity in the areas of leadership, strategy, customers, workforce and operations, as well as the results achieved with them.”
The Builder also defines an organization’s maturity level as either “reactive,” “early,” “mature,” or “role model,” and can then offer an action plan for the organization moving forward.
The draft was created by NIST in collaboration with the Office of Management and Budget’s Office of Electronic Government and Information Technology, and the document closes for comment on Dec. 15.