Free Cybersecurity Excellence Builder Self-Assessment Tool


The Baldrige Performance Excellence Program has invited the Baldrige community to provide comments on the draft Baldrige Cybersecurity Excellence Builder, a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts. The program also encourages the sharing of the Baldrige Cybersecurity Excellence Builder with your key stakeholders for their review and comments.*   Please note that the free, downloadable, .pdf format version, of the Baldrige Cybersecurity Excellence Builder is a DRAFT.  Nonetheless, it is filled with very useful information about Cybersecurity considerations.  Comments on the draft will be accepted throughout the coming month, until Thursday, Dec. 15, 2016, and feedback can be submitted online.

The Baldrige Cybersecurity Excellence Builder blends the best of two globally recognized and widely used National Institute for Standards and Technology (NIST) resources: the organizational performance evaluation strategies from the Baldrige Excellence Framework and its Criteria and the risk management mechanisms of the NIST Cybersecurity Framework.

Like the Cybersecurity Framework, the Baldrige Cybersecurity Excellence Builder is not a “one-size-fits-all” tool for dealing with cybersecurity risks. It is adaptable to meet an organization’s specific needs, goals, capabilities, and environments.

The Builder guides users through a process that details their organization’s distinctive characteristics and strategic situations related to cybersecurity. Then, a series of questions helps define the organization’s current approaches to cybersecurity in the areas of leadership, strategy, customers, workforce, and operations, as well as the results achieved with them.

An assessment rubric lets users determine their organization’s cybersecurity maturity level—classified as “reactive,” “early,” “mature,” or “role model”—against each of the key questions. The completed evaluation can then lead to an action plan to upgrade cybersecurity practices and management, implement those improvements, and measure the progress and effectiveness of the process. Designed to be a key part of an organization’s continuous improvement efforts, the Builder should be used periodically to maintain the highest possible level of cybersecurity readiness.

What will happen to all of the input on the Baldrige Cybersecurity Excellence Builder?

  1. As themes for revision emerge, the program will reconcile conflicting recommendations and develop the next version.
  2. The program will invite experts to review the next version.
  3. Using this input, the program will produce the first edition of the Baldrige Cybersecurity Excellence Builder.
  4. The program will make the Baldrige Cybersecurity Excellence Builder available to the public for use.

Please help NIST by commenting on the draft version of the Baldrige Cybersecurity Excellence Builder.  Comments may be submitted through Thursday, Dec. 15, 2016, via online submission, or you may email your comments to

*IMPORTANT:  Most of the information shared above was taken directly from a promotional email very recently received from the National Institute of Standards and Technology (NIST).  

Square logoFor breaking news about quality-related matters please follow us.  To learn more about services and products please visit our website at  If you would like to contact, please use our Online Contact Form or call us at 1-805-622-3019.

Make a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s