NIST Releases Draft Guidance for Cybersecurity Excellence
NIST is requesting public comments on the draft document, which blends the best of two globally recognized and widely used NIST resources.
The National Institute of Standards and Technology (NIST), a Commerce Department agency, has released a draft Baldrige Cybersecurity Excellence Builder, describing it as a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts. NIST is requesting public comments on the draft document, which blends the best of two globally recognized and widely used NIST resources: the organizational performance evaluation strategies from the Baldrige Performance Excellence Program and the risk management mechanisms of the Cybersecurity Framework.
Deputy Secretary of Commerce Bruce Andrews announced the release of the draft document at the Internet Security Alliance's 15th Anniversary Conference in Washington, D.C. "The Baldrige Cybersecurity Excellence Builder answers a call from many organizations to provide a way for them to measure how effectively they are using the Cybersecurity Framework," he said. "The Builder will strengthen the already powerful Cybersecurity Framework so that organizations can better manage their cybersecurity risks."
According to NIST, organizations using it can:
- determine cybersecurity-related activities that are important to business strategy and the delivery of critical services
- prioritize their investments in managing cybersecurity risk
- assess their results and their effectiveness and efficiency in using cybersecurity standards, guidelines, and practices
- identify priorities for improvement
The Cybersecurity Framework was released in February 2014 and was created by NIST through a collaborative process involving industry, academia, and government agencies. According to a Gartner report, the framework is currently used by 30 percent of U.S. organizations and that number is expected to rise to 50 percent by 2020.