The National Institute of Standards and Technology has unveiled a self-assessment tool in a move to help organizations assess the effectiveness of their cybersecurity risk management initiatives.
NIST said Thursday the draft Baldrige Cybersecurity Excellence Builder integrates the Baldrige Performance Excellence Program‘s organizational performance evaluation strategies with the Cybersecurity Framework‘s risk management mechanisms.
The Baldrige program partnered with NIST’s applied cybersecurity division, Federal Chief Information Officer Tony Scott’s office and industry partners to develop the builder.
The tool is designed to help organizations determine cybersecurity-related activities that will support business strategy and services delivery, prioritize risk management investments, assess the results of cybersecurity efforts and identify priorities for improvement, according to NIST.
NIST added the builder will work to help users implement a process to define cybersecurity characteristics and situations of an organization as well as identify the organization’s cybersecurity methods and results achieved through those approaches.
Organizations can also use the tool’s assessment rubric to determine their cybersecurity maturity level as “reactive,” “early,” “mature,” or “role model,” the agency said.
NIST also collaborated with the Office of Management and Budget’s Office of Electronic Government and Information Technology and private sector representatives to create the draft self-assessment tool.
A public comment period on the draft will be open until Dec. 15, 2016.