OMB Control No. # 0693-0033 – NIST Generic Clearance for Program Evaluation Data Collections
Baldrige Cybersecurity Excellence Builder Tool – Feedback - Information Collection
FOUR STANDARD SURVEY QUESTIONS
1. Explain who will be surveyed and why the group is appropriate to survey.
This collection of information will be an open call to industry experts in cybersecurity to provide feedback on the next version of the tool “Baldrige Cybersecurity Excellence Builder.” The tool has been uploaded into ROCIS for review and reference. The tool was designed in collaboration with Former U.S. Chief Information Officer Tony Scott and the National Institute of Standard and Technology’s (NIST’s) Applied Cybersecurity Division, which is responsible for the NIST Cybersecurity Framework. “Baldrige Cybersecurity Excellence Builder” is intended to be a self-assessment tool integrating Baldrige concepts with the NIST Cybersecurity Framework. Former Deputy Secretary of Commerce Bruce Andrews has said that the intention of the “Baldrige Cybersecurity Excellence Builder” is to provide a way for industry to measure how effectively they are using the Cybersecurity Framework.
The Baldrige Performance Excellence Program (BPEP) now needs feedback to determine if the next version of the tool does what it is intended to do and/or needs improvement. The purpose of this PRA request is to allow us to seek feedback from the public on the Baldrige Cybersecurity Excellence Builder.
2. Explain how the survey was developed including consultation with interested parties, pre-testing, and responses to suggestions for improvement.
The information collection is a call for feedback, with the questions intended to provide BPEP with actionable information on how to improve the Baldrige Cybersecurity Excellence Builder. Such a call for feedback follows the plan that NIST’s Applied Cybersecurity Division has established to request feedback from the community. That division has gone through multiple cycles of feedback and improvement on its own framework and their real-world experiences provided great insight.
3. Explain how the survey will be conducted, how customers will be sampled if fewer than all customers will be surveyed, expected response rate, and actions your agency plans to take to improve the response rate.
A link to the collection instrument (i.e., call for feedback) will go out via email to the entire Baldrige community, as well as the NIST community. The call for feedback will also be advertised in the Federal Register and on social media (namely Twitter and through community members who regularly repost Baldrige news announcements on LinkedIn). In addition, the call for feedback will be made at various industry and government meetings, including the Internet Security Alliance meeting in Washington, DC.
People interested in reviewing the Baldrige Cybersecurity Excellence Builder and offering feedback will click on the link to it, download it, and review it. They then will follow the simple, one-sentence instruction to email feedback to [email protected]. There is no set format for how feedback should be received (e.g., in a certain font, or style), as we want this feedback process to be as simple as possible for the responders.
If we do not receive enough actionable or positive feedback, we may not publish the next version of the Baldrige Cybersecurity Excellence Builder, or we may seek help from our cybersecurity experts to increase the call for feedback. In order for us to publish the next version of the Baldrige Cybersecurity Excellence Builder, we need the feedback to ensure that the tool is value added for the cyber community.
4. Describe how the results of the survey will be analyzed and used to generalize the results to the entire customer population.
The results of the information collection will be used to determine if the next version of the Baldrige Cybersecurity Excellence Builder should be published or improved. Feedback received and improvements will be documented in an electronic file for current and future revisions. People who give feedback may by contacted for clarifications or to expand on their suggestions.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | OMB Control No |
| Author | Darla Yonder |
| File Modified | 0000-00-00 |
| File Created | 2023-08-02 |