The U.S. House approved legislation this week that calls on the National Institute of Standards and Technology (NIST) to provide small businesses with guidance to help them identify, assess, manage and reduce their cybersecurity risks.
The NIST Small Business Cybersecurity Act (H.R. 2105) — sponsored by Rep. Daniel Webster (R-FL) and co-sponsored by Rep. Lamar Smith (R-TX) – was unanimously approved in the House.
It requires the NIST director to disseminate guidelines, tools, best practices, standards, and methodologies on cybersecurity risks to small businesses. The guidance should be based on the NIST Framework for Improving Critical Infrastructure Cybersecurity.
Further, it directs the NIST director and certain heads of federal agencies to make the guidance available on their government websites. Use by small business is voluntary.
“Small businesses are especially vulnerable, with some reports noting that 43 percent of cyber-attacks specifically target,” Webster said. “These small businesses are more susceptible to attacks due to the limited access to the tools they need to prepare for such an event. This bill will provide small businesses in my district, state and across the country with the tools they need to meet the threats and challenges of the modern world.”
A companion bill, S.770, was approved by the U.S. Senate on Sept. 28.
“While many small businesses do not have the expertise to protect their computer systems and confidential information, it is crucial to our economy and our citizens’ security that these businesses secure their data,” Smith said. “Congressman Webster’s NIST Small Business Cybersecurity Act helps achieve this goal by using NIST’s global cybersecurity expertise and requiring NIST to provide small businesses with guidance on identifying risks of cyber-attacks.”