President Donald Trump signed the NIST Small Business Cybersecurity Act into law, legislation authored by U.S. Senators Brian Schatz (D-Hawai‘i) and James Risch (R-Idaho).
The new law requires the Director of the National Institute of Standards and Technology (NIST) to disseminate guidance to help reduce small business cybersecurity risks and improve cybersecurity safeguards.
“This new law will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks,” said Senator Schatz, lead Democrat on the Commerce Subcommittee on Communications, Technology, Innovation, and the Internet.
This is welcome news given small businesses don’t have the same resources that larger organizations have to protect themselves from hackers.
An excerpt from the act absorbed into the U.S. federal law S.770:
“Not later than one year after the date of the enactment of this Act, the Director, in carrying out section 2(e)(1)(A)(viii) of the National Institute of Standards and Technology Act, as added by subsection (b) of this Act, in consultation with the heads of other appropriate Federal agencies, shall disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.”
The Director of NIST will also help “promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships, to assist small business concerns in mitigating common cybersecurity risks.”
Small businesses will also be provided case studies for practical application of security controls and technology-neutral options to implement cybersecurity technologies off-the-shelf as well.