On August 14, 2018, President Trump signed into law S. 770, the “NIST Small Business Cybersecurity Act.” This Act requires the National Institute of Standards and Technology (NIST) to develop and disseminate resources for small businesses to help reduce their cybersecurity risks. The Act states that the resources should be:
- “Generally applicable and usable by a wide range of small business concerns;
- Vary with the nature and size of the implementing small business concern, and the nature and sensitivity of the data collected or stored on the information systems or devices of the implementing small business concern;
- Include elements, that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships, to assist small business concerns in mitigating common cybersecurity risks;
- Include case studies of practical application;
- Technology-neutral and can be implemented using technologies that are commercial and off-the-shelf; and
- Based on international standards to the extent possible, and are consistent with the Stevenson-Wydler Technology Innovation Act of 1980.”