NIST Small Business Cybersecurity Act passed into law

US president Donald Trump signed the NIST Small Business Cybersecurity Act last week, a law that will help small businesses with resources to fend off cyberattacks, as part of a comprehensive governmental strategy to improve cybersecurity.

The act was written by U.S. Senators Brian Schatz (D-Hawai”i) and James Risch (R-Idaho), and supported by John Thune (R-S.D.), Maria Cantwell (D-Wash.), Bill Nelson (D-Fla.), Cory Gardner (R-Colo.), Catherine Cortez Masto (D-Nev.), Maggie Hassan (D-N.H.), Claire McCaskill (D-Mo.), and Kirsten Gillibrand (D-N.Y.).

“As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks. But while big businesses have the resources to protect themselves, small businesses do not, and that”s exactly what makes them an easy target for hackers,” said Senator Schatz, lead Democrat on the Commerce Subcommittee on Communications, Technology, Innovation, and the Internet. “This new law will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks.”

By educating employees about cybersecurity and promoting awareness, among other measures, the US government hopes small businesses will no longer face difficulties in becoming NIST compliant and will improve risk mitigation.

The law was released for debate approximately a year and a half ago, and in the meantime merged with US federal law S.770. The newly signed framework is a cybersecurity guide specifically aimed at small businesses, which have been actively targeted by cybercriminals in the past year.