Developing enterprises will be helped to implement cybersecurity measures
Almost a year and a half after the introduction of the measure, the National Institute of Standards and Technology (NIST) Small Business Cyber Security Act is officially working after Donald Trump, president of the United States, promulgated the law.
Originally proposed in April 2017, the law requires the director of NIST, within one year of the adoption of the law, to issue guidance and a set of resources to help small and medium-sized enterprises identify, evaluate and reduce their cyber security organization risks. The law also calls on NIST, a division of the Department of Commerce, to consider the needs of small businesses in developing these recommendations, which must be widely applicable and technology-neutral and include elements that promote the implementation of simple and basic controls, culture of cyber security organization in the workplace and relations with interested third parties.
In a press release, Senator Brian Schatz said that “as companies are increasingly reliant on the Internet to operate efficiently and reach more customers, they will continue to be vulnerable to cyber attacks. While big companies have the resources to protect themselves, small businesses don’t, and that’s exactly what makes them an easy target for hackers; this new law will grant small businesses the tools to reinforce their cyber security organization infrastructure and fight against hackers”, the senator mentioned.
“Small businesses are not immune to threats and are often not equipped with resources or IT staff to protect their networks”, a cyber security organization expert said. “NIST’s Small Business Cyber Security Act will provide small and medium-sized entrepreneurs with the minimum resources and a simplified cyber security framework so they can effectively protect their companies from threats”.
Cyber security organization experts from the International Institute of Cyber Security consider that the Small Business Cyber Security Act is a major victory for the cyber security industry and for businesses struggling to operate in accordance with NIST standards.