Summary
NIST Small Business Cybersecurity Act
(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.
NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014. Additionally, the resources must include case studies of practical application.
Other federal agencies may also elect to publish the resources on their own websites.
NIST Small Business Cybersecurity Act
(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.
NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014. Additionally, the resources must include case studies of practical application.
Other federal agencies may also elect to publish the resources on their own websites.
NIST Small Business Cybersecurity Act
(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.
NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014. Additionally, the resources must include case studies of practical application.
Other federal agencies may also elect to publish the resources on their own websites.
Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act of 2017 or the MAIN STREET Cybersecurity Act of 2017
(Sec. 3) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.
NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014.
Other federal agencies that NIST considers appropriate must also publish the resources on their own websites.
Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act of 2017 or the MAIN STREET Cybersecurity Act of 2017
(Sec. 3) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.
NIST must consult with other federal agencies to disseminate, and publish on its website, resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must: (1) be generally applicable and usable by a wide range of small businesses; (2) vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on its information systems or devices; (3) include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third party stakeholder relationships; (4) be technology-neutral; and (5) be based on international standards to the extent possible and consistent with the Stevenson-Wydler Technology Innovation Act of 1980.
Other federal agencies that NIST considers appropriate must also publish the resources on their own websites.
Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act of 2017 or the MAIN STREET Cybersecurity Act of 2017
This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.
NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014.
Other federal agencies that NIST considers appropriate must also publish the resources on their own websites.
Track this bill on CivicBeacon
Get push notifications when this bill is updated, contact your reps, and take action.
![Sen. Schatz, Brian [D-HI]](https://bioguide.congress.gov/bioguide/photo/S/S001194.jpg)
