Trump Signs NIST Act to Benefit Small Businesses

Trump Signs NIST Act to Benefit Small Businesses

Small businesses will soon receive help implementing voluntary cybersecurity frameworks as defined by the National Institute of Standards and Technology (NIST) after President Trump signed the “NIST Small Business Cybersecurity Act” S. 770 on 15 August.

In addition to providing resources to small businesses, the bill, which requires NIST develop and disseminate resources for small businesses to help reduce their cybersecurity risk, also states that future NIST standards consider the needs of small businesses.

The bill represents a step forward for both the cybersecurity industry and for SMBs struggling to be in accordance with the NIST standards. “This change sets the stage for greater compliance and readiness from smaller organizations who previously thought that NIST compliance was too costly or complex to obtain,” said Dr. Bret Fund, founder and CEO at SecureSet.

Widely seen as a step in the right direction toward cybersecurity compliance and readiness for SMBs, Fund said the bill also signals President Trump's intent to improve cybersecurity overall.

“With the increase in cyber-attacks, it is great to see the administration continue to invest in cybersecurity initiatives. Small businesses are not immune to threats, and are often not equipped with the IT resources or personnel to protect their networks,” said Dirk Morris, chief product officer at Untangle.

Small businesses have long been at risk of cyber-attacks as nefarious actors know that SMBs are limited in both budgets and staff, making it difficult for most small businesses to implement strong security strategies. “Recent reports show that smaller businesses lose proportionately more to cyber-attacks since they are targeted just as often, and are less able to recover due to less resilient infrastructures,” said Anupam Sahai, vice president of product management at Cavirin.

“This is a very positive step, as smaller enterprises may not have the skills or budget to implement a broad-based program. The Act will help with focus. The proof will be how the necessary resources are actually made available.”

Source: Information Security Magazine