President signs NIST Small Business Cybersecurity Act into law
A year and nearly four months after the measure was introduced, the NIST Small Business Cybersecurity Act officially passed after President Donald Trump signed the legislation into law.
Originally proposed as H.R. 2105 in April 2017, the act was later absorbed into U.S. federal law S.770, and requires the director of the National Institute of Standards and Technology, within within one year of the law’s passing, to issue guidance and a consistent set of resources to help SMBs identity, assess and reduce their cybersecurity risks.
S.770 also tasks NIST, a division of the U.S. Commerce Department, with considering the needs of small businesses when developing these recommendations, which among other key qualities should be widely applicable and technology-neutral and “include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships.”
The legislation in its current form was introduced by Sen. Brian Schatz, D-Hawaii, along with Sen. James Risch, R-Idaho, and was sponsored by fellow lawmakers John Thune, R-S.D.; Maria Cantwell, D-Wash.; Bill Nelson, D-Fla.; Cory Gardner, R-Colo.; Catherine Cortez Masto, D-Nev.; Maggie Hassan, D-N.H.; Claire McCaskill, D-Mo.; and Kirsten Gillibrand, D-N.Y.
In a press release, Schatz, the the lead Democrat on the Commerce Subcommittee on Communications, Technology, Innovation, and the Internet, said that “As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks. But while big businesses have the resources to protect themselves, small businesses do not, and that’s exactly what makes them an easy target for hackers.”
“This new law will give small businesses the tools to firm up their cybersecurity infrastructure and fight online attacks,” Schatz continued.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise