President Donald J. Trump has just signed the NIST Small Business Cybersecurity Act into law.

Now part of the U.S. federal law S.770, it requires the director of the National Institute of Standards and Technology to issue guidance and a consistent set of resources to help SMBs identity, assess and reduce their cybersecurity risks within the next 12 month.  The entire bill in its original form is here: https://www.gpo.gov/fdsys/pkg/BILLS-115s770enr/pdf/BILLS-115s770enr.pdf  – it’s very short and to the point.

As I’ve stated for many years, the Small to Medium Size Business (SMB) accounts for a majority of our GDP (Gross Domestic Product) and yet is not sophisticated enough to handle the latest threats.  S.770 also tasks NIST, which is part of the U.S. Commerce Department, to take this fact into consideration so that final recommendations include technology-neutral and elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships.

During BlackHat Conference 2018, I was pleased to learn from Corey Nachreiner, the CTO of WatchGuard, that their mission is to bring widely deploy-able, enterprise-grade security to small-to-medium sized businesses (SMBs) – which fits right into support of this new law.  I hope other large players will also take up this challenge and also many of the hot infosec startups consider the SMBs in their journey to defend against the latest threats.

by Gary S. Miliefsky
Publisher, CDM