[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5669 Introduced in House (IH)]

<DOC>






116th CONGRESS
  2d Session
                                H. R. 5669

 To require the Administrator of the Small Business Administration to 
 establish a program to assist small business concerns with purchasing 
      cybersecurity products and services, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            January 24, 2020

 Ms. Finkenauer (for herself and Mr. Joyce of Pennsylvania) introduced 
   the following bill; which was referred to the Committee on Small 
                                Business

_______________________________________________________________________

                                 A BILL


 
 To require the Administrator of the Small Business Administration to 
 establish a program to assist small business concerns with purchasing 
      cybersecurity products and services, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Strengthening and Enhancing 
Cybersecurity Usage to Reach Every Small Business Act'' or the ``SECURE 
Small Business Act''.

SEC. 2. CYBERSECURITY COOPERATIVE MARKETPLACE PROGRAM.

    (a) Establishment.--Not later than 180 days after the date of the 
enactment of this Act, the Administrator of the Small Business 
Administration, in consultation with the Director of the National 
Institute of Standards and Technology, shall establish a program to 
assist small business concerns with purchasing cybersecurity products 
and services.
    (b) Duties.--In the program established under subsection (a), the 
Administrator shall do the following:
            (1) Educate small business concerns about the types of 
        cybersecurity products and services that are specific to each 
        covered industry sector.
            (2) Provide outreach to covered vendors and small business 
        concerns to encourage use of the cooperative marketplace 
        described in subsection (c).
    (c) Cooperative Marketplace for Purchasing Cybersecurity Products 
and Services.--The Administrator shall--
            (1) establish and maintain a website that--
                    (A) is free to use for small business concerns and 
                covered vendors; and
                    (B) provides a cooperative marketplace that 
                facilitates the creation of mutual agreements under 
                which small business concerns cooperatively purchase 
                cybersecurity products and services from covered 
                vendors; and
            (2) determine whether each covered vendor and each small 
        business concern that participates in the marketplace described 
        in this subsection is legitimate, as determined by the 
        Administrator.
    (d) Sunset.--This section ceases to be effective on September 30, 
2024.

SEC. 3. GAO STUDY ON AVAILABLE FEDERAL CYBERSECURITY INITIATIVES.

    (a) In General.--The Comptroller General of the United States shall 
conduct a study that identifies any improvements that could be made to 
Federal initiatives that--
            (1) train small business concerns how to avoid 
        cybersecurity threats; and
            (2) are in effect on the date on which the Comptroller 
        General commences the study.
    (b) Report.--Not later than 1 year after the date of the enactment 
of this Act, the Comptroller General shall submit to the Committee on 
Small Business and Entrepreneurship of the Senate and the Committee on 
Small Business of the House of Representatives a report that contains 
the results of the study required under subsection (a).

SEC. 4. DEFINITIONS.

    In this Act:
            (1) Administrator.--The term ``Administrator'' means the 
        Administrator of the Small Business Administration.
            (2) Covered industry sector.--The term ``covered industry 
        sector'' means the following industry sectors:
                    (A) Accommodation and food services.
                    (B) Agriculture.
                    (C) Construction.
                    (D) Healthcare and social assistance.
                    (E) Retail and wholesale trade.
                    (F) Transportation and warehousing.
                    (G) Entertainment and recreation.
                    (H) Finance and insurance.
                    (I) Manufacturing.
                    (J) Information and telecommunications.
                    (K) Any other industry sector the Administrator 
                determines to be relevant.
            (3) Covered vendor.--The term ``covered vendor'' means a 
        vendor of cybersecurity products and services, including 
        cybersecurity risk insurance.
            (4) Cybersecurity.--The term ``cybersecurity'' means--
                    (A) the art of protecting networks, devices, and 
                data from unauthorized access or criminal use; and
                    (B) the practice of ensuring confidentiality, 
                integrity, and availability of information.
            (5) Cybersecurity threat.--The term ``cybersecurity 
        threat'' means the possibility of a malicious attempt to 
        infiltrate, damage, disrupt, or destroy computer networks or 
        systems.
            (6) Small business concern.--The term ``small business 
        concern'' has the meaning given under section 3(a) of the Small 
        Business Act (15 U.S.C. 632(a)).
                                 <all>