S.770 - NIST Small Business Cybersecurity Act115th Congress (2017-2018)
|Sponsor:||Sen. Schatz, Brian [D-HI] (Introduced 03/29/2017)|
|Committees:||Senate - Commerce, Science, and Transportation|
|Committee Reports:||S. Rept. 115-153|
|Latest Action:||08/14/2018 Became Public Law No: 115-236. (TXT | PDF) (All Actions)|
This bill has the status Became Law
Here are the steps for Status of Legislation:
- Passed Senate
- Passed House
- Resolving Differences
- To President
- Became Law
Summary: S.770 — 115th Congress (2017-2018)All Information (Except Text)
Public Law No: 115-236 (08/14/2018)
(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.
NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014. Additionally, the resources must include case studies of practical application.
Other federal agencies may also elect to publish the resources on their own websites.