Sec. 3. Improving cybersecurity of small businesses
554 words·~3 min read·
/bill/115/s/770/es/section-3A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
In this section: The term Director means the Director of the National Institute of Standards and Technology. The term resources means guidelines, tools, best practices, standards, methodologies, and other ways of providing information. The term small business concern has the meaning given such term in section 3 of the Small Business Act ( 15 U.S.C. 632 ). Section 2(e)(1)(A) of the National Institute of Standards and Technology Act ( 15 U.S.C. 272(e)(1)(A) ) is amended— in clause (vii), by striking and at the end; by redesignating clause
(viii)as clause (ix); and by inserting after clause
(vii)the following: consider small business concerns (as defined in section 3 of the Small Business Act ( 15 U.S.C. 632 )); and . Not later than one year after the date of the enactment of this Act, the Director, in carrying out section 2(e)(1)(A)(viii) of the National Institute of Standards and Technology Act, as added by subsection
(b)of this Act, in consultation with the heads of such other Federal agencies as the Director considers appropriate, shall disseminate clear and concise resources for small business concerns to help reduce their cybersecurity risks. The Director shall ensure that the resources disseminated pursuant to paragraph (1)— are generally applicable and usable by a wide range of small business concerns; vary with the nature and size of the implementing small business concern, and the nature and sensitivity of the data collected or stored on the information systems or devices of the implementing small business concern; include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third party stakeholder relationships, to assist small business concerns in mitigating common cybersecurity risks; are technology-neutral and can be implemented using technologies that are commercial and off-the-shelf; and are based on international standards to the extent possible, and are consistent with the Stevenson-Wydler Technology Innovation Act of 1980 ( 15 U.S.C. 3701 et seq.). The Director shall ensure that the resources disseminated under paragraph
(1)are consistent with the efforts of the Director under section 401 of the Cybersecurity Enhancement Act of 2014 ( 15 U.S.C. 7451 ). In carrying out paragraph (1), the Director, to the extent practicable, shall consider any methods included in the Small Business Development Center Cyber Strategy developed under section 1841(a)(3)(B) of the National Defense Authorization Act for Fiscal Year 2017 ( Public Law 114–328 ). The use of the resources disseminated under paragraph
(1)shall be considered voluntary. The Director shall review and, if necessary, update the resources disseminated under paragraph
(1)in accordance with the requirements under paragraph (2). The Director and such heads of other Federal agencies as the Director considers appropriate shall each make prominently available to the public on the Director's or head's Internet website, as the case may be, information about the resources and all updates to them disseminated under paragraph (1). The Director and the heads shall each ensure that the information they respectively make prominently available is consistent, clear, and concise. If a Federal agency publishes resources to help small business concerns reduce their cybersecurity risks, the head of such Federal agency, to the degree practicable, shall make such resources consistent with the resources disseminated under subsection (c)(1). Nothing in this section may be construed to supersede, alter, or otherwise affect any cybersecurity requirements applicable to Federal agencies.
Connectionstraces to 5
Traces to 5 documents
Citation graph
cites case law
Sec. 3
Improving cybersecurity of small businesses
Cites 5Cited by 0 across 0 sources