Washington, D.C. – Today, the U.S. Senate unanimously passed the NIST Small Business Cybersecurity Act, legislation introduced by U.S. Senators Brian Schatz (D-Hawai‘i) and James Risch (R-Idaho). The bipartisan bill will provide a consistent set of resources for small businesses to best protect their digital assets from cybersecurity threats. Small businesses are a pillar of the American economy and make up more than half of all jobs in the United States. But these businesses have also become a major target for cyberattacks.

“Since small and medium businesses suffer most often from cyber-attacks, it is vital that NIST, which sets the standard for cybersecurity resources, provide Main Street America with usable resources on how to keep themselves secure,”  said Senator Risch, Chairman of the Senate Committee on Small Business and Entrepreneurship. “This legislation will help Idaho small business owners safeguard against cyber threats and better position them to protect their assets, customers, and employees.”

“As businesses rely more and more on the internet to run efficiently and reach more customers, they will continue to be vulnerable to cyberattacks. But while big businesses have the resources to protect themselves, small businesses do not, and that’s exactly what makes them an easy target for hackers,” said Senator Schatz, lead Democrat on the Commerce Subcommittee on Communications, Technology, Innovation, and the Internet. “With this bill set to become law, small businesses will now have the tools to firm up their cybersecurity infrastructure and fight online attacks.”

In addition to Schatz and Risch, co-sponsors of the bill include U.S. Senators John Thune (R-S.D.), Maria Cantwell (D-Wash.), Bill Nelson (D-Fla.), Cory Gardner (R-Colo.), Catherine Cortez Masto (D-Nev.), Maggie Hassan (D-N.H.), Claire McCaskill (D-Mo.), and Kirsten Gillibrand (D-N.Y.). The bill now heads to the president’s desk to be signed into law.

In 2014, the Senate unanimously passed the Cybersecurity Enhancement Act of 2014, which codified the industry-led process for the National Institute of Standards and Technology (NIST) Cybersecurity Framework, a comprehensive voluntary guide for organizations and businesses to better manage and reduce cybersecurity risks. While this framework continues to play a key role in improving the cyber resilience of the United States, additional coordinated resources may be necessary to improve the ability of small businesses to use it. The legislation, formerly known as the MAIN STREET Cybersecurity Act, will ensure NIST considers the needs of small businesses as it updates the framework and provide simplified, consistent resources based on the NIST framework specifically for small businesses.