WASHINGTON – The U.S. House of Representatives today unanimously approved the NIST Small Business Cybersecurity Act (H.R. 2105), sponsored by Rep. Daniel Webster (R-Fla.) and co-sponsored by Rep. Lamar Smith (R-Texas), chairman of the House Committee on Science, Space, and Technology. The legislation calls on the National Institute of Standards and Technology (NIST) to provide small businesses with guidance to help them identify, assess, manage and reduce their cybersecurity risks.

Rep. Webster: “Small businesses are especially vulnerable, with some reports noting that 43 percent of cyber-attacks specifically target. These small businesses are more susceptible to attacks due to the limited access to the tools they need to prepare for such an event. As the owner of a multi-generational small business, I know what small businesses can accomplish when equipped and empowered with the right tools. Recently, when my own business was attacked, I experienced the havoc a hacker can cause and the importance of cybersecurity. This bill will provide small businesses in my district, state and across the country with the tools they need to meet the threats and challenges of the modern world.”

Chairman Smith: “Small businesses account for more than half of all U.S. jobs, including nearly four and a half million in my home state of Texas. While many small businesses do not have the expertise to protect their computer systems and confidential information, it is crucial to our economy and our citizens’ security that these businesses secure their data. Congressman Webster’s NIST Small Business Cybersecurity Act helps achieve this goal by using NIST’s global cybersecurity expertise and requiring NIST to provide small businesses with guidance on identifying risks of cyber-attacks. October is National Cybersecurity Awareness Month and it is appropriate that Congress consider legislation to protect small businesses from cybersecurity attacks.”


H.R. 2105 was unanimously approved by the House Committee on Science, Space, and Technology on May 2.

S.770, which was approved by the Senate on September 28, is the companion bill to H.R. 2105.

H.R. 2015 does the following:

  • Directs the NIST director, in consultation with heads of other federal agencies, to disseminate within a year of the act’s enactment clear and concise guidelines, tools, best practices, standards and methodologies, based on the NIST Framework for Improving Critical Infrastructure Cybersecurity, to help small businesses identify, assess, manage and reduce their cybersecurity risks
  • Clarifies that use of such guidance by small businesses is voluntary
  • Directs the NIST director and heads of federal agencies that so elect to make the guidance available on their government websites
  • Specifies that funds to carry out this act are authorized out of existing spending

Text of the bill can be found here.