The bill directs NIST to create "clear and concise" guidance for how small and medium businesses can boost their digital defenses.
The Senate Commerce Committee forwarded legislation Wednesday that would expand the responsibilities of the government’s cyber standards agency to help small and medium-sized businesses protect their networks against digital attacks.
The National Institute of Standards and Technology is already tasked broadly with helping small and medium businesses defend against cyberattacks. The legislation forwarded Wednesday would hammer down that broad requirement, directing the agency to create “clear and concise” resources to help small companies manage cyber risk and to create a cyber-savvy workplace culture.
Those resources would vary with the size of the business and the nature and sensitivity of the data stored in its systems.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The bill is called the Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology, or MAIN STREET, Cybersecurity Act. It passed on a voice vote after a handful of amendments by sponsor Sen. Brian Schatz, D-Hawaii.
The MAIN STREET Act is one of several efforts to expand NIST’s cybersecurity responsibilities. Most notably, the House Science Committee passed legislation that would task the institute with auditing civilian federal agencies’ cybersecurity protections.
NIST considers itself a standards-setting agency and has generally avoided taking on oversight responsibilities.