Ask AI
Bill115th CongressFiled Apr 20, 2017Science, Technology, Communications
H.R. 2105

NIST Small Business Cybersecurity Act

Bill journey · stage 2 of 5

Under committee review

Filed
Comm.
Floor
Both
Law

What it doesSummary passed house amended (Oct 11, 2017)

NIST Small Business Cybersecurity Act

(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.

NIST must consult with other federal agencies to disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must: (1) include case studies of practical application, (2) be based on international standards to the extent possible, (3) be able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, (4) be capable of promoting awareness of third-party stakeholder relationships to assist small businesses in mitigating common cybersecurity risks, and (5) be consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014.

Other federal agencies may elect to publish the resources on their own websites.

What just happenedOct 16, 2017

Received in the Senate and Read twice and referred to the Committee on Commerce, Science, and Transportation.

Who’s behind it

Rep. Webster, Daniel [R-FL-11](R-FL)Sponsor
17 cosponsors4 D13 R
Read on Congress.gov
17cosponsors2committees12actions1related bills4subjects
  1. Oct 16, 2017IntroReferral

    Received in the Senate and Read twice and referred to the Committee on Commerce, Science, and Transportation.

    Commerce, Science, and Transportation Committee
  2. Oct 11, 2017FloorH38310

    Motion to reconsider laid on the table Agreed to without objection.

  3. Oct 11, 2017FloorH37300

    On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H7936-7937)

  4. Oct 11, 2017Floor8000

    Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote.(text: CR H7936-7937)

  5. Oct 11, 2017FloorH8D000

    DEBATE - The House proceeded with forty minutes of debate on H.R. 2105.

  6. Oct 11, 2017FloorH30000

    Considered under suspension of the rules. (consideration: CR H7936-7939)

  7. Oct 11, 2017FloorH30300

    Mr. Webster (FL) moved to suspend the rules and pass the bill, as amended.

  8. May 2, 2017Committee

    Ordered to be Reported (Amended) by Voice Vote.

    Science, Space, and Technology Committee
  9. May 2, 2017Committee

    Committee Consideration and Mark-up Session Held.

    Science, Space, and Technology Committee
  10. Apr 20, 2017IntroReferralH11100

    Referred to the House Committee on Science, Space, and Technology.

    Science, Space, and Technology Committee
  11. Apr 20, 2017IntroReferralIntro-H

    Introduced in House

  12. Apr 20, 2017IntroReferral1000

    Introduced in House

Passed House amendedOct 11, 201736

NIST Small Business Cybersecurity Act

(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.

NIST must consult with other federal agencies to disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must: (1) include case studies of practical application, (2) be based on international standards to the extent possible, (3) be able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, (4) be capable of promoting awareness of third-party stakeholder relationships to assist small businesses in mitigating common cybersecurity risks, and (5) be consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014.

Other federal agencies may elect to publish the resources on their own websites.

Introduced in HouseApr 20, 2017

NIST Small Business Cybersecurity Act of 2017

This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.

NIST must consult with other federal agencies to disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, (4) capable of promoting awareness of third-party stakeholder relationships to assist small businesses in mitigating common cybersecurity risks, and (5) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014.

Other federal agencies may elect to publish the resources on their own websites.

NIST Small Business Cybersecurity Act — Informed