Ask AI
Public Law115th CongressScience, Technology, Communications
S. 770Became Law

NIST Small Business Cybersecurity Act

This bill became law

Filed
Comm.
Floor
Both
Law

What it doesSummary public law (Aug 14, 2018)


NIST Small Business Cybersecurity Act

(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.

NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014. Additionally, the resources must include case studies of practical application.

Other federal agencies may also elect to publish the resources on their own websites.

What just happenedAug 14, 2018

Became Public Law No: 115-236.

Who’s behind it

Sen. Schatz, Brian [D-HI](D-HI)Sponsor
9 cosponsors6 D3 R
Read on Congress.gov
9cosponsors2committees30actions2amendments1related bills4subjects
  1. Aug 14, 2018President

    Became Public Law No: 115-236.

  2. Aug 14, 2018BecameLaw36000

    Became Public Law No: 115-236.

  3. Aug 14, 2018President

    Signed by President.

  4. Aug 14, 2018BecameLaw36000

    Signed by President.

  5. Aug 3, 2018Floor

    Presented to President.

  6. Aug 3, 2018President28000

    Presented to President.

  7. Aug 2, 2018Floor

    Message on Senate action sent to the House.

  8. Aug 1, 2018ResolvingDifferences

    Senate agreed to the House amendments to S. 770 by Unanimous Consent. (text as Senate agree to the House amendment: CR S5561)

  9. Aug 1, 2018NotUsed20500

    Resolving differences -- Senate actions: Senate agreed to the House amendments to S. 770 by Unanimous Consent.(text as Senate agree to the House amendment: CR S5561)

  10. Jul 26, 2018Floor

    Message on House action received in Senate and at desk: House amendments to Senate bill.

  11. Jul 25, 2018FloorH38800

    The title of the measure was amended. Agreed to without objection.

  12. Jul 25, 2018FloorH38310

    Motion to reconsider laid on the table Agreed to without objection.

  13. Jul 25, 2018FloorH37100

    On passage Passed without objection. (text: CR H7201)

  14. Jul 25, 2018Floor8000

    Passed/agreed to in House: On passage Passed without objection.(text: CR H7201)

  15. Jul 25, 2018FloorH30000

    Considered by unanimous consent. (consideration: CR H7201-7202)

  16. Jul 25, 2018FloorH30200

    Mr. Webster (FL) asked unanimous consent to take from the Speaker's table and consider.

  17. Apr 25, 2018Committee

    Committee on Small Business and Entrepreneurship. Hearings held. Hearings printed: S.Hrg. 115-300.

    Small Business and Entrepreneurship Committee
  18. Oct 2, 2017FloorH15000

    Held at the desk.

  19. Oct 2, 2017FloorH14000

    Received in the House.

  20. Sep 29, 2017Floor

    Message on Senate action sent to the House.

  21. Sep 28, 2017Floor

    Passed Senate with an amendment by Unanimous Consent. (text: CR S6233)

  22. Sep 28, 2017Floor17000

    Passed/agreed to in Senate: Passed Senate with an amendment by Unanimous Consent.(text: CR S6233)

  23. Sep 28, 2017Floor

    The committee substitute as amended agreed to by Unanimous Consent.

  24. Sep 28, 2017Floor

    Measure laid before Senate by unanimous consent. (consideration: CR S6232-6233)

  25. Sep 11, 2017Calendars

    Placed on Senate Legislative Calendar under General Orders. Calendar No. 217.

  26. Sep 11, 2017Committee

    Committee on Commerce, Science, and Transportation. Reported by Senator Thune with an amendment in the nature of a substitute. With written report No. 115-153.

    Commerce, Science, and Transportation Committee
  27. Sep 11, 2017Committee14000

    Committee on Commerce, Science, and Transportation. Reported by Senator Thune with an amendment in the nature of a substitute. With written report No. 115-153.

    Commerce, Science, and Transportation Committee
  28. Apr 5, 2017Committee

    Committee on Commerce, Science, and Transportation. Ordered to be reported with an amendment in the nature of a substitute favorably.

    Commerce, Science, and Transportation Committee
  29. Mar 29, 2017IntroReferral

    Read twice and referred to the Committee on Commerce, Science, and Transportation.

    Commerce, Science, and Transportation Committee
  30. Mar 29, 2017IntroReferral10000

    Introduced in Senate

Public LawAug 14, 201849

NIST Small Business Cybersecurity Act

(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.

NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014. Additionally, the resources must include case studies of practical application.

Other federal agencies may also elect to publish the resources on their own websites.

Senate agreed to House amendment without amendmentAug 1, 201871

NIST Small Business Cybersecurity Act

(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.

NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014. Additionally, the resources must include case studies of practical application.

Other federal agencies may also elect to publish the resources on their own websites.

Passed House amendedJul 25, 201836

NIST Small Business Cybersecurity Act

(Sec. 2) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.

NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014. Additionally, the resources must include case studies of practical application.

Other federal agencies may also elect to publish the resources on their own websites.

Passed Senate amendedSep 28, 201735

Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act of 2017 or the MAIN STREET Cybersecurity Act of 2017

(Sec. 3) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.

NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014.

Other federal agencies that NIST considers appropriate must also publish the resources on their own websites.

Reported to Senate with amendment(s)Sep 11, 20171

Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act of 2017 or the MAIN STREET Cybersecurity Act of 2017

(Sec. 3) This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.

NIST must consult with other federal agencies to disseminate, and publish on its website, resources that small business may use voluntarily to help identify, assess, manage, and reduce their cybersecurity risks. The resources must: (1) be generally applicable and usable by a wide range of small businesses; (2) vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on its information systems or devices; (3) include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third party stakeholder relationships; (4) be technology-neutral; and (5) be based on international standards to the extent possible and consistent with the Stevenson-Wydler Technology Innovation Act of 1980.

Other federal agencies that NIST considers appropriate must also publish the resources on their own websites.

Introduced in SenateMar 29, 2017

Making Available Information Now to Strengthen Trust and Resilience and Enhance Enterprise Technology Cybersecurity Act of 2017 or the MAIN STREET Cybersecurity Act of 2017

This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST) to consider small businesses when it facilitates and supports the development of voluntary, consensus-based, industry-led guidelines and procedures to cost-effectively reduce cyber risks to critical infrastructure.

NIST must disseminate, and publish on its website, standard and method resources that small business may use voluntarily to help reduce their cybersecurity risks. The resources must be: (1) technology-neutral, (2) based on international standards to the extent possible, (3) able to vary with the nature and size of the implementing small business and the sensitivity of the data collected or stored on the information systems, and (4) consistent with the national cybersecurity awareness and education program under the Cybersecurity Enhancement Act of 2014.

Other federal agencies that NIST considers appropriate must also publish the resources on their own websites.

NIST Small Business Cybersecurity Act — Informed