The Senate Homeland Security and Governmental Affairs Committee on Feb. 2 voted to approve the Improving Cybersecurity of Small Organizations Act of 2021 (S. 2483), which would require the Cybersecurity and Infrastructure Security Agency (CISA) to maintain and promote cyber guidance for use by small organizations.
The Senate bill is sponsored by Sen. Jacky Rosen, D-N.V., and earlier this week similar legislation was reintroduced in the House by Reps. Anna Eshoo, D-Calif., and Williams Timmons, R-S.C.
“Small organizations are increasingly vulnerable to cyberattacks, and many of them lack the resources to manage complex cyber risks,” said Sen. Rosen when she introduced the Senate version last year. “This bipartisan and bicameral legislation will help protect our nation’s small businesses, nonprofits, and local governments from the growing threat of cyberattacks.”
If enacted, the legislation would require CISA to maintain cybersecurity guidance that documents and promotes evidence-based cybersecurity policies and controls for small businesses to use and improve their cyber posture.
The CISA guidance be publicly available and free of charge. CISA, the Small Business Administration (SBA), and the Department of Commerce would be tasked with promoting the guidance through resources that are regularly used by small businesses.