To begin, NIST is the National Institute of Standards and Technology. NIST is a non-regulatory federal agency that was founded in 1901 and it is under the Department of Commerce. Their mission is to promote U.S. innovation and industrial competitiveness. They achieve this by advancing measurement science, standards and technology in ways that enhance economic security while also improving quality of life.
In general, NIST provides guidance, setting a standard for recommended security controls. Often, complying with NIST guidelines and recommendations means that a federal agency is ensuring compliance with other regulations like HIPAA, FISMA, or SOX.
NIST Small Business Cybersecurity ACT S.770
In August 2018, a new act was signed, the NIST Small Business Cybersecurity Act S.770. The NIST Cyber Security Framework or CSF was originally developed as a set of cybersecurity standards for government agencies to use. Now, as a result of the new act, NIST CSF, formerly known as the MAIN STREET Cybersecurity Act, is available to public use. US compliance regulations such as PCI and HIPAA are formed based on the NIST Cyber Security Framework or CSF.
NIST CSF provides a policy framework. It provides computer security guidance for how U.S. private sector organizations can assess and improve their ability to prevent, detect and respond to today’s rapid growth of cyberattacks.
The new bill has a goal of considering the needs of small business owners like yours and future standards. It raises awareness as small businesses are very much affected by cyber threats and will greatly reduce their cyber risks.
Providing Cyber Defense Resources
NIST CSF will provide information resources that must be generally applicable to a wide array of small businesses. They will promote cybersecurity awareness and a workplace cybersecurity culture. They will include practical application strategies.
Keep in mind that using these resources is voluntary (which is also considered a drawback), but also take in to consideration that the act was well-received by the security industry.
Cybersecurity Continues to be a Grave Concern for Small Businesses Entering 2019
The technology community can agree that 2018 was quite an interesting year for anything related to cyber security. Cyber breaches became a common, weekly occurrence.
As times have changed and cyber security has risen on the charts to become such a great risk for today’s small businesses, there will need to be some improvements made in the new year regarding cyber security regulations. The difficulty with new regulations is speed. Cyber security moves much, much faster than regulations do.
Speed and the constantly evolving nature of cyber threats means that organizations need people with security skills, either in-house and full-time or an outsourced partner. Outsourcing is becoming an easier solution as there is a global shortage of cyber security skills and talent. The demand far outweighs the supply in this case.
Education is Essential for Success
NIST is there to help your small business and so is the option to outsource your cyber security needs with a reputable firm. Additionally, the best defense is a good offense and that means educating and training your people. Creating custom, tailored training programs is key to success and staying cyber safe.