Improving Cybersecurity of Small Businesses, Nonprofits, and Local Governments Act
This bill requires reporting and other efforts to improve the cybersecurity of small entities. These include small businesses, governments (or certain governmental bodies) that represent populations of less than 50,000, and small nonprofits.
Specifically, the Cybersecurity and Infrastructure Security Agency (CISA) must periodically report on and make recommendations about cybersecurity policies and controls for small entities. CISA, the Small Business Administration (SBA), and the Minority Business Development Agency must (1) promote the report, including by making it available through their respective websites; and (2) make voluntary training and technical assistance available to employees of small entities concerning cybersecurity recommendations identified in the report.
In addition, the Department of Commerce must report to Congress about improving the cybersecurity of small entities. Further, the SBA must collect information from small businesses concerning cybersecurity matters and report to Congress about the cybersecurity of small businesses.