April 20th, 2017, Rep Daniel Webster of Florida introduced a new bill for the National Institute of Standards and Technology (NIST) to disseminate guidance to help reduce small business cybersecurity risks. (NIST already released similar guidelines in November 2016.)  Two Congressional findings stated:

• 54% of US sales and 55% of US jobs are accounted for by small business
• 60% of small business cyber attacks close business in 6 months

Requirements of the bill are that the Director (of NIST) should ensure usable, variable, awareness creating, technology neutral, and internally standard resources are disseminated.  Resources would include guidelines, tools, best practices, standards, methodologies, and other ways of providing information.

The Congressional Budget Office (CBO) estimated it to cost approximately $2M for NIST to consult in 2018 and then $4M for maintenance/updates through 2022 – a total cost of $6M for implementation.