The IT Law Wiki


NIST, Small Business Information Security: The Fundamentals (NISTIR 7621 Rev. 1) (Nov. 2016) (full-text).


NIST, in partnership with the Small Business Administration and the Federal Bureau of Investigation has had educational outreach to the small business community since 2002. NIST schedules, promotes, and conducts information security workshops for small businesses throughout the United States.

This Report provides guidance on how small businesses can provide basic security for their information, systems, and networks. It uses the Framework for Improving Critical Infrastructure Cybersecurity as a template for organizing cybersecurity risk management processes and procedures. Although the Cybersecurity Framework, created through collaboration between government and the private sector, was originally developed specifically for critical infrastructure organizations, it has proven useful to a variety of audiences and is used in this publication to organize information and cybersecurity best practices in an accepted and logical format.

Revision 1 of this publication reflects changes in technology and a reorganization of the information needed by small businesses to implement a program to help them understand and manage their information and cybersecurity risk.

External resources[]

National Institute of Standards and Technology, NIST Cybersecurity Fundamentals For Small Business Owners (2014) (full-text).