Improving Cybersecurity of Small Organizations Act of 2020

Improving Cybersecurity of Small Organizations Act of 2020

This bill requires the Cybersecurity and Infrastructure Security Agency (CISA) to maintain and promote cybersecurity guidance for use by small organizations.

Specifically, the bill requires CISA to maintain cybersecurity guidance that documents and promotes evidence-based cybersecurity policies and controls for use by small organizations to improve their cybersecurity. This guidance must be publicly available at no cost, and CISA, the Small Business Administration (SBA), and the Department of Commerce must promote the guidance through relevant resources that are regularly used by small organizations.

Commerce must report on methods of incentivizing small organizations to improve their cybersecurity, including through the adoption of policies, controls, products, and services that have been demonstrated to reduce cybersecurity risk. Every two years, the SBA must submit and make publicly available specified data on the state of small businesses' cybersecurity.