Credit: SBA
Happy National Small Business Week! For over 60 years, the U.S. Small Business Administration has led this initiative to acknowledge the critical contributions of America’s entrepreneurs and small business owners. Part of the U.S. Department of Commerce, NIST’s mission is to drive U.S. innovation and global competitiveness, and the small business community is central to this mission. In this year’s blog, we shine a spotlight on some new and upcoming NIST resources that are all focused on strengthening the cybersecurity and resilience of the nation’s small business community.
Build Your Small Business’ Cybersecurity Team
A key component of managing and reducing cybersecurity risks and integrating good cybersecurity practices throughout your business is making sure you have a cybersecurity-ready team. But what does that, or can that, look like? The composition of this team will vary based upon your budget, current staff capabilities, risk level, cybersecurity or privacy requirements, etc., and can vary from a single in-house cybersecurity role (e.g., hiring new staff or upskilling existing), to an entire internal cybersecurity team, to external vendor or community support—or a mix of all the above.
There are three opportunities to explore this topic in more depth, including:
- Visit the new NIST Small Business Cybersecurity Corner page, Building Your Team.
- Join the next NIST small business cybersecurity webinar on May 5, 2026, for a panel discussion with experts sharing perspectives and strategies for building small business cybersecurity teams.
- Attend our breakout session, “Building Small Business Cybersecurity Teams: From In-House to Outsourcing,” on Tuesday, June 2 from 1:30-2:15 p.m. at the 2026 NICE Conference and Expo.
Learn from NIST’s Cybersecurity Supply Chain Risk Management Team
NIST’s Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide NIST’s work and assist NIST in addressing the cybersecurity needs of the small business community. The next call is scheduled June 10, 2026, from 2:00-3:00pm EDT. A guest speaker from NIST’s Cybersecurity Supply Chain Risk Management team will provide an overview of their resources and engage in Q&A. After the guest speaker, attendees will receive updates on NIST’s small business cybersecurity program and will engage in general discussion. Register Here.
Strengthening Cybersecurity for Solopreneurs
According to the U.S. Small Business Administration Office of Advocacy, there are 34.8 million small businesses in the United States. Of those, 81.9% have no paid employees other than the owner or owners—termed “non-employer firms.” These include sole proprietors, freelancers, single-member limited liability companies (LLCs), independent contractors, gig economy workers, and others. NIST Cybersecurity White Paper (CSWP) 50 Initial Public Draft (IPD), Small Business Cybersecurity: Non-Employer Firms, helps small firms with no employees and with minimal IT complexity use the NIST Cybersecurity Framework 2.0 to manage their cybersecurity risks. The public comment period closes May 14, 2026. CSWP 50 was initially published in 2009 as NIST IR 7621, Small Business Information Security: The Fundamentals.
Helping SMBs Do Business Internationally
The NIST SMB cybersecurity program, in collaboration with the U.S. Department of State and the International Trade Administration, regularly engages with the international business community to share NIST’s work. Efforts like this help to improve communication about cybersecurity within globally distributed supply chains, improves the United States’ ability to export to and do business with international companies, and more broadly promotes NIST’s foundational cybersecurity and privacy guidelines and resources to stakeholders around the globe. A few recent examples include:
- On March 10, 2026, we provided an overview of the NIST CSF 2.0 to member companies of the Nepal Association for Software and IT Services Companies (NASIT).
- On April 1, 2026, we presented CSF 2.0 and cybersecurity governance basics on a “Digital Technologies Series” hosted by the U.S. Department of Commerce’s Special American Business Internship Training (SABIT) Program for small and medium-sized business leaders from Eurasia.
In Case You Missed It
Please take a moment to celebrate the small businesses in your community this National Small Business Week (and all year long!). And, as always, if you have questions for the NIST Small Business Cybersecurity team, please do not hesitate to reach out.
Keep in Touch
- Share your story. Let us know how you’re using our resources: smallbizsecurity [at] nist.gov (smallbizsecurity[at]nist[dot]gov)
- Email us. Send questions or comments to smallbizsecurity [at] nist.gov (smallbizsecurity[at]nist[dot]gov).
- Follow us. See what we’re up to via @NISTCyber on X.
- Visit our website. The NIST Small Business Cybersecurity Corner offers access to free videos, planning guides, topical guidance, and important information that SMBs can put into action.
- Join our COI. The NIST Small Business Cybersecurity Community of Interest convenes the public and private sectors to share cybersecurity insights, expertise, resources, challenges, and opportunities.
