The National Institute for Standards and Technology, usually referred to as NIST, has many valuable resources, including resources for computer security. The NIST Cybersecurity Framework (NIST CSF) and the NIST 800 series are familiar to most people in the information security industry. The NIST standards are commonly used not only by organizations that are bound to them by regulatory or contractual reasons, but also by those in search of solid guidance for information security topics for general controls. In August, President Trump signed a congressional act that requires NIST to provide guidance and resources for small businesses to “identify, assess, manage, and reduce their cybersecurity risks.” While voluntary, if history is any guide, these resources should prove valuable for these small businesses looking to improve their cybersecurity program and in turn lower the risks to their organizations. Why Do Resources Directed to Small Businesses Matter? Small businesses fac...