Demystifying best practices in technology management—particularly cybersecurity—is a challenge for any business, but it can be especially daunting for a small or medium-sized business, which may have a smaller technology team with limited time for research (or may lack one altogether). While there’s certainly no shortage of tech-focused business advice available online, it can be difficult to pinpoint information that’s clear, accessible, up to date and trustworthy.
Luckily, in the U.S., SMBs have access to two free, robust federal government resources: the National Institute of Standards and Technology and the Cybersecurity and Infrastructure Security Agency (better known by most tech experts as NIST and CISA, respectively). Both separately and jointly, these two agencies research and publish detailed, free information that can help organizations learn and adopt the best technology and cybersecurity practices. Below, 13 members of Forbes Technology Council share specific CISA and NIST resources they believe every SMB can (and should) benefit from.
1. CISA ‘Zero Trust Maturity Model’
One resource that I’d recommend to any business (regardless of size) is CISA’s “Zero Trust Maturity Model,” which can help organizations see where they stand today in terms of implementing zero-trust protocols and prioritize improvements. SMBs shouldn’t be intimidated when trying to tackle some of these recommendations; any progress you can make toward zero trust will be worthwhile in enhancing your cybersecurity. – Jim Taylor, RSA Security
2. NIST AI Risk Management Framework
NIST’s AI Risk Management Framework is essential, offering guidance for the responsible development and deployment of AI technologies. It serves as a roadmap for balancing innovation with risk management, emphasizing trust and safety in AI applications, which is crucial for effectively navigating the evolving AI-centric market landscape. – Ken Pomella, RevStar
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. NIST ‘Baldridge Cybersecurity Excellence Builder’
NIST’s “Baldrige Cybersecurity Excellence Builder” is essential for SMBs, merging cybersecurity with business performance. It can help an organization evaluate and improve its cybersecurity maturity, aligning it with strategic goals. This tool fosters a resilient, excellence-driven approach to cyber risk management. – Andrew Blackman, EZ Cloud
4. NIST Cybersecurity Framework
The NIST Cybersecurity Framework is a model that all organizations can put into practice as they evaluate business solutions. It leverages five key components—identification, protection, detection, response and recovery—to help organizations understand the capabilities of vendor solutions in the market and incorporate processes and procedures to protect their digital assets from an inevitable cyberattack. – Russ Kennedy, Nasuni
5. NIST Manufacturing Extension Partnership
NIST’s Manufacturing Extension Partnership serves as a vital resource for SMBs, providing specialized guidance to enhance productivity, innovation and competitiveness in the manufacturing sector. It connects businesses with experts and technologies, facilitating growth and operational efficiency. – Andres Zunino, ZirconTech
6. NIST Privacy Framework
NIST’s Privacy Framework is an invaluable resource for SMBs trying to navigate the complexities of privacy management in the digital age. It provides a structured approach to identifying and managing privacy risks, enhancing customer trust, and ensuring compliance with evolving privacy laws and regulations, which is crucial for businesses that handle sensitive customer data. – Jagadish Gokavarapu, Wissen Infotech
7. NIST Science Data Portal
NIST’s Science Data Portal is a valuable resource. It provides easy access to “data, tools, and resources for Science, Engineering, Technology and more.” The datasets are publicly available without any kind of subscription. Simply bring a thirst for knowledge! – Robert Martin, Oil City Iron Works, Inc.
8. NIST Small Business Cybersecurity Corner
The NIST Small Business Cybersecurity Corner addresses the unique challenges faced by smaller enterprises, providing accessible guidance, education and practical tips for improving cybersecurity. This resource is particularly valuable for businesses with limited resources, offering cost-effective solutions and scalable measures. – Deepak Gupta, LoginRadius
9. NIST SP 800-63
The four-volume NIST SP 800-63 (“Digital Identity Guidelines”; “Enrollment & Identity Proofing”; “Authentication & Lifecycle Management”; “Federation & Assertions”) is crucial for SMBs. It demystifies digital authentication, offering robust yet accessible identity proofing and management strategies. This guidance is key for securing online transactions and customer data, which is foundational in building trust and safeguarding against identity theft and fraud. – Indiana (Indy) Gregg, Wedo.ai
10. NIST SP 800-84
SMBs are more likely than their larger counterparts to be severely impacted by a cyber incident. To prepare for the worst, train your team and test your business and IT processes to ensure you can respond and recover. Check out NIST SP 800-84 (“Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities”). Chapter 4 covers how to carry out tabletop exercises, which are simulated events (such as a ransomware attack) that test people and processes in a safe, educational way. – Chris Stegh, eGroup | Enabling Technologies
11. NIST SP 800-171A
SMBs should be aware of NIST SP 800-171A (“Assessing Security Requirements for Controlled Unclassified Information”), which provides flexible assessment procedures for evaluating compliance with controlled unclassified information security requirements that contribute to the success of federal missions and business operations. These procedures enable SMBs to identify security gaps, make informed risk-based decisions and enhance cybersecurity resilience. – Cristian Randieri, Intellisystem Technologies
12. NIST U.S. Artificial Intelligence Safety Institute Consortium
Established by NIST, the U.S. Artificial Intelligence Safety Institute Consortium brings together AI creators, users and researchers from academia, government and industry to meet the mission of creating “safe and trustworthy artificial intelligence.” SMBs can leverage workshops to facilitate collaboration on creating test environments, datasets, guidelines and frameworks for AI safety. – Anand Kashyap, Fortanix
13. NISTIR 7621
Cybersecurity can often be overwhelming. Thus, many small businesses either put their heads in the sand or rely on contractors without understanding what is happening. NISTIR 7621 (“Small Business Information Security: The Fundamentals”) provides quick and easy guidelines on how to get started with cybersecurity. It presents the information in a language that is easy to understand for business leaders. – Kevin Korte, Univention