Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Small and Medium Business Perspectives

Perspectives intended to assist small and medium sized businesses.

Siemens has seen a tremendous benefit from using the NIST Cybersecurity Framework, not just for ourselves to help mature our organization, but also with customers. Our customers are looking for clear, simple roadmaps. This is especially true for small and medium enterprises that have limited budgets and are looking for practical advice to help them get ready to stop cyber attacks

Leo Simonovich, Vice President and Global Head, Industrial Cyber and Digital Security, Siemens
November 8, 2018 - NIST Cybersecurity Risk Management Conference   

"Small businesses have much to gain by working through the Framework. They can use it to build a cybersecurity program from scratch or help strengthen an existing program. It also represents a valuable professional development exercise by extending conversations about cybersecurity and risk management across a company." 

Carrie Johnson, SDN Communications, Manager, Government and External Relations
October 31, 2016 - Sizing Up the NIST Cybersecurity Framework

“Companies with more than 10,000 employees are slightly more likely to have adopted a security framework (90%) but even smaller companies with less than 1,000 employees report significant rates of adoption (77%).”

Dimensional Research, sponsored by Tenable Network Security
Trends in Security Framework Adoption: A Survey of IT and Security Professionals, March 2016 (p. 5)

“…the initial NIST Framework has proven useful in better focusing discussion and analysis of the nation’s preparedness and resilience, providing a voluntary resource that can be used by a company of any size to help understand and reduce its cyber risk…. Cybersecurity is a shared responsibility and NTCA looks forward to continuing its partnership with NIST to serve the cybersecurity needs of small communications operators.”

Jill Canfield, Vice President, Legal & Industry and Assistant General Counsel and Jesse Ward, Director, Industry & Policy Analysis, The Rural Broadband Association (NTCA) which represents nearly 850 carriers in 46 states, including small, hometown-based rural telecom providers.
April 10, 2017 – NCTA RFC Response

“We appreciate the deep expertise and the systematic collaborative approach to developing and updating the Framework that NIST has consistently demonstrated. Your changing the initial version of the draft to take into account some of the comments and suggestions submitted in 2017 is a reflection of this approach and of your commitment to working together with the industry, academia, and other stakeholders. The Cybersecurity Framework has become the foundation of cyber risk management for numerous enterprises. It has informed many decisions in cybersecurity and the broader field of cyber risk management."

Alex Krutov, President, Navigation Advisors LLC a small cyber risk analysis firm
January 19, 2018 – Navigation Advisors RFC Response

The National Restaurant Association (NRA) created and widely distributed last year the Cybersecurity 101: A Toolkit for Restaurant Operators guide that details the five functions of the framework in order to assist restaurant operators and executives in adopting an enterprise wide cybersecurity program. Further, the NRA has convened a working group of member companies to develop a cybersecurity framework for the restaurant industry, a sector-specific guidance based on the NIST framework for use by single-unit restaurant operators. More than 7 in 10 restaurants are single-unit operations. The NRA has also hosted NIST for presentations on the cyber framework during association events, including webinars and executive study groups….

National Restaurant Association's 
Cybersecurity 101: A Toolkit for Restaurant Operators 

The U.S. Chamber launched its cybersecurity roundtable series in 2014. This national initiative recommends that businesses of all sizes and sectors adopt fundamental Internet security practices, including using the framework and similar risk management tools, engaging cybersecurity providers, and partnering with law enforcement before cyber incidents occur. The Chamber is in the third year of its cybersecurity campaign….Each roundtable typically features cybersecurity principals from the White House, DHS, NIST, and local FBI and Secret Service officials.”

US Chamber of Commerce
February 9, 2016 – US Chamber of Commerce RFI Response

"One of the key findings is that the NIST Cybersecurity Framework, technically a voluntary standard from the National Institute for Standards and Technology, is becoming mandatory in some markets. Not only are many companies requiring it of their vendors for procurement, but many businesses are adopting it because it helps them run a better business. The NIST framework is the basis for BBB’s [Better Business Bureau’s] training program, “5 Steps to Better Business Cybersecurity.”

Better Business Bureau – 5 Steps to Better Business Cybersecurity

Resources related to this user group.

Created February 1, 2018, Updated September 13, 2019