Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
This page is no longer being updated and the information may be out of date.
CSF 1.1 Small and Medium Business Resources
General |
Critical Infrastructure |
SMB |
International |
Federal |
Assessment & Auditing |
SLTT |
Academia |
Below is a listing of publicly available Framework resources relevant to Small and Medium-sized businesses. For additional information about cybersecurity resources for small businesses, please visit the NIST Small Business Cybersecurity Corner.
- Cybersecurity and Infrastructure Security Agency's SMB Resources Map (11x17 trifold brochure)
- MEP National Network Cybersecurity Assessment Tool
- NIST's NISTIR 7621 Rev. 1: Small Business Information Security: The Fundamentals
(Fundamentals of a small business information security program presented in non-technical language.) - NIST’s Roadmap for Improving Critical Infrastructure Cybersecurity Version 1.1
- NTCA’s Sector-Specific Guide for Small Network Service Providers
- Securities Industry and Financial Markets Association’s Small Firms Cybersecurity Guidance: How Small Firms Can Better Protect Their Business (A guide to provide information applicable to small firms and supportive of their overall business model to increase their security and ensure the protection of their customers.)
- The Global Cyber Alliance's (GCA) Cybersecurity Toolkit for Small Business
(Use the GCA Cybersecurity Toolkit to assess your security posture, implement free tools, find practical tips, and use free resources and guides to improve your company’s cybersecurity readiness and response.) - The Healthcare and Public Health Sector Coordinating Council’s (HSCC) Health Industry Cybersecurity Supply Chain Risk Management Guide (HIC-SCRiM)
(A toolkit for providing actionable guidance and practical tools for organizations to manage cybersecurity risks.) - The National Cybersecurity Society’s (NCSS) Cybersecurity Assessment and Resiliency Evaluation for Small Business (CARES)
(A free assessment methodology for small business.) - The Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR)’s SRA Tool
(A tool designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program.) - Threat Sketch’s Cybersecurity: A Business Solution
Created February 7, 2018, Updated February 26, 2024