Stronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business Week

Credit: SBA

Happy National Small Business Week! For over 60 years, the U.S. Small Business Administration has led this initiative to acknowledge the critical contributions of America’s entrepreneurs and small business owners. Part of the U.S. Department of Commerce, NIST’s mission is to drive U.S. innovation and global competitiveness, and the small business community is central to this mission. In this year’s blog, we shine a spotlight on some new and upcoming NIST resources that are all focused on strengthening the cybersecurity and resilience of the nation’s small business community.

Build Your Small Business’ Cybersecurity Team

A key component of managing and reducing cybersecurity risks and integrating good cybersecurity practices throughout your business is making sure you have a cybersecurity-ready team. But what does that, or can that, look like? The composition of this team will vary based upon your budget, current staff capabilities, risk level, cybersecurity or privacy requirements, etc., and can vary from a single in-house cybersecurity role (e.g., hiring new staff or upskilling existing), to an entire internal cybersecurity team, to external vendor or community support—or a mix of all the above.

There are three opportunities to explore this topic in more depth, including:

• Visit the new NIST Small Business Cybersecurity Corner page, Building Your Team.
• Join the next NIST small business cybersecurity webinar on May 5, 2026, for a panel discussion with experts sharing perspectives and strategies for building small business cybersecurity teams.
• Attend our breakout session, “Building Small Business Cybersecurity Teams: From In-House to Outsourcing,” on Tuesday, June 2 from 1:30-2:15 p.m. at the 2026 NICE Conference and Expo.

Learn from NIST’s Cybersecurity Supply Chain Risk Management Team

NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide NIST’s work and assist NIST in addressing the cybersecurity needs of the small business community. The next call is scheduled June 10, 2026, from 2:00-3:00pm EDT. A guest speaker from NIST’s Cybersecurity Supply Chain Risk Management team will provide an overview of their resources and engage in Q&A. After the guest speaker, attendees will receive updates on NIST’s small business cybersecurity program and will engage in general discussion. Register Here.

Strengthening Cybersecurity for Solopreneurs

According to the U.S. Small Business Administration Office of Advocacy, there are 34.8 million small businesses in the United States. Of those, 81.9% have no paid employees other than the owner or owners—termed “non-employer firms.” These include sole proprietors, freelancers, single-member limited liability companies (LLCs), independent contractors, gig economy workers, and others. NIST Cybersecurity White Paper (CSWP) 50 Initial Public Draft (IPD), Small Business Cybersecurity: Non-Employer Firms, helps small firms with no employees and with minimal IT complexity use the NIST Cybersecurity Framework 2.0 to manage their cybersecurity risks. The public comment period closes May 14, 2026. CSWP 50 was initially published in 2009 as NIST IR 7621, Small Business Information Security: The Fundamentals.

Helping SMBs Do Business Internationally

The NIST SMB cybersecurity program, in collaboration with the U.S. Department of State and the International Trade Administration, regularly engages with the international business community to share NIST’s work. Efforts like this help to improve communication about cybersecurity within globally distributed supply chains, improves the United States’ ability to export to and do business with international companies, and more broadly promotes NIST’s foundational cybersecurity and privacy guidelines and resources to stakeholders around the globe. A few recent examples include:

• On March 10, 2026, we provided an overview of the NIST CSF 2.0 to member companies of the Nepal Association for Software and IT Services Companies (NASIT).
• On April 1, 2026, we presented CSF 2.0 and cybersecurity governance basics on a “Digital Technologies Series” hosted by the U.S. Department of Commerce’s Special American Business Internship Training (SABIT) Program for small and medium-sized business leaders from Eurasia.

In Case You Missed It

• Protecting Controlled Unclassified Information (CUI): Our January 20, 2026, webinar provided an overview of the NIST Special Publication (SP) 800-171, Revision 3 Small Business Primer, to help small and medium-sized businesses understand and implement security requirements for protecting CUI. View the recording and Q&A summary on the event page. There are plans to create a small business primer for NIST SP 800-171Ar3. If you have suggestions or ideas you’d like to share with the team, email smallbizsecurity [at] nist.gov (smallbizsecurity[at]nist[dot]gov) with the subject: “NIST SP 800-171A Small Business Primer.”
• Resources for Ransomware Risk Management: On January 23, 2026, experts from NIST, the Center for Internet Security (CIS), and the Institute for Security and Technology (IST) provided an overview of available ransomware risk management resources to help organizations get started with ransomware risk management by establishing foundational safeguards and building from there. View the recording and slides on the event page. 
  
  View more ransomware resources on the NIST Small Business Cybersecurity Corner.

Please take a moment to celebrate the small businesses in your community this National Small Business Week (and all year long!). And, as always, if you have questions for the NIST Small Business Cybersecurity team, please do not hesitate to reach out.