Abstract
[Superseded by NISTIR 7621 Rev. 1 (November 2016):
https://www.nist.gov/node/1111801 ] For some small businesses, the security of their information, systems, and networks might not be a high priority, but for their customers, employees, and trading partners it is very important. The term Small Enterprise (or Small Organization) is sometimes used for this same category of business or organization. A small enterprise/organization may also be a nonprofit organization. The size of a small business varies by type of business, but typically is a business or organization with up to 500 employees. In the United States, the number of small businesses totals to over 95% of all businesses. The small business community produces around 50% of our nation s Gross National Product (GNP) and creates around 50% of all new jobs in our country. Small businesses, therefore, are a very important part of our nation s economy. They are a significant part of our nation s critical economic and cyber infrastructure. Larger businesses in the United States have been actively pursuing information security with significant resources including technology, people, and budgets for some years now. As a result, they have become a much more difficult target for hackers and cyber criminals. Consequently, the hackers and cyber criminals are now focusing their unwanted attention on less secure small businesses. Therefore, it is important that each small business appropriately secure their information, systems, and networks. This Interagency Report (IR) will assist small business management to understand how to provide basic security for their information, systems, and networks.