

116 HR 5669 IH: Strengthening and Enhancing Cybersecurity Usage to Reach Every Small Business Act
U.S. House of Representatives
2020-01-24
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



I116th CONGRESS2d SessionH. R. 5669IN THE HOUSE OF REPRESENTATIVESJanuary 24, 2020Ms. Finkenauer (for herself and Mr. Joyce of Pennsylvania) introduced the following bill; which was referred to the Committee on Small BusinessA BILLTo require the Administrator of the Small Business Administration to establish a program to assist
			 small business concerns with purchasing cybersecurity products and
			 services, and for other purposes.
	
 1.Short titleThis Act may be cited as the “Strengthening and Enhancing Cybersecurity Usage to Reach Every Small Business Act” or the “SECURE Small Business Act”. 2.Cybersecurity cooperative marketplace program (a)EstablishmentNot later than 180 days after the date of the enactment of this Act, the Administrator of the Small Business Administration, in consultation with the Director of the National Institute of Standards and Technology, shall establish a program to assist small business concerns with purchasing cybersecurity products and services.
 (b)DutiesIn the program established under subsection (a), the Administrator shall do the following: (1)Educate small business concerns about the types of cybersecurity products and services that are specific to each covered industry sector.
 (2)Provide outreach to covered vendors and small business concerns to encourage use of the cooperative marketplace described in subsection (c).
 (c)Cooperative marketplace for purchasing cybersecurity products and servicesThe Administrator shall— (1)establish and maintain a website that—
 (A)is free to use for small business concerns and covered vendors; and (B)provides a cooperative marketplace that facilitates the creation of mutual agreements under which small business concerns cooperatively purchase cybersecurity products and services from covered vendors; and
 (2)determine whether each covered vendor and each small business concern that participates in the marketplace described in this subsection is legitimate, as determined by the Administrator.
 (d)SunsetThis section ceases to be effective on September 30, 2024. 3.GAO study on available Federal cybersecurity initiatives (a)In generalThe Comptroller General of the United States shall conduct a study that identifies any improvements that could be made to Federal initiatives that—
 (1)train small business concerns how to avoid cybersecurity threats; and (2)are in effect on the date on which the Comptroller General commences the study.
 (b)ReportNot later than 1 year after the date of the enactment of this Act, the Comptroller General shall submit to the Committee on Small Business and Entrepreneurship of the Senate and the Committee on Small Business of the House of Representatives a report that contains the results of the study required under subsection (a).
 4.DefinitionsIn this Act: (1)AdministratorThe term Administrator means the Administrator of the Small Business Administration.
 (2)Covered industry sectorThe term covered industry sector means the following industry sectors: (A)Accommodation and food services.
 (B)Agriculture. (C)Construction.
 (D)Healthcare and social assistance. (E)Retail and wholesale trade.
 (F)Transportation and warehousing. (G)Entertainment and recreation.
 (H)Finance and insurance. (I)Manufacturing.
 (J)Information and telecommunications. (K)Any other industry sector the Administrator determines to be relevant.
 (3)Covered vendorThe term covered vendor means a vendor of cybersecurity products and services, including cybersecurity risk insurance. (4)CybersecurityThe term cybersecurity means—
 (A)the art of protecting networks, devices, and data from unauthorized access or criminal use; and (B)the practice of ensuring confidentiality, integrity, and availability of information.
 (5)Cybersecurity threatThe term cybersecurity threat means the possibility of a malicious attempt to infiltrate, damage, disrupt, or destroy computer networks or systems.
 (6)Small business concernThe term small business concern has the meaning given under section 3(a) of the Small Business Act (15 U.S.C. 632(a)). 