Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NISTIR 7621 Rev. 1 (DRAFT)

Small Business Information Security: the Fundamentals

Date Published: December 2014
Comments Due: February 9, 2015 (public comment period is CLOSED)
Email Questions to:

Withdrawn: November 03, 2016


Richard Kissel (NIST), Hyunjeong Moon (NIST)


NIST, as a partner with the Small Business Administration and the Federal Bureau of Investigation in an information security awareness outreach to the small business community, developed this NISTIR as a reference guideline for small businesses. This document is intended to present the fundamentals of a small business information security program in non-technical language.



small business information security; cybersecurity fundamentals
Control Families

Access Control; Awareness and Training; Configuration Management; Contingency Planning; Identification and Authentication; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; System and Communications Protection; System and Information Integrity; System and Services Acquisition;


Draft NISTIR 7621 Rev. 1

Supplemental Material:
None available


Security and Privacy
awareness training & education; planning

small & medium business