skip to main content

S. 3205 (116th): SECURE Small Business Act

The text of the bill below is as of Jan 16, 2020 (Introduced). The bill was not enacted into law.



2d Session

S. 3205


January 16, 2020

(for herself, Mr. Risch, and Ms. Rosen) introduced the following bill; which was read twice and referred to the Committee on Small Business and Entrepreneurship


To require the Administrator of the Small Business Administration to establish a program to assist small business concerns with purchasing cybersecurity products and services, and for other purposes.


Short title

This Act may be cited as the Strengthening and Enhancing Cybersecurity Usage to Reach Every Small Business Act or the SECURE Small Business Act.



In this Act:



The term Administrator means the Administrator of the Small Business Administration.


Covered industry sectors

The term covered industry sectors means the following industry sectors:


Accommodation and food services.






Healthcare and social assistance.


Retail and wholesale trade.


Transportation and warehousing.


Entertainment and recreation.


Finance and insurance.




Information and telecommunications.


Any other industry sector that the Administrator determines to be relevant.


Covered vendor

The term covered vendor means a vendor of cybersecurity products and services, including cybersecurity risk insurance.



The term cybersecurity means—


the art of protecting networks, devices, and data from unauthorized access or criminal use; and


the practice of ensuring the confidentiality, integrity, and availability of information.


Cybersecurity threat

The term cybersecurity threat means the possibility of a malicious attempt to infiltrate, damage, disrupt, or destroy computer networks or systems.


Small business concern

The term small business concern has the meaning given the term in section 3(a) of the Small Business Act (15 U.S.C. 632(a)).


Cybersecurity cooperative marketplace program



Not later than 180 days after the date of enactment of this Act, the Administrator, in consultation with the Director of the National Institute of Standards and Technology, shall establish a program to assist small business concerns with purchasing cybersecurity products and services.



In carrying out the program established under subsection (a), the Administrator shall—


educate small business concerns about the types of cybersecurity products and services that are specific to each covered industry sector; and


provide outreach to covered vendors and small business concerns to encourage use of the cooperative marketplace described in subsection (c).


Cooperative marketplace for purchasing cybersecurity products and services

The Administrator shall—


establish and maintain a website that—


is free to use for small business concerns and covered vendors; and


provides a cooperative marketplace that facilitates the creation of mutual agreements under which small business concerns cooperatively purchase cybersecurity products and services from covered vendors; and


determine whether each covered vendor and each small business concern that participates in the marketplace described in paragraph (1) is legitimate, as determined by the Administrator.



This section ceases to be effective on September 30, 2024.


GAO study on available Federal cybersecurity initiatives


In general

The Comptroller General of the United States shall conduct a study that identifies any improvements that could be made to Federal initiatives that—


train small business concerns how to avoid cybersecurity threats; and


are in effect on the date on which the Comptroller General commences the study.



Not later than 1 year after the date of enactment of this Act, the Comptroller General of the United States shall submit to the Committee on Small Business and Entrepreneurship of the Senate and the Committee on Small Business of the House of Representatives a report that contains the results of the study required under subsection (a).