U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

NISTIR 7621 Rev. 1

Small Business Information Security: The Fundamentals

Date Published: November 2016

Supersedes: NISTIR 7621 (10/01/2009)


Celia Paulsen (NIST), Patricia Toth (NIST)



cybersecurity; fundamentals  ; ; information security; small business
Control Families

Access Control; Awareness and Training; Configuration Management; Contingency Planning; Identification and Authentication; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; System and Communications Protection; System and Information Integrity; System and Services Acquisition


NISTIR 7621 Rev. 1 (DOI)
Local Download

Supplemental Material:
Press Release (other)
"Ignoring Cybersecurity is Risky Business" (blog post) (other)

Related NIST Publications:
ITL Bulletin

Document History:
11/03/16: NISTIR 7621 Rev. 1 (Final)


Security and Privacy
awareness training & education; planning

small & medium business