Explain The Law LogoExplain The Law Logo
Explain The Law
USA Federal Legislation Simplified

SBA Cyber Awareness Act

H.R. 3462
Dec 21, 2022
H.R. 3462
Dec 21, 2022

Summary

Makes the Small Business Administration create a yearly report for Congress about its computer security, supply chain risks, and any cyber attacks it has faced.

What problem does this solve?

The government may not have a clear picture of the Small Business Administration's computer security, especially risks from foreign-made technology. This law requires the SBA to report to Congress every year on its security plans, any cyber attacks, and its use of technology from China.

What does this law do?

Requires an annual cybersecurity report
Directs the Administrator of the Small Business Administration (SBA) to send a report to Congress every year about the agency's cybersecurity.
Creates a supply chain risk strategy
Mandates that the annual report include a plan to manage risks from foreign-made information technology, especially equipment from the People's Republic of China.
Details past cyber incidents
Requires the SBA to list all cybersecurity incidents from the previous year and explain what actions were taken to fix them.
Demands an inventory of Chinese technology
Requires the SBA to provide Congress with a detailed list of all information technology it uses that was made by a company based in the People's Republic of China.

Who does this affect?

  • Small Business Administration (SBA)
  • Small business owners
  • Information technology companies with foreign manufacturing

What is the real world impact?

Increases transparency and oversight
Forces the Small Business Administration (SBA) to be open about its cybersecurity health. This allows Congress to check if the agency is properly protecting the sensitive information of millions of American small businesses.
Addresses national security concerns
Specifically targets technology made in the People's Republic of China. This shows a focus on reducing risks from foreign governments that might use technology for spying or to create weaknesses in U.S. government systems.

When does this start?

This law sets specific deadlines for the Small Business Administration to submit reports to Congress.
First Annual Cybersecurity Report
The first annual cybersecurity report must be submitted to Congress within 180 days of the law being passed.
Report on Chinese-Made Technology
A detailed account of all technology used by the SBA that was made in China is due to Congress within one year of the law being passed.