Small Business Cybersecurity Assistance Evaluation Act of 2026
Summary
What This Bill Does
The Small Business Cybersecurity Assistance Evaluation Act of 2026 requires the Comptroller General to study federal cybersecurity initiatives, programs, resources, tools, and services intended to help small business owners identify cyber risks, assess preparedness, mitigate and recover from cyberattacks, address scams and fraud, and find capital for cybersecurity work. The study must identify common cyberattacks affecting small firms, describe federal resources, assess awareness and use, evaluate coordination and integration, judge effectiveness, identify missing foundational cybersecurity concepts, and recommend improvements.
The GAO report must go to the House and Senate small-business committees. A separate CUTGO section says no additional amounts are authorized to carry out the Act, so agencies must absorb the study work within existing resources.
Who Benefits and How
Small business owners benefit from a federal review focused on whether existing cybersecurity help is visible, usable, and effective. GAO auditors benefit from a clear study mandate. Congressional small-business committees benefit from recommendations on coordination, awareness, and capital access. Federal cybersecurity program managers benefit from an evidence base on gaps in existing tools. Small firms targeted by scams and social engineering benefit if federal resources are improved after the study.
Who Bears the Burden and How
GAO must perform the study and write the report without new authorization of funds. Federal cybersecurity initiative managers must provide information on programs, tools, awareness, and effectiveness. SBA and other agencies may have to respond to coordination findings. Small business outreach offices may face pressure to improve awareness. Existing agency budgets must absorb implementation costs.
Key Provisions
- Requires GAO to study federal cybersecurity assistance for small businesses.
- Requires assessment of awareness, use, coordination, effectiveness, and missing foundational cybersecurity concepts.
- Directs recommendations to improve federal cybersecurity resources for small firms.
- Requires the report to go to House and Senate small-business committees.
- Bars additional funding authorization for carrying out the Act.
Evidence Chain:
This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers with clause-level evidence links.
At a Glance
What This Bill Does
Requires GAO to study federal cybersecurity initiatives for small businesses, including awareness, use, coordination, effectiveness, missing foundational concepts, capital access, and recommendations, while authorizing no additional funding.
Key Policy Areas
Small Business, Cybersecurity, GAO, Federal Programs
Primary Purpose
Requires GAO to study federal cybersecurity initiatives for small businesses, including awareness, use, coordination, effectiveness, missing foundational concepts, capital access, and recommendations, while authorizing no additional funding.
Policy Domains
House resolution provisions
Identified Gains
- Small business owners
- GAO auditors
- Congressional small business committees
- Federal cybersecurity program managers
- Small firms targeted by scams
Identified Costs
- GAO
- Federal cybersecurity initiative managers
- SBA cybersecurity staff
- Small business outreach offices
- Existing agency budgets
Sponsors
Legislative Progress
ReportedPlaced on the Union Calendar, Calendar No. 592.
Reported by the Committee on Small Business. H. Rept. 119-679.
Committed to the Committee of the Whole House on the …
Ordered to be Reported by the Yeas and Nays: 23 …
Committee Consideration and Mark-up Session Held
Ms. Simon (for herself and Mr. Bresnahan) introduced the following …
Introduced in House
Referred to the House Committee on Small Business.
Stakeholder Effects
cui bono?How this legislation distributes effects. Mention counts reflect frequency, not effect magnitude.
Congressional small business committees, Existing agency budgets, GAO
Positive-direction: Congressional small business committees
Negative-direction: Existing agency budgets, GAO, GAO auditors
Federal cybersecurity program managers, Small firms targeted by scams
Positive-direction: Small firms targeted by scams
Negative-direction: Federal cybersecurity program managers
Bill Structure & Actor Mappings
Who is "The Secretary" in each section?
- "gao"
- → Government Accountability Office
We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.
Learn more about our methodology