SBA IT Modernization Reporting Act
This bill requires the Small Business Administration (SBA) to implement the recommendations from a Government Accountability Office (GAO) report published on November 6, 2024, related to modernizing the SBA's information technology systems.
Specifically, the SBA must address risks related to its certification project that allows small businesses to apply for and manage government contracting certifications. The GAO recommendations include developing a project risk management strategy and risk mitigation plan and managing cybersecurity vulnerabilities.
The SBA must submit to Congress an implementation plan for the modernization not later than 180 days after the enactment of this bill.
[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4491 Introduced in House (IH)]
<DOC>
119th CONGRESS
1st Session
H. R. 4491
To require the Administrator of the Small Business Administration to
implement certain recommendations relating to information technology
modernization, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
July 17, 2025
Mr. Cisneros (for himself and Mr. Jack) introduced the following bill;
which was referred to the Committee on Small Business
_______________________________________________________________________
A BILL
To require the Administrator of the Small Business Administration to
implement certain recommendations relating to information technology
modernization, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``SBA IT Modernization Reporting
Act''.
SEC. 2. IMPLEMENTATION OF RECOMMENDATIONS RELATING TO INFORMATION
TECHNOLOGY MODERNIZATION FOR THE SMALL BUSINESS
ADMINISTRATION.
(a) In General.--The Administrator of the Small Business
Administration, acting through the Chief Information Officer of the
Administration, shall take such actions as may be necessary to
implement the recommendations contained in the report of the
Comptroller General of the United States titled ``IT MODERNIZATION: SBA
Urgently Needs to Address Risks on Newly Deployed System'' (GAO-25-
106963; published November 6, 2024).
(b) Implementation Plan.--Not later than 180 days after the date of
the enactment of this Act, the Administrator shall submit to the
Committee on Small Business of the House of Representatives and the
Committee on Small Business and Entrepreneurship of the Senate an
implementation plan detailing the actions the Small Business
Administration will undertake to establish and implement policies and
procedures to govern information technology modernization projects of
the Administration. Such policies and procedures shall, with respect to
each project--
(1) for each risk identified, explicitly state the source
of such risk in the relevant risk documentation;
(2) clearly define risk parameters;
(3) establish and maintain risk management strategies;
(4) identify and document risks for all phases of the life
cycle;
(5) evaluate, categorize, and prioritize risks based on
defined risk parameters and develop project risk management
plans;
(6) connect measures to mitigate risk to risk mitigation
plans;
(7) require that any information technology acquisition
plan and any strategic plan contains information needed to
manage cyber risks;
(8) require that a traceability analysis is performed and
documented;
(9) require that security-related subject matter experts
are involved in selection process for contractors for a
project;
(10) develop master schedules using the guidelines
contained in the publication of the Comptroller General titled
``GAO Schedule Assessment Guide: Best Practices for Project
Schedules'' (GAO-16-89G; published December 22, 2015); and
(11) develop cost estimates using the guidelines contained
in the publication of the Comptroller General titled ``Cost
Estimating and Assessment Guide: Best Practices for Developing
and Managing Program Costs'' (GAO-20-195G; published March 12,
2020).
(c) Additional Requirements.--The implementation plan required by
this section shall include the actions required to carry out the
requirements listed in paragraphs (1) through (11) of subsection (b),
an identification of the office of the Administration responsible for
implementation, and the timelines for completion of each action.
(d) Briefing Required.--Not later than 30 days after the submission
of the implementation plan required under this section, the
Administrator shall provide to the Committee on Small Business of the
House of Representatives and the Committee on Small Business and
Entrepreneurship of the Senate a briefing on the plan.
<all>
Introduced in House
Introduced in House
Referred to the House Committee on Small Business.
Committee Consideration and Mark-up Session Held
Ordered to be Reported by the Yeas and Nays: 23 - 0.
Reported by the Committee on Small Business. H. Rept. 119-223.
Reported by the Committee on Small Business. H. Rept. 119-223.
Placed on the Union Calendar, Calendar No. 181.
Mr. Williams (TX) moved to suspend the rules and pass the bill.
Considered under suspension of the rules. (consideration: CR H4913-4914)
DEBATE - The House proceeded with forty minutes of debate on H.R. 4491.
Passed/agreed to in House: On motion to suspend the rules and pass the bill Agreed to by voice vote. (text: CR H4913-4914)
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line
On motion to suspend the rules and pass the bill Agreed to by voice vote. (text: CR H4913-4914)
Motion to reconsider laid on the table Agreed to without objection.
Received in the Senate and Read twice and referred to the Committee on Small Business and Entrepreneurship.