The Government Accountability Office has called on the Small Business Administration’s Office of the Chief Information Officer to address 20 open recommendations, all of which fall under areas considered high-risk.
In a letter sent to SBA CIO Hartley Caldwell, GAO said fully implementing the recommendations would improve agency cybersecurity and enhance management of critical systems.
Hear about the next evolution of cyber, user experience and enterprise IT from top officials at the Potomac Officers Club’s 2026 Digital Transformation Summit on April 22. Do not miss your chance to engage with GovCon industry leaders and learn from experts during panel discussions. Purchase your tickets today.
What Issues Require CIO Attention?
GAO identified actions tied to the CIO’s responsibilities in strategic planning, investment oversight and information security. Of the 20 open recommendations, four are designated as priority items.
In one recommendation, the congressional watchdog urged SBA to fully establish a process for privacy workforce management.
GAO also reported that the agency has not yet defined how its senior privacy official will participate in assessing hiring, training and professional development needs. Without this involvement, GAO said SBA may be limited in identifying staffing gaps and strengthening its privacy workforce.
The letter also cited gaps in how SBA manages IT resources, limiting its ability to identify problems early and reduce potential impacts. The watchdog recommended that SBA develop a project risk management strategy and mitigation plan for the Unified Certification Platform.
Additional recommendations call for SBA to complete annual reviews of its portfolio and address duplication risks. GAO also noted open recommendations from the SBA Inspector General and the agency’s independent financial statement auditor, including findings related to cybersecurity requirements under the Federal Information Security Modernization Act of 2014 and deficiencies in IT controls.
GAO said it will continue coordinating with SBA as the agency works to address the outstanding recommendations
