SBA Watchdog Warns of IT Security Risks, Poor Data in Contracting Goals
The Small Business Administration has made solid headway in addressing most of its 10 major management and performance challenges, but took a step backward on information technology security, its inspector general reported.
SBA also falls short in verifying data and toughening enforcement to curb the number of large companies that improperly win contracts intended for small businesses, according to a report and score card released Oct. 15.
Noting that recent governmentwide security breaches have “heightened the importance of continuously monitoring networks and software applications,” the IG and an external auditor identified IT security “weaknesses when on-boarding and separating SBA personnel,” the report said. The agency lost ground over the past year in implementing such recommendations as reporting IT security weaknesses, segregating duty controls and assuring that “access controls are in place and operating effectively, and contractors are not granted system access until they have obtained the required background investigations and/or security clearances.”