The legislation mandates the Administrator of the Small Business Administration (SBA) to implement recommendations for information technology modernization.
The recommendations are based on a report from the Comptroller General regarding risks associated with newly deployed systems at the SBA.
An implementation plan must be submitted within 180 days of the legislation’s enactment, detailing actions for governing IT modernization projects.
The plan must address specific risk management strategies, including:
Identifying sources of risks and defining risk parameters.
Establishing and maintaining risk management strategies.
Documenting risks throughout the project lifecycle.
Evaluating and prioritizing risks based on defined parameters.
Connecting mitigation measures to risk management plans.
Ensuring IT acquisition and strategic plans include cyber risk management information.
Performing traceability analyses.
Involving security experts in contractor selection.
Developing master schedules and cost estimates following best practice guidelines from the Comptroller General.
The implementation plan must identify responsible offices and timelines for each action.
A briefing on the implementation plan is required within 30 days of its submission to relevant congressional committees.