Congress is cracking down on the Small Business Administration’s (SBA) lagging IT modernization efforts via new legislation introduced by a bipartisan pair of House members who want to push the agency to upgrade its IT systems.
Introduced late last week by Reps. Gil Cisneros, D-Calif., and Brian Jack, R-Ga., the SBA IT Modernization Reporting Act of 2025 would require SBA to address outstanding recommendations by the Government Accountability Office (GAO) provided in a 2024 report, which included that the agency provide Congress with detailed implementation plans and briefing on modernization efforts.
“The SBA has a duty to serve the small businesses of America, quickly and efficiently,” said Rep. Cisneros in a statement. “I worked across the aisle with Rep. Jack to introduce this common-sense, bipartisan legislation that upgrades the Small Business Administration’s IT practices, ensuring the agency can keep pace with the needs of today’s small businesses.”
GAO’s report reviewed the agency’s efforts to build a Unified Certification Platform to “help address shortcomings with the systems supporting the certification of small businesses for its contracting assistance programs,” by creating a streamlined IT platform to improve the agency’s management.
The report made 14 recommendations to SBA and called on the agency to “expeditiously” address critical risk management and cybersecurity vulnerabilities, while assessing risks before authorizing system operations.
The new legislation follows other efforts to get SBA on track with tech upgrades. A similar bill from Rep. Nydia Velázquez, D-N.Y., aimed to require the SBA administrator to submit a report to Congress, but that measure failed to make it out of committee in the last Congress.
A letter from Sen. Joni Ernst, R-Iowa, sent to President Donald Trump in January, asked the president to place a stronger chief information officer (CIO) at the helm of SBA to improve its IT and cybersecurity functions.
The latest legislation directs the SBA administrator to deliver plans to the Senate and House Small Business committees within 180 days that outline actions the agency will “undertake to establish and implement policies and procedures to govern information technology modernization projects of the Administration.”
A key component of the plan would involve implementing robust risk management practices, including clearly identifying the source of each risk, defining the parameters for evaluating risk, and documenting risks throughout all phases of a project’s life cycle.
SBA must also prioritize and categorize risks based on these defined parameters and connect mitigation strategies directly to formal risk mitigation plans. Cybersecurity concerns also must be addressed by ensuring that IT acquisition and strategic planning documents incorporate detailed information for managing cyber risks.
“I’m proud to support this bipartisan legislation that will allow the Small Business Administration to continue doing what it does best – supporting the entrepreneurs and job creators who are the backbone of our communities,” said Rep. Jack in a statement. “By strengthening and streamlining SBA operations, this bill ensures more small businesses can access the tools, resources, and support they need to grow, hire, and continue to thrive.”