The Government Accountability Office has called on the Small Business Administration’s Office of the Chief Information Officer to address 20 open recommendations, all of which fall under areas considered high-risk.
In a letter sent to SBA CIO Hartley Caldwell, GAO said fully implementing the recommendations would improve agency cybersecurity and enhance management of critical systems.
Hear about the next evolution of cyber, user experience and enterprise IT from top officials at the Potomac Officers Club’s 2026 Digital Transformation Summit on April 22. Do not miss your chance to engage with GovCon industry leaders and learn from experts during panel discussions. Purchase your tickets today.
What Issues Require CIO Attention?
GAO identified actions tied to the CIO’s responsibilities in strategic planning, investment oversight and information security. Of the 20 open recommendations, four are designated as priority items.
In one recommendation, the congressional watchdog urged SBA to fully establish a process for privacy workforce management.
GAO also reported that the agency has not yet defined how its senior privacy official will participate in assessing hiring, training and professional development needs. Without this involvement, GAO said SBA may be limited in identifying staffing gaps and strengthening its privacy workforce.
The letter also cited gaps in how SBA manages IT resources, limiting its ability to identify problems early and reduce potential impacts. The watchdog recommended that SBA develop a project risk management strategy and mitigation plan for the Unified Certification Platform.
Additional recommendations call for SBA to complete annual reviews of its portfolio and address duplication risks. GAO also noted open recommendations from the SBA Inspector General and the agency’s independent financial statement auditor, including findings related to cybersecurity requirements under the Federal Information Security Modernization Act of 2014 and deficiencies in IT controls.
GAO said it will continue coordinating with SBA as the agency works to address the outstanding recommendations
Related Articles
The U.S. Army has appointed Eric Moore, a 40-year veteran of military and federal service, as acting director of the Combat Capabilities Development Command, or DEVCOM, Army Research Laboratory, or ARL. Attend the Potomac Officers Club’s 2026 Army Summit on June 18 and hear top officials discuss the service’s modernization and strategic priorities. Secure your spot today! In this capacity, Moore oversees the service’s technical experts across quantum computing, biotechnology, energy sciences, materials, human performance and other scientific areas, the Army said Tuesday. Who Is Eric Moore? Moore previously served as deputy to the commanding general at DEVCOM headquarters, directing
Scientists at the Naval Information Warfare Center, or NIWC, Pacific in San Diego are advancing research on quantum-enhanced fiber optic gyroscopes, or FOGs, to improve precision navigation for the U.S. Navy, DVIDS reported Monday. NIWC Pacific’s advancements in quantum-enhanced FOGs highlight the growing role of quantum technologies in defense. To dive deeper into these innovations, a panel discussion titled “Securing the Quantum Edge” will take place at the Potomac Officers Club’s 2026 Defense R&D Summit on Jan. 29. Sign up today to join the conversation and learn how quantum technologies are shaping the future of defense. The research team is
The Defense Logistics Agency is advancing efforts to attract emerging companies and streamline internal practices through its Tech Accelerator Team, Federal News Network reported Tuesday. A panel discussion full of subject matter experts at Potomac Officers Club’s 2026 Defense R&D Summit will tackle the critical subject of bridging the technology valley of death. Register now for this essential Jan. 29 GovCon networking event! How Is DLA Engaging New Commercial Partners? In an interview, David Koch, the director of research and development at DLA, said the Tech Accelerator Team was established to identify commercial technologies from non-traditional companies to address agency