[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 10119 Introduced in House (IH)]
<DOC>
118th CONGRESS
2d Session
H. R. 10119
To require the Administrator of the Small Business Administration to
implement certain recommendations relating to information technology
modernization, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
November 13, 2024
Ms. Velazquez introduced the following bill; which was referred to the
Committee on Small Business
_______________________________________________________________________
A BILL
To require the Administrator of the Small Business Administration to
implement certain recommendations relating to information technology
modernization, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``SBA IT Modernization Reform Act of
2024''.
SEC. 2. IMPLEMENTATION OF RECOMMENDATIONS RELATING TO INFORMATION
TECHNOLOGY MODERNIZATION FOR THE SMALL BUSINESS
ADMINISTRATION.
(a) In General.--The Administrator of the Small Business
Administration, acting through the Chief Information Officer of the
Administration, shall take such actions as may be necessary to
implement the recommendations contained in the report of the
Comptroller General of the United States titled ``IT MODERNIZATION: SBA
Urgently Needs to Address Risks on Newly Deployed System'' (GAO-25-
106963).
(b) Implementation Plan.--Not later than 180 days after the date of
the enactment of this Act, the Administrator shall submit to the
Committee on Small Business of the House of Representatives and the
Committee on Small Business and Entrepreneurship of the Senate an
implementation plan detailing the actions the Small Business
Administration will undertake to establish and implement policies and
procedures to govern information technology modernization projects of
the Administration. Such policies and procedures shall, with respect to
each project--
(1) for each risk identified, explicitly state the source
of such risk in the relevant risk documentation;
(2) clearly define risk parameters;
(3) establish and maintain risk management strategies;
(4) identify and document risks for all phases of the life
cycle;
(5) evaluate, categorize, and prioritize risks based on
defined risk parameters and develop project risk management
plans;
(6) connect measures to mitigate risk to risk mitigation
plans;
(7) require that any information technology acquisition
plan and any strategic plan contains information needed to
manage cyber risks;
(8) require that a traceability analysis is performed and
documented;
(9) require that security-related subject matter experts
are involved in selection process for contractors for a
project;
(10) develop master schedules using the guidelines
contained in the publication of the Comptroller General titled
``GAO Schedule Assessment Guide: Best Practices for Project
Schedules'' (GAO-16-89G; published December 22, 2015); and
(11) develop cost estimates using the guidelines contained
in the publication of the Comptroller General titled ``Cost
Estimating and Assessment Guide: Best Practices for Developing
and Managing Program Costs'' (GAO-20-195G; published March 12,
2020).
(c) Additional Requirements.--The implementation plan required by
this section shall include the actions required to carry out the
requirements listed in paragraphs (1) through (11) of subsection (b),
an identification of the office of the Administration responsible for
implementation, and the timelines for completion of each action.
(d) Briefing Required.--Not later than 30 days after the submission
of the implementation plan required under this section, the
Administrator shall provide to the Committee on Small Business of the
House of Representatives and the Committee on Small Business and
Entrepreneurship of the Senate a briefing on the plan.
<all>