HR4491-119

Passed House

SBA IT Modernization Reporting Act

119th Congress Introduced Jul 17, 2025

Summary

What This Bill Does

The SBA IT Modernization Reporting Act responds to GAO report GAO-25-106963, titled IT MODERNIZATION: SBA Urgently Needs to Address Risks on Newly Deployed System, published November 6, 2024. It requires the Small Business Administration Administrator, acting through the SBA Chief Information Officer, to take the actions necessary to implement that report's recommendations. Within 180 days after enactment, SBA must send the House Small Business Committee and Senate Small Business and Entrepreneurship Committee an implementation plan for policies and procedures governing SBA information technology modernization projects.

The plan must cover 11 specific policy areas for each IT modernization project. SBA must document the source of each identified risk, define risk parameters, maintain risk-management strategies, identify and document risks through all life-cycle phases, evaluate and prioritize risks using defined parameters, connect mitigation measures to mitigation plans, include cyber-risk management information in IT acquisition plans and strategic plans, perform and document traceability analysis, involve security-related subject-matter experts in contractor selection, build master schedules using GAO's Schedule Assessment Guide, and build cost estimates using GAO's Cost Estimating and Assessment Guide. The implementation plan must identify the responsible SBA office and timelines for each action, and SBA must brief the committees within 30 days after submitting the plan.

Who Benefits and How

Small businesses relying on SBA loan systems, disaster-assistance applicants, SBA lenders using agency technology, SBA program offices depending on modernized IT, congressional oversight staff, federal IT accountability advocates, cybersecurity subject-matter experts, IT modernization contractors, schedule-estimation specialists, cost-estimation specialists, and risk-management consultants benefit because the bill forces SBA to translate GAO findings into project-level controls, public timelines, responsible offices, and congressional briefings.

Who Bears the Burden and How

The Small Business Administration, SBA Administrator, SBA Chief Information Officer, SBA IT modernization project managers, SBA cybersecurity staff, SBA acquisition officials, SBA contractor-selection officials, SBA risk-management staff, SBA schedule managers, SBA cost-estimation staff, IT contractors providing services to SBA, House Small Business Committee staff, and Senate Small Business and Entrepreneurship Committee staff must comply with risk documentation, cyber-risk planning, traceability analysis, security-expert participation, GAO schedule and cost guides, responsible-office assignments, timelines, and congressional briefing requirements.

Key Provisions

  • Requires SBA to implement GAO's November 2024 IT modernization recommendations.
  • Requires a 180-day implementation plan for SBA IT modernization policies and procedures.
  • Requires explicit risk-source documentation, risk parameters, life-cycle risk tracking, prioritization, and mitigation-plan links.
  • Requires IT acquisition and strategic plans to include information needed to manage cyber risks.
  • Requires traceability analysis and security subject-matter expert involvement in contractor selection.
  • Requires master schedules using GAO Schedule Assessment Guide practices and cost estimates using GAO Cost Estimating and Assessment Guide practices.
  • Requires SBA to identify responsible offices, timelines, and a congressional briefing within 30 days after the implementation plan.

Evidence Chain:

This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers with clause-level evidence links.

At a Glance

What This Bill Does

Requires SBA to implement GAO's November 2024 IT modernization recommendations, establish detailed risk-management, cybersecurity, scheduling, contractor-selection, traceability, and cost-estimation policies for IT modernization projects, submit a 180-day implementation plan, and brief Congress within 30 days after the plan.

Key Policy Areas

Small Business Administration, Information Technology, Government Oversight, Cybersecurity

Primary Purpose

Requires SBA to implement GAO's November 2024 IT modernization recommendations, establish detailed risk-management, cybersecurity, scheduling, contractor-selection, traceability, and cost-estimation policies for IT modernization projects, submit a 180-day implementation plan, and brief Congress within 30 days after the plan.

Policy Domains

Small Business Administration Information Technology Government Oversight Cybersecurity

Substantive provisions

Identified Gains
  • Small businesses relying on SBA loan systems
  • Disaster-assistance applicants
  • SBA lenders using agency technology
  • SBA program offices depending on modernized IT
  • Congressional oversight staff
  • Federal IT accountability advocates
  • Cybersecurity subject-matter experts
  • IT modernization contractors
  • Schedule-estimation specialists
  • Cost-estimation specialists
  • Risk-management consultants
Model: codex-gpt-5 | Version: bill_summary_v2 | Source: ih
Cost-estimation specialists:
Risk-management consultants:
IT modernization contractors:
Congressional oversight staff:
Disaster-assistance applicants:
Schedule-estimation specialists:
Federal IT accountability advocates:
SBA lenders using agency technology:
Cybersecurity subject-matter experts:
Small businesses relying on SBA loan systems:
SBA program offices depending on modernized IT:
Identified Costs
  • Small Business Administration
  • SBA Administrator
  • SBA Chief Information Officer
  • SBA IT modernization project managers
  • SBA cybersecurity staff
  • SBA acquisition officials
  • SBA contractor-selection officials
  • SBA risk-management staff
  • SBA schedule managers
  • SBA cost-estimation staff
  • IT contractors providing services to SBA
  • House Small Business Committee staff
  • Senate Small Business and Entrepreneurship Committee staff
Model: codex-gpt-5 | Version: bill_summary_v2 | Source: ih
SBA Administrator:
SBA schedule managers:
SBA cybersecurity staff:
SBA acquisition officials:
SBA cost-estimation staff:
SBA risk-management staff:
SBA Chief Information Officer:
Small Business Administration:
SBA contractor-selection officials:
House Small Business Committee staff:
SBA IT modernization project managers:
IT contractors providing services to SBA:
Senate Small Business and Entrepreneurship Committee staff:

Legislative Progress

Passed House
Introduced Committee Passed
Dec 2, 2025

Received; read twice and referred to the Committee on Small …

Dec 2, 2025

Received in the Senate and Read twice and referred to …

Dec 2, 2025 (inferred)

Passed House (inferred from eh version)

Dec 1, 2025

Mr. Williams (TX) moved to suspend the rules and pass …

Dec 1, 2025

Motion to reconsider laid on the table Agreed to without …

Dec 1, 2025

On motion to suspend the rules and pass the bill …

Dec 1, 2025

Passed/agreed to in House: On motion to suspend the rules …

Dec 1, 2025

DEBATE - The House proceeded with forty minutes of debate …

Dec 1, 2025

Considered under suspension of the rules. (consideration: CR H4913-4914)

Aug 15, 2025

Committed to the Committee of the Whole House on the …

Stakeholder Effects

cui bono?

How this legislation distributes effects. Mention counts reflect frequency, not effect magnitude.

Government
21 mentions across 3 clauses
+6 positive -15 negative

House Small Business Committee staff, SBA Chief Information Officer, SBA IT modernization project managers

Positive-direction: House Small Business Committee staff, Senate small-business committee staff

Negative-direction: SBA Chief Information Officer, SBA IT modernization project managers, SBA contractor-selection officials, SBA cybersecurity staff, Small Business Administration

Small Business
6 mentions across 3 clauses
+6 positive

Disaster-assistance applicants, Small businesses relying on SBA loan systems

Financial Services
3 mentions across 3 clauses
+3 positive

SBA lenders using agency technology

Professional Services
3 mentions across 3 clauses
+3 positive

IT modernization contractors

Technology
3 mentions across 3 clauses
+3 positive

Cybersecurity subject-matter experts

1/2
sections analyzed
Full impact breakdown

Bill Structure & Actor Mappings

Who is "The Secretary" in each section?

Domains
Small Business Administration Information Technology Government Oversight Cybersecurity
Actor Mappings
"cio"
→ Small Business Administration Chief Information Officer
"sba"
→ Small Business Administration
"gao_report"
→ GAO-25-106963 IT modernization report

We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.

Learn more about our methodology