A Small Business Administration project aimed at easing the process of applying for and maintaining contracting certifications could face elevated risks of vulnerabilities due to the agency not fully implementing various security protocols, according to a new watchdog report.
The Government Accountability Office said the SBA doesn’t have a cybersecurity risk management plan for its Unified Certification Platform (UCP) project, which was launched earlier this year to allow small businesses to more efficiently interact with the agency’s contracting assistance programs.
The certification platform also “didn’t trace design elements of the new system to related cybersecurity requirements,” the GAO reported, adding that those “gaps increase the risk of security vulnerabilities.”
The SBA began its online certification portal project in 2023 with an eye on a September 2024 launch. Despite protests from a pair of Republican lawmakers — and reservations from the GAO — the agency announced a pause on accepting new applications for certification, effective Aug. 1, until the new system was ready for deployment.
That day arrived Oct. 18, but…
