Advisory Memorandum A1-06: SBA’s Computer Security Program
Date Issued: Friday, September 28, 2001
Report Number: A1-06

On September 28, 2001, the OIG issued Advisory Memorandum A1-06, SBA’s Computer Security Program.  The objective of this review was to evaluate the SBA’s computer security program and assess management controls over safeguarding of information in accordance with Government Information Security Reform Act (GISRA) requirements.  While the SBA generally maintained a satisfactory information security program, the OIG found that vulnerabilities continued to exist in computer security testing, computer security program monitoring, system access controls, and disaster recovery and contingency planning.  The OIG made 12 recommendations to address four findings.