On September 27, 2007, the OIG issued Audit Report 7-31, Audit of E-Application System. The E-Application system is an internet-based system that processes applications for the 8(a) and Small Disadvantaged Business (SDB) certification programs. The objectives of this audit were to determine whether: (1) data stored in the E-Application system complies with applicable laws, rules, and regulations governing the security of government data and Personally Identifiable information (PII); and (2) controls over data transfer between E-Application and SBA’s Electronic 8(a) review system are sufficient to ensure the complete and accurate transfer of information.
The OIG found that the system’s security safeguards over sensitive government data were inadequate and did not meet Federal Information Security Management Act (FISMA), Federal Information Processing Standards (FIPS), or National Institute of Standards and Technology (NIST). System controls were also insufficient to ensure the complete and accurate transfer of information from E-Application to SBA’s Electronic 8(a) Review System.