Audit Report 3-03: Audit of SBA’s Implementation of its Cyber-Based Critical Infrastructure Protection Plan
On January 10, 2003, the OIG issued Audit Report 3-03, Audit of SBA’s Implementation of its Cyber-Based Critical Infrastructure Protection Plan. The OIG had two findings and issued three recommendations, of which, one was withdrawn. The OIG found that the SBA’s Cyber-Based Infrastructure Protection Plan (CIPP) was not updated or utilized to manage SBA’s infrastructure protection efforts. The OIG also found that the SBA needs to implement the CIPP requirements fully to protect SBA’s critical infrastructure, and provided five additional sub-findings.