New Cyber Scoring Drags Down Agency FITARA Scores

The latest data on the progress of federal government agencies’ implementation of the Federal Information Technology Acquisition Reform Act (FITARA) was released on June 26 by the House Oversight and Reform Committee as Scorecard 8.0.

Although FITARA has been law since 2014, many agencies are struggling to enact its mandates which measure IT portfolio review savings and require agencies to develop a streamlined plan for acquisitions and reduce IT procurement related waste. The latest scorecard also includes a new provision for scoring cybersecurity compliance with FISMA.

The latest scorecard presents a mixed bag of relatively flat results.

While five agencies received better grades since they were last scored in December 2018, including the Departments of Agriculture (C-), Defense (C+), Justice (C-), and Treasury (C-); as well as the Nuclear Regulatory Commission (C-) – not a single agency received an overall A grade.

Eleven agencies retained the same score (either Bs or Cs), four agencies were on the fence with two scores to their names. For example, the Social Security Administration received a B+/C+ score. The latter grade is what they would have received if the Data Center Consolidation Initiative (DCCI) was considered, so we can assume the score there is bringing the overall score down.

What does this all mean?

The Federal Times reports that Suzette Kent, federal CIO at OMB said at the Committee hearing on June 26 that “she has concerns about agencies that have moved backward, but she said that some agencies have made recent changes since the scorecard.”

NextGov stresses that the addition of the cybersecurity reporting has pushed many agencies scores back down. It reports that Carol Harris, director of the IT and cybersecurity team at the Government Accountability Office told the House Committee on Oversight and Reform’s subcommittee on Government Operations that the addition of cybersecurity reporting to the scorecard “had a generally negative effect, as there were 12 agencies with either a D or an F…Only one agency, NSF, received an A, and four received a B.”

Harris also commented on the DCCI grades: “If data center grades were included, HUD and EPA’s overall grades would increase and VA and SSA’s grades would decrease.”

During the hearing, Rep. Gerry Connolly, chairman of the House Subcommittee on Government Operations, emphasized that “…federal agencies need to consolidate their data centers, in accordance with the FITARA law. He said that the word ‘optimization’ when it comes to data center consolidation is too vague, and said there needs to be ‘explicit metrics’ across the government for data center consolidation,” reports the Times.

Read more insights on the latest scorecard from NextGov and check out this easy-to-digest FITARA Dashboard from MeriTalk.