Get the Latest FITARA Scorecard: Sales Opportunities and Key Takeaways

Federal Pain Points and IT Requirements

The latest Federal Information Technology Acquisition Reform Act (FITARA) Scorecard, released in December 2021, highlights how federal agencies are faring across several areas related to IT modernization. The full breakdown from the scorecard is available here. These scorecards are useful to identify where government agencies are struggling and where they are doing well. Consequently, technology vendors and channel partners can use them as a guide for identifying what solutions their customers need. Let’s discuss some of the key areas where agencies scored the lowest, and as a result, where they need the most help supporting major IT initiatives.

Department of Defense

The Department of Defense (DoD) received failing grades for the agencies chief information officer (CIO) Authority Enhancements and Cyber Security. Earlier this month, the cybersecurity and infrastructure security agency (CISA) issued an alert stating that “a state-sponsored cyber actors” have compromised the email systems and other data of defense contractors that handle sensitive information on weapons development, computer systems and intelligence. According to a recent report from the Pentagon, lack of threat testing programs and program office resources, limited toolsets and lack of effective planning for cyber threat campaigns are negatively affecting the DoDs ability to effectively defend their infrastructure and assets. Cybersecurity issues are an ongoing problem especially when operating in cyberwarfare environments and combating threats to DoD systems. Inconsistencies also exist around multifactor authentication (MFA), identified and mitigated vulnerabilities in encrypted systems and controlled unclassified information (CUI) transfer. The cybersecurity maturity model certification (CMMC) will not be incorporated into the entire DoD until FY25, so they are depending on contractors to ensure compliance with cybersecurity requirements. DoD will require contractors that handle CUI to certify their cybersecurity maturity through third-party assessments or self-assessment via the CMMC.

Department of Energy

The latest scorecard also saw the Department of Energy (DOE) lagging in areas of IT transparency and risk management. The agency-wide average for transparency and risk management is currently a “B,” while overall the DOE scored a failing grade. The need for better visibility into IT investments and improvements for risk management come during a renewed focus on developing and deploying emerging clean energy technologies. COVID-19 response planning and recovery, from an increase in cyber-attacks, have moved resources and personnel-power away from adopting the required National Institute for Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity. DOE failed in tracking and assessing levels of implementation, but the report also offered recommendations such as including that the agency work to “develop metrics to assess the effectiveness of its framework promotion efforts.” Technology vendors and channel partners should expect requirements for commercial cloud services, data processing and hosting and sector-based cybersecurity toolkits.

Department of Transportation

The Department of Transportation (DOT) received a failing grade in the areas of agency CIO Authority Enhancements and Modernizing Government Technology. DOT is still addressing vulnerabilities from the SolarWinds attack, as well as federal information security modernization act (FISMA) requirements with an audit by the office of inspector general (OIG) revealing more than 10,000 vulnerabilities. DOT leadership will need help with equipment upgrades for its wide area network and IT infrastructure program enhancements. DOT plans to compete several contracts for cyber support, converting half of their information and data management systems to a Security Assessment and Authorization Process. They are also providing additional funding for Microsoft 365 license upgrades for additional cybersecurity features, email security and cloud access security capabilities. Furthermore, $3.9M is going towards addressing vulnerabilities in air traffic control systems. In terms of specific cyber-area spending planned by the federal aviation administration (FAA), technology vendors and channel partners should continue to expect requirements including security operations center encryption, multi-factor authentication, increased threat logging functions and advanced monitoring tools.

Veterans Affairs

The Veterans Affairs (VA) received lower grades in the areas of cybersecurity, modernizing government technology and IT portfolio review. Secretary McDonough previously stated, “VA’s response to COVID-19 highlighted the shortcomings of the software and business practices supporting VA procurement, logistics and infrastructure operations.” The IT End User Operations program which has FY22 funding at $355M and IT Network Operations at $155M aims to increase the speed and efficacy of the end-user deployment process with a key emphasis on automation and deployment speed. VA end-user operations will have to ensure that hardware-like tablets and computers are capable of fully supporting new applications and data sets. Other relevant IT investment areas for the VA this year are three new efforts that support service and medical care delivery to veterans. These include the Electric Health Record Modernization (EHRM), VA Logistics Redesign (VALOR) and Financial Management Business Transformation (FMBT) investments. These programs focus on end-user service delivery to VA recipients that ensure security of VA recipient financial and medical data. For FY22, Secretary McDonough sees the “VA undergoing one of the most comprehensive IT modernizations in the federal government, which will support seamless transition of health care information.” Technology vendors and channel partners should look for opportunities to support VA IT infrastructure modernization, automation, human-centered design, cybersecurity and medical analytics initiatives.

Department of Agriculture

The Department of Agriculture (USDA) is also struggling in the areas of cybersecurity, CIO authority, transparency and risk management. In FY22, they will be investing in programs to modernize their IT infrastructure as well as create new systems to manage data. The Emerging Information Technology Architecture (EITA) program, Supplemental Nutrition Assistance Program, Anti-Fraud Locator, and Anti-Fraud Locator EBT Retailer Transactions (ALERT) are good program insertion points, and we will see requirements in cloud data management, system implementation and cyber security enhancements coming out of their program offices.

Department of Justice

The Department of Justice (DOJ) received “C’s” across their CIO authority enhancements, modernizing government technology and portfolio review. DOJ is focusing funding and resources into the U.S. Marshall Service (body cameras, software and video storage) and a $134M Task Order with CGI Federal to upgrade financial management systems. With CGI’s help, the DOJ hopes to render its Unified Financial Management System (UFMS) and Unified Asset Management System (UMAS) programs more efficient in streamlining departmental procedures. The DOJ intends to use CGI programs Momentum and Sunflower capabilities to strengthen efforts surrounding asset management, resource allocation and procurements, while also integrating required zero-trust security measures. CGI secured a potential $250M blanket purchase agreement (BPA) that includes $133.9M for management, operations and maintenance to support to DOJ’s UFMS and UAMS. Technology vendors and channel partners should continue to expect increased requirements from DOJ for cloud security, systems optimization and software implementation.

Increasing the role of the CIO in procurement decisions, replacing legacy technology and shoring up cybersecurity remain pain points across federal agencies. These are the main concerns on the minds of every federal CIO and where we expect to see dollars flow both from agency budgets and the technology modernization fund (TMF).

To get more DLT Market Insight content, please visit our Market Intelligence microsite.
 

About the Author:
Dawit Blackwell is a senior analyst of the DLT Market Insights team covering Federal Civilian agencies.