FITARA 14 Serves as Reset on Modernization Measurement

After issuing the last set of Federal Information Technology Acquisition Reform Act (FITARA) scores, the parties responsible for the program said they would begin examining ways to evolve the measurements to be more meaningful to today's modernization goals. The latest report was issued in July of 2022 and reflected a shift to new measures resulting in eight agencies with declining marks and 15 agencies holding steady with the previous grades. This backslide and stasis is not bad news and was expected given the removal of data center consolidation goals, an area all agencies had mastered with "A" scores.

This 14th FITARA scorecard should be viewed as a measure of where agencies are in relation to newer IT modernization goals. One such measure that drove low scores is the fact that many agencies have not fully transitioned to the Enterprise Infrastructure Solutions (EIS) contract. Numerous agencies report that they are close to finalizing the plans to do so and could be compliant with this measure by the next report. Continue reading

Agencies Meet FITARA Goals Even While Battling Pandemic Challenges

The latest Federal IT Acquisition Reform Act (FITARA) scorecard showed that all agencies still have passing grades when it comes to meeting federal goals for IT management and reporting, but there was some backsliding in the latest report.

Health and Human Services, Labor, and the Veterans Administration improved their overall scores, while five agencies -- Commerce, Small Business Administration, The General Services Administration, Social Security Administration, and U.S. Agency for International Aid - all dropped. A positive among the scores was that every agency received at least one A for the first time in the scorecard's history.

Continue reading

In Cyberspace Showdown, Government Has the Upper Hand on the “Bad Guys”

The annual Federal Information Security Modernization Act (FISMA) report was delivered to Congress in May and contained encouraging news. The report, tracking agencies' ability to meet the guidelines set forth in FISMA, showed that there were 8% fewer cybersecurity incidents across government in fiscal year 2019. Additionally, the report showed that 73 agencies meet the highest FISMA rating, up from 62 in 2018.

All of this improvement comes at a time when more attacks are being carried out against agencies and those attacks are becoming more and more sophisticated. The government's ability to stay ahead of the increasing attack vectors can be attributed to compliance with federal regulations and mandates including Continuous Diagnostics and Mitigation program and the National Cybersecurity Protection System.

Additionally, a focus on educating federal employees about spear phishing, the practice of sending emails that look like they are coming from a known or trusted sender to intice targeted individuals to reveal confidential information, has also paid off. The report showed that the U.S. Department of State, U.S. Department of Health and Human Services, and the U.S. Department of Commerce had the largest reduction in phishing-related security incidents via email. Fittingly, the Department of Education earned a proverbial gold star, reporting zero phishing incidents. They attributed this success to employing "increasingly complex phishing scenarios" to improve spam filtering and implementing anti-phishing policies with their email provider. Continue reading

FITARA is Evolving and Agencies are Keeping Up

The ninth Federal Information Technology Acquisition Reform Act (FITARA) Scorecard, released in December, showed promising progress in meeting goals and in holding agencies accountable for their modernization efforts. For the first time, three different agencies earned an "A" or higher. The General Services Administration and Department of Education both received an "A+" and The United States Agency for International Development got an "A." This scorecard was the only time a failing grade was not handed out. Overall, agencies have upped their scores from a "D" average on the first scorecard in 2015 to a current "C+" average.

Scores are not the only thing that has increased. What is being measured has also grown. The first scorecard only measured four areas -- data center consolidation, IT portfolio review savings, incremental development, and risk assessment transparency. The latest version has nine subcategories that include measuring progress against recently enacted legislation.

Big gains in scores were found in regard to compliance with the Megabyte Act, legislation that aims to improve the way agencies manage their software licenses. Gains were also found in giving CIOs more authority. In fact, the reporting found that 22 agencies had permanent CIOs, two had acting CIOs and, of those, 16 reported directly to leadership.

Progress on data center consolidation also continues, though not without controversy. Rep. Gerry Connolly (D-Va.) voiced concern with the Office of Management and Budget's latest guidance on data center consolidation that changes the language to "optimization" and not "consolidation." He argued that consolidation is what frees up capital and drives cost savings, an area where agencies still struggle. Continue reading