FITARA Scorecard Sees 7 Agencies Increase Marks Amid Cyber Methodology Changes
All 24 agencies received passing grades in the latest iteration of the Federal Information Technology Acquisition Reform Act scorecard, though 17 saw their scores largely unchanged.
The latest iteration of the Federal Information Technology Acquisition Reform Act scorecard released on Wednesday marked the fourth time in the history of the scorecard that saw all 24 CIO Act agencies receive a passing grade.
The new scores were mostly consistent with the results of the 14th scorecard released in July, however: Just seven agencies increased their marks by a full letter score, while 17 agencies saw their scores remain largely unchanged.
The biannual scorecard assesses agencies' progress on specific information technology objectives and the implementation of critical legislation, including FITARA, the Federal Information Security Modernization Act and the Modernizing Government Technology Act.
All 24 agencies included in the assessment received at least a "C" overall grade after lawmakers updated their grading methodology for components including cyber, data center consolidation and the transition off of the Networx telecommunications contract vehicle.
The new methodology gave credit to agencies that provided justifications for future data center closures and provided a weighted average for the cyber component versus a traditional score. The transition off Networx also reflected a pass or fail grade depending on whether agencies were 90% transitioned off of the contract vehicle.
Rep. Gerry Connolly (D-Va.), chair of the subcommittee on government operations, said in his opening remarks for Thursday's hearing that agencies "must continue to reap dividends from modernizing legacy IT systems, migrating to the cloud and maintaining a strong cyber posture.
"Congress and this administration must work together to prioritize IT modernization and cybersecurity across the federal government," he added.
The cyber component of the latest scorecard was expected to take front-and-center stage at a Thursday hearing of the House subcommittee on government operations, which has overseen the grading process and scorecard assessment since it was first published in 2015.
A lack of comprehensive cybersecurity performance data left committee members and government cyber experts frustrated following the release of the 14th scorecard earlier this year, with some lawmakers in part blaming the Office of Management and Budget for failing to report critical FISMA compliance data to Congress.
Carol Harris, a director of IT and cybersecurity at the Government Accountability Office, said at the hearing earlier this year that her office was working with OMB and the committee to identify data that could be used "to support a more comprehensive grade."
Harris was expected to testify on Thursday, along with Jennifer Franks, another director of cyber and IT at GAO, as well as federal Chief Information Security Officer Chris DeRusha and Jason Gray, the chief information officer for the U.S. Agency for International Development.
Lawmakers have been floating major changes to the scorecard in recent years due to unreliable and incomplete data impacting components like cyber. But Congress has also credited the scorecard for making agencies accountable on governmentwide IT and cybersecurity goals, as well as saving taxpayers an estimated $24 billion.