The new Federal Information Technology Acquisition Reform Act scorecard showed mediocre grades in overall IT modernization for 24 federal agencies and Congress is pressing agencies to come up with ways to do it better.
Since the last report in December 2018, five federal agencies improved their overall grade. Fourteen remained stagnant and five decreased. No agencies received an overall “A” rating, continuing a trend of the highest score given since November 2017 being a “B-plus.”
The new scorecard, released June 26, included updated requirements for chief information officer authority and a new section on Federal Information Security Management Act, both of which were factored into the final grade on a non-preview basis for the first time.
Agencies that improved their overall grade all received an “A” or “B” in the CIO authority enhancements category. The Department of Agriculture, along with nine other agencies, was not in compliance with an executive order requiring department CIOs to report to the department head or their deputy. The number of agencies out of compliance with the order increased from eight to 10, with NASA and HHS added to the list.
Suzette Kent, federal CIO at the Office of Management and Budget, said at a House Oversight Committee hearing June 26 that she has concerns about agencies that have moved backwards, but she said that some agencies have made recent changes since the scorecard.
Gary Washington, the CIO of the Department of Agriculture, said that he does have extensive conversations with the Agriculture secretary and the deputy secretary, but Rep. Gerry Connolly, D-Va. said the missing piece is agriculture policy stating that the CIO reports directly to the top.
Connolly stressed the importance of the CIO’s reporting duties to the top of the department because with it the CIO has “the ability to make change…because everyone understands that you’ve got the boss’ ear.”
”It has to show on the organizational chart. It’s great you have access, but your successor may not. We want to institutionalize this in the formal structure of the organization,” Connolly said.
Throughout the hearing, Connolly emphasized that federal agencies need to consolidate their data centers, in accordance with the FITARA law. He said that the word “optimization” when it comes to data center consolidation is too vague, and said there needs to be “explicit metrics” across the government for data center consolidation.
“I’m a big believer in setting metrics because that’s goal setting,” Connolly said.
Rep. Mark Meadows, R-N.C., also called for more clarification on optimization.
“Here’s what I would ask, is if you can provide this committee and GAO with guidance on what optimization actually means,” Meadows said. “Are we looking at 70 percent capacity on servers? Are we looking at redundancies of X percentage? What does it mean? Because what it means to one agency will be very different than that it means” to another.
Meadows pushed the department CIOs, which also included Treasury and Education, to come to the next FITARA hearing with a plan on how to replace legacy systems at their departments.
“If there is not a plan…on how we’re going to get rid of that, there’s going to be a problem,” Meadows said. “I’m tired of talking about it.”
Agencies also generally flailed in FITARA’s newly added grades for agencies on the new FISMA category. The Departments of Agriculture, Commerce and Health and Human Services all failed. In total, there were nine “D’s,” six “C’s” and four “B’s.” The National Science Foundation received the only “A.” The DoD did not receive a score.
Washington said that the Department of Agriculture received low scores on the new FISMA requirement because it had many tools that “weren’t speaking the same language in terms of configuration, management and patching.” Agriculture is already making adjustments, he said.
“We organized an end-user consolidation that’s very important to us across USDA and we’re going to get down to one common tool,” Washington said.
Other highlights from the report include an increased overall grade for the Department of Defense, which has shown significant improvements over the last year. Since May 2018, the department has improved from an overall “F+” to a “C+” in this report, which includes a jump of a letter grade since the December 2018 report.
NASA had the largest decline, falling from a “B+” to “D-.“ The agency received a “C” in the CIO requirements authority, an “F” in risk management and a “D” in the new FISMA category. The Department of Health and Human Services also slipped from a “B+” to a “C-,” partly because of its failing grade on FISMA.
The Department of Homeland Security, which has been in the midst of a leadership shake-up for months, dropped from a “C-“ to a “D-,“ tying its lowest grade ever.