Quick Hits
*** The June 2019 FITARA grades are out. The eighth iteration of the scorecard that grades compliance with the Federal IT Acquisition Reform Act – or FITARA 8.0 in more tech-friendly jargon – saw no As but no failing grades either. Overall, scores were flat or slightly down for most agencies.
NASA saw the biggest drop – from a B+ to a D-, in part of the basis of a management change that was seen as a diminution of CIO authority. There weren't any similarly dramatic improvements in overall scores. In his opening remarks, at June 26 hearing on FITARA compliance, Rep. Gerry Connolly (D-Va.), chairman of the Government Operations Subcommittee of the House Committee on Oversight and Reform, said that USAID and the Department of Labor would each have received A+ FITARA scores if they'd changed their org chart to have their CIOs report directly to the agency chief or top deputy.
The scorecard also revealed that 22 out of 24 covered agencies have a permanent CIO – creating a semblance of order in an administration that has acting officials many top leadership positions including Secretary of Defense and Secretary of Homeland Security.
*** Also at the FITARA hearing, Connolly revealed that he had tried to introduce an amendment to the Financial Services and General Government appropriations bill to add $15 million to the Technology Modernization Fund -- a revolving pot of IT money authorized by the Modernizing Government Technology Act. The amendment was killed in Rules Committee, Connolly said.
Subcommittee Ranking Member Mark Meadows (R-N.C.) noted that the $35 million funding addition approved for MGT is "sadly a rounding error when it comes to addressing this problem." He said he hoped to "get that up to a number that is actually meaningful."
*** In a new publication aimed at federal technology managers, the National Institute of Standards and Technology offers some ideas on managing cybersecurity and privacy risks in the vast internet-of-things ecosystem. NIST lays out three high-level goals -- protecting devices, data and individuals' privacy throughout the device lifecycle -- and outlines the potential challenges agencies may face along with mitigation strategies. Get more on this document from GCN.