Shifting Priorities, Metrics Lead To Relatively Flat FITARA Grades

At the top level, agencies’ progress complying with the Federal Information Technology Acquisition Reform Act largely remained flat in the latest scorecard, belying a number of changes since grades were released in December.

Overall, five agencies improved in the eighth scorecard, with four agencies dropping a letter grade and 11 staying the same. Since the first scorecard four years ago, agencies have made the most progress with regard to reporting IT investments to the Office of Management and Budget’s dashboard and engaging in PortfolioStat reviews.

Meanwhile, an update to the way incremental development is categorized and the inclusion of a cybersecurity metric pushed many agencies’ scores back down, according to Carol Harris, director of the IT and cybersecurity team at the Government Accountability Office, which assembles the scorecard on behalf of the House Committee on Oversight and Reform’s subcommittee on Government Operations.

The addition of cybersecurity reporting to the scorecard “had a generally negative effect, as there were 12 agencies with either a D or an F,” Harris told the subcommittee during a hearing Wednesday. “Only one agency, NSF, received an A, and four received a B.”

Similarly, the incremental development metric “now captures projects that are not primarily software development in nature, such as a non-IT acquisition with a tech component,” reflecting an update requested by the Federal CIO Council, she explained.

“As a result, we saw 10 agencies’ grades in this area decrease while three agencies went up.”

With regard to data center consolidation, the committee asked GAO to submit two grades—reflected in the scores of four agencies—to account for changes in OMB’s policy and a shift in focus toward optimizing data centers, rather than closing them.

“If data center grades were included, HUD and EPA’s overall grades would increase and VA and SSA’s grades would decrease.”

Subcommittee Chair Gerry Connolly, D-Va., one of the cosponsors of FITARA, focused in on another metric that was central to the original law: granting agency CIOs more authority by requiring them to report directly to department leadership.

“Who you report to matters a lot,” he said. “If you report to the deputy assistant under-widget manager in the bowels of the basement, everyone can figure that out. … When you report to the boss—and everyone knows you report to the boss—that carries weight. And we want to empower a CIO to have that relationship to carry that kind of weight and to make those kinds of decisions.”

He noted two agencies—the Health and Human Services Department and NASA—actually moved backward on this metric.

Federal CIO Suzette Kent said she shared the committee’s concerns over the backslide. She said her office has been in talks with HHS and NASA—talks that will continue until the situation is resolved—but deferred to the agencies on details.

Harris was able to offer some insight into the issue at HHS, where the acting CIO was also serving as the chief technology officer, a position that reports to the secretary.

“Since he has now vacated that CIO position, because that relationship was not codified in policy, it went away,” she said. “That really drives the important point that this relationship needs to be set in stone and policy so that we can maintain that continuity no matter who is in the office.”

Subcommittee Minority Leader Mark Meadows, R-N.C., said during the hearing that he had a text message conversation with NASA Administrator Jim Bridenstine, who assured the congressman that the reporting structure would be fixed to align with FITARA and administration policy.