What To Expect From Future FITARA Scorecards

HieroGraphic/Shutterstock.com

Featured eBooks
Digital Transformation
Read Now

Federal IT Modernization Still a Major Challenge

Read Now

DHS’ next chapter as an enterprise services provider

Read Now

What's happening in health tech

Read Now
Aaron Boyd By Aaron Boyd,
Senior Editor, Nextgov

By Aaron Boyd

|

GAO’s FITARA scorecard lead offers some insight into potential additions—and subtractions—from the biannual federal IT report card.

The scorecard developed to mark agencies’ progress conforming to the Federal Information Technology Acquisition Reform Act, or FITARA, has evolved over the years to become a barometer for how well agencies are adopting modern IT practices and complying with Congressional mandates and administration policies.

Those changes will only continue, according to Kevin Walsh, a Government Accountability Office analyst who assembles the data that goes into the scorecard.

“Federal IT is a continuously evolving and changing landscape. It’s like cybersecurity: You’re never done with cyber,” Walsh said Wednesday during a FITARA-focused event hosted by ACT-IAC. “I don’t know that we’ll ever be done with the empowerment of our CIOs.”

Walsh added a caveat to all of his remarks: He does not have a crystal ball, and all decisions on how agencies are scored and by what metrics are made by the House Oversight Subcommittee on Government Operations, not GAO.

The scorecard has undergone a number of revisions since it was first issued in November 2015, when there were only four categories: data center consolidation, IT portfolio review savings, incremental development and risk assessment transparency.

As of the eighth scorecard released in June, there were eight categories, including the original four, plus software licensing, confirmation on whether the chief information officer reported directly to the department head, and compliance with the Modernizing Government Technology, or MGT, Act and Federal Information Security Management Act, or FISMA. Even those have undergone recent changes.

For instance, the incremental development category was originally based on whether agencies released code every six months. But that wording was problematic.

Maria Roat, CIO of the Small Business Administration, said her employees looked at that metric the first time around and immediately checked “no,” confirming their agency did not release on a six-month schedule. SBA’s shop releases new code every two weeks.

That metric was updated for the eighth scorecard to “reward agencies for using iterative, agile and incremental development,” according to Walsh. That metric will likely change again by the next scorecard, he said.

“If you look at OMB’s recently released capital planning guidance—which came out shortly after the last hearing—the field that we used to do this is going away,” Walsh explained. “I think the Hill will try to keep things as close to the existing methodology as possible. But I don’t know how that will change. I’m going to come up with some options to give to the Hill. Then, what they ultimately choose will be up to them.”

But before another change for incremental development, Walsh expects data centers to be the focus of the next scorecard alteration.

After the administration changed its data center policy to focus on optimization, the government operations subcommittee, which releases the scorecard, wasn’t sure how to treat that metric in the eighth iteration.

“We’re nervous ‘optimization’ gives a lot of wiggle room,” Subcommittee Chair Gerry Connolly, D-Va., said during the scorecard hearing June 26. “You’ve used this weaker word, ‘optimization,’ which doesn’t really require me to do something specific. … My experience is sometimes you’ve got to give very clear direction and set very explicit metrics in order to accomplish something.”

For the eighth scorecard, GAO included a grayed-out column for data center closures and offered two grades for four agencies, depending on whether their data center scores were included.

Walsh said GAO and Congress will have to figure out what to do with that metric before the ninth scorecard is released.

“This next go-round, data centers will have to change,” he said Wednesday. “The time after that, I suspect, incremental will have to change, as well.”

Potential additions in the near future might include compliance with the 21st Century Integrated Digital Experiences Act, or IDEA Act, and proposed updates to the Federal Risk and Authorization Management Program, or FedRAMP.

Looking beyond the couple of years, Walsh expects to see more additions and maybe even some subtractions from the scorecard.

“Looking a year or two out, I would love to see these metrics evolve to incorporate [the Technology Business Management framework], cloud ... and, again, recognize the progress agencies have made,” he said, adding that GAO is always interested in feedback from agencies on how best to move forward.

“If the scorecard were to ever eliminate an area, [software licensing] would probably be one that would be a candidate,” he said, as only four agencies didn’t get an ‘A’ in the last scorecard and are set to fix the remaining issues. “As far as we can track it, that work is done.”

Roat agreed that the scorecard should continue to evolve, but warned against too many changes too quickly or too often.

“You can’t make changes to that scorecard every six months because you’ll never have a goalpost. It just needs to evolve over time,” she said Wednesday. “It has to evolve with the maturity of the federal government. There’s just so much good work going on and a lot of modernization efforts. But take into account all the good things going on, and not just … poking holes in the small things.”

NEXT STORY: Army tests smart-city communication tools

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.