Federal chief information officers may be grounded, lose their dessert and may even have to rake the leaves all weekend after House lawmakers give them their first Federal IT Acquisition Reform Act report cards on Wednesday.
The House Oversight and Government Reform Subcommittee on IT will release its FITARA scorecard during a hearing, and the news isn’t good for most agencies.
Rep. Will Hurd (R-Texas), the chairman of the Oversight and Government Reform Subcommittee on Information Technology, said no agency received an ‘A’ and there were several ‘Ds’ and ‘Fs.’
“I’m not surprised, but this is something that I’m sure we will be getting a lot of questions from these agencies about these numbers. But the best part about all of this is we are using the data that these agencies are providing themselves and so the first step if you really want to evaluate something you got to have metrics and then you have to have the rig information to evaluate those metrics. That’s something we are doing in this scorecard,” Hurd said in an exclusive interview with Federal News Radio, previewing the FITARA scorecards. “There is significant room for improvement. One thing that we are going to see as we improve the data they are providing on these issues and that some of the areas that are particularly bad is in the area of data center consolidation. For me, this is one of those things where we can realize savings pretty quickly and most of the agencies are failing in this area to realize significant savings from data center consolidation.”
Insight by CyberArk: Learn how the CDC is using the least-privilege model to limit how much damage hackers can do in federal networks in this free webinar.
Hurd and Rep. Gerry Connolly (D-Va.), a co-author of the law, have promised tough oversight of FITARA implementation. Hurd said in September that he would be holding meetings with every agency on their progress.
He said Wednesday’s hearing, which includes federal chief information officer Tony Scott, Dave Powner the director of IT management issues for the Government Accountability Office, and the CIOs from the departments of Transportation and Treasury and the General Services Administration, will be the first of several oversight hearings or meetings with agencies.
“Now that we have the scorecard and a way to measure it, these are the conversations that we will be having with these agencies and it’s going to start with Transportation,” he said. “The good thing is a lot of this information can be updated monthly because the infrastructure is there for the agencies to do this, and I stress, we are using the agency’s information that they have submitted to OMB and GAO. What’s interesting in this whole exercise we’ve learned in some areas, they are submitting different numbers to GAO and the OMB. One of the questions is why is that behavior happening?”
Conversely to the committee’s grades, Scott said the Office of Management and Budget graded agencies anywhere from a “C-“ to a “B+” on their implementation plans.
The committee’s scorecard initially looks across four of the seven areas FITARA addresses:
“Each one of those areas they are getting a letter grade and the letter grade on each of those four areas are aggregated into an overall score for that agency,” Hurd said.
He said the committee picked those four areas for several reasons. First, GAO already is reviewing many of these four areas so auditors and agencies are collecting and providing the data.
Second, he said, the four areas are important parts of the FITARA and impact agency IT spending. Hurd said as the scorecard matures, the committee will add new metrics.
“GAO definitely had input on this process and they are the ones that have the access to the underlying data and doing the analysis so they are a partner in this,” he said. “But a lot of the decisions on how we will implement this was done by the committee.”
Going forward, Hurd said agencies can update their information monthly to improve their scores, but he plans on bringing CIOs and other agency executives in as often as possible to talk about implementation progress.
“We also want to highlight some of the agencies that are doing a good job. Some of the agencies that may have done the best when it comes to data center consolidation so that’s an important part of this as well,” he said. “There will be some best practices and ultimately through this process, we might be able to help Tony Scott and OMB in learning how some agencies are doing a better job and who that can be some standards used across all 24 agencies.”
Hurd said his biggest concern so far is the handful of agencies seeking an exemption from FITARA, such as the Energy Department’s National Labs, and the quality of the plans agencies have submitted to OMB.
Hurd said he sees no reason why an agency or part of an agency should be exempted from FITARA.
“In the future we are hoping our scorecards incorporate these plans,” he said. “This is a critical issue to make sure we are protecting government information and infrastructure and we’ve got to be able to do the basics well. The scorecard is designed to make sure agencies realize they will be held accountable for the things they say they are supposed to be doing and they will be held accountable for implementing the laws that are passed.”