The Department of Transportation’s (DOT) F+ on the Federal Information Technology Acquisition Reform Act (FITARA) scorecard does not reflect all of the agency’s compliance work, according to a DOT spokesperson who asked to remain anonymous.
The scorecard measures how well agencies are enacting the mandates called for by FITARA, which was co-written by Reps. Gerry Connolly, D-Va., and Darrell Issa, R-Calif. The act was passed in 2015. The third and most recent scorecard was released Dec. 6. DOT, which has received overall D’s on the previous two scorecards, received an F+ this time around. It was the only agency to fail.
A DOT spokesperson said that, while the agency respects the Government Accountability Office’s (GAO) appraisal, the scorecard is not an accurate assessment of what DOT has achieved under FITARA. The spokesperson said that the report card does not reflect the agency’s particular circumstances.
“Much of our IT portfolio is made up of FAA investments that support the national airspace, are not traditional ‘IT’ and do not lend themselves to the measures used in this scorecard,” the spokesperson said in an email. “As a result, our decisions yielded a lower rating on the scorecard; however, our decisions give us confidence that we are maintaining the highest safety standards possible, and so it is a tradeoff we are comfortable making.”
One of the categories the FITARA scorecard examines is Incremental Development. DOT received an F in this category because the FAA’s technology deployments demand a rate different from an incremental reproach, according to the spokesperson. The other categories are Risk Assessment Transparency, IT Portfolio Review Savings, Data Center Consolidation, and whether the agency Chief Information Officer (CIO) meets with agency secretaries. DOT also received an F in the Portfolio Review and Data Center Consolidation categories.
“The continuity of airspace operations takes precedence over the speed in which the Department consolidates data centers,” the spokesperson said.
The spokesperson also said that some of DOT’s compliance efforts were simply not reflected in the scorecard. For example, DOT completed a network assessment to identify vulnerabilities and replace aging hardware and started an initiative to build a comprehensive diagram of the entire agency’s systems. The agency will also release a more accurate projection of its data center closure activity, according to the spokesperson.
“We will report against these updated projections moving forward,” the spokesperson said.