FITARA Breakdown: Data Center, Cyber Scores Drove Grade Changes

The tenth version of the FITARA Scorecard released released today shows that changes to agencies’ data center optimization initiative (DCOI) and cybersecurity efforts were leading factors in whether their overall grades changed since the previous scorecard.

Hear insights from Deputy Federal CIO Maria Roat. Learn More

Of the 24 CFO Act agencies graded on the latest FITARA scorecard, scores for seven agencies increased, three decreased, and 14 stayed the same. While only two agencies – the General Services Administration (GSA) and the U.S. Agency for International Development (USAID) – maintained their “A+” and “A” overall grades, respectively, all agencies remained within the overall passing range of a “C-“ or better.

The House Government Operations Subcommittee, which releases the FITARA Scorecard every six months, said that changes to scoring methodology were also a likely cause of overall score changes. Notably, it said the updated incremental development grading methodology was necessary because prior tabulation relied on data that was no longer available. The committee also noted that uptime and utilization were not included in calculations of DCOI scores due to concerns about the data’s reliability.

The easiest way to make sense of the committee’s multicolored scorecard is to view the FITARA Dashboard and watch MeriTalk’s FITARA video.

 

Here’s some more color on why agencies saw their scores change:

Department of Agriculture (USDA)

USDA’s overall grade increased from a “C+” to a “B+” in the latest scorecard, with improvements across the transparency and risk management, portfolio review, DCOI, and cyber categories. The agency’s DCOI score jumped dramatically from an “F” to an “A,” despite Government Accountability Office recommendations in March suggesting the USDA is not optimizing data center-related cost savings.

The transparency and risk management score increased from a “C” to a “B,” the portfolio review score increased from a “D” to a “C,” and the cyber score increased from a “D” to a “C.”

Department of Commerce (DoC)

DoC also saw a grade increase from a “C+” to a “B+,” and a jump in its DCOI and software licensing scores from an “F” to an “A.” The agency’s better DCOI score came after a Government Accountability Office report calling on DoC to better meet DCOI metric targets.

Despite those grade improvements, DoC was one of two agencies, alongside the Department of Energy, to receive an “F” grade in the cyber category of the scorecard.

Department of Education

The Department of Education’s overall score decreased by one letter, from an “A+” to a “B+,” as both its transparency and risk management and portfolio review scores dropped from an “A” to a “B.” The changes indicate slightly less risky IT investments, and fewer portfolio review cost savings.

Department of Homeland Security (DHS)

DHS also saw a score decrease from a “B” to a “C.” It’s DCOI score decreased from an “A” to a “C,” and it’s cyber score decreased from a “B” to a “C.” DHS was also one of five agencies to receive a failing grade on the agency CIO authority category.

Even with those lower rankings, the agency’s transparency and risk management score increased from a “D” to a “C.”

Department of State

The Department of State boosted its overall scorecard ranking from a “D-“ to a “C-“ through improvements in CIO authority, portfolio review, Modernizing Government Technology (MGT) Act compliance, and cyber categories. The committee noted that the Department of State has saved or avoided almost a billion dollars of costs through its portfolio review efforts.

The agency’s CIO authority score increased from a “B” to an “A,” the portfolio review score jumped from a “D” to an “A,” the MGT Act compliance score increased from a “C” to a “B,” and the agency’s cyber score increased from a “D” to a “C.” The Department of State’s transparency and risk management score decreased from an “A” to a “B.”

Department of Treasury

The Department of Treasury increased its overall score from a “C” to a “B,” including a jump from an “F” to a “B” for its DCOI efforts. The agency’s MGT Act compliance score increased from a “C” to a “B” and its cyber score increased from a “D” to a “C.” The Treasury Department’s CIO authority score decreased from a “B” to a “C.”

Department of Veterans Affairs (VA)

VA’s overall FITARA score decreased from a “B+” to a “C+” as its portfolio review score declined from a “C” to a “D” and its DCOI score dropped from a “B” to an “F.” VA is the only agency to receive a failing grade for its DCOI efforts.

VA also received the lowest grade for MGT Act compliance along with the Office of Personnel Management because both agencies lack any plans to implement a working capital fund or similar program.

Environmental Protection Agency (EPA)

EPA’s overall score increased from a “C+” to a “B+” as its score for agency CIO authority improved from a “D” to an “A,” indicating that more EPA projects will deliver functionality in the next six months. The agency’s software licensing score went from an “F” to an “A,” its MGT Act compliance score went from a “C” to a “B,” and its cyber score went from a “D” to a “C.”

Nuclear Regulatory Commission (NRC)

NRC’s overall score increased from a “D-“ to a “C-.” The improvement reflects increases in its agency CIO authority score from a “D” to an “A,” portfolio review scores from a “D” to a “C,” MGT Act compliance scores from a “D” to a “C,” and cyber scores from a “B” to an “A.”

NRC is the only agency to receive an “A” in the cyber category because of its inspector general assessments on FISMA compliance, and because it met all 10 cross-agency priority goal cybersecurity metrics.

Social Security Administration (SSA)

SSA’s overall score increased from a “C+” to a “B+.” The only scorecard change was its portfolio review score from a “B” to an “A.”

SSA was one of two agencies, the other being the Department of Energy, to receive an “F” grade in the transparency and risk management category. The agency reported three percent of its major investments as at risk, according to the committee.

Katie Malone
About Katie Malone
Katie Malone is a MeriTalk Staff Reporter covering the intersection of government and technology.

Categories

Recent