FITARA Scorecard Setting up for Enduring Changes

Ten report cards deep into its five-year history, it’s clear that the House Oversight and Reform Committee’s Federal Information Technology Acquisition Reform Act (FITARA) Scorecard has succeeded in its overarching mission – helping to shape Federal agency IT performance for the better.

The headline news from the latest scorecard issued on August 3 was that for the first time all 24 agencies achieved at least an overall passing grade of “C-.” That’s a welcome and far cry from many of the earlier scorecards that were littered with “D” and “F” marks. (The easiest way to make sense of the committee’s multicolored scorecard is to view the FITARA Dashboard.)

A look into the nuts and bolts of how many Federal agencies pulled their grades up in recent months shows better scores for the data center optimization and cybersecurity categories. Also raising all boats higher was the near-universal “A” grade in the MEGABYTE Act category, which tracks compliance with the 2016 law that requires agency CIOs to establish inventories of software licenses and analyze software usage to make cost-effective decisions.

According to the Government Accountability Office (GAO), Federal agencies have saved well over $20 billion over the last several years by getting better at meeting goals evaluated by the scorecard.

With that level of better performance now mostly baked into agency operations, lawmakers are getting ready to make a number of moves to evolve grading categories in order to force the next-generation of agency IT improvements. 

Scorecard Changes on the Way

The concept that the FITARA Scorecard should be a living and evolutionary evaluation tool is not new. The first edition of the scorecard issued in late 2015 featured only four grading categories. That total has more than doubled since then, to eight grading categories contributing to overall scores, plus a ninth category that is being tracked but not yet a factor in overall grades.

The House Government Operations Subcommittee – which is the driving force behind deciding FITARA grades in consultation with GAO – said this month that agencies still have plenty of work to do in several grading categories including CIO authorities, establishment of agency working capital funds to finance IT modernization, and increasing cybersecurity oversight. But it also emphasized that the scoring categories are ripe for change.

The subcommittee’s bottom line: “FITARA must continue, but it must also evolve.” In the words of its chairman, Rep. Gerry Connolly, D-Va., “FITARA remains an effective tool at catalyzing IT improvements across the enterprise of the Federal government … Let’s ensure we use it to continue to raise the bar.”

Rep. Connolly – who is arguably the biggest driving force behind the FITARA Scorecard and how it may evolve, leaves little doubt about the importance of that effort. Federal IT, he said, “is everybody’s business … Never has this been clearer than in the wake of the coronavirus pandemic, where IT has saved thousands of lives by enabling people to telework and keep the government and the economy running while preserving their own health and safety and that of their loved ones.”

Best Bets on Category Changes

The subcommittee telegraphed two future scoring category changes that should be considered the best bets for change in the short term.

The first is phasing out the MEGABYTE category, now that 23 of 24 agencies have adopted its requirements. The one lagging agency in the category – the Office of Personnel Management – is planning to acquire an automated tool for software license inventories this year that should help it with compliance.

The second is the addition of a category that measures Federal agency progress in transitioning away from the General Services Administration’s (GSA) Networx communications service contract which expires in 2023, and toward the Enterprise Infrastructure Solutions (EIS) contract that replaces it.

Ongoing delays by agencies in adopting the EIS contract have already resulted in “hundreds of millions of dollars” in missed cost savings, the subcommittee said earlier this month. GAO’s Carol Harris, the organization’s Director of IT Management Issues, put that number at about $330 million. The panel also cited GAO figures showing that numerous agencies failed to meet GSA milestones for completing critical EIS contracting actions in 2019, and that many don’t plan to fully transition to the new contract by a September 2022 milestone date set by GSA.

The latest version of the FITARA Scorecard features data showing how far agencies have to go in transitioning to EIS, but that data was not included in the overall score tabulations. Since the subcommittee is already keeping tabs on agency progress – and because hundreds of millions in cost savings are on the line – it’s not a far leap to assume this grading category will officially kick off for the next scorecard.

FISMA Reform Wild Card

One big wildcard for future scoring category changes is the possibility of changes to the Federal Information Security Modernization Act (FISMA) – which aims to improve Federal cybersecurity, and which the subcommittee uses to evaluate its cybersecurity grading on the scorecard.

At a subcommittee hearing in late July, Rep. Connolly asked tech sector trade group witnesses if they had any ideas about FISMA reform, and if so, to share them with the panel. Subsequent follow-ups with the congressman’s office indicate that any reform effort may not be very far along, but the chairman’s interest in the topic should certainly put it on the legislative radar as something that could end up impacting the FITARA cybersecurity category.

Compelling Legislative Outlook

Mitigating against any near-term change in FISMA is the nearly exhausted legislative calendar for the election year of 2020, and the overwhelming demands that will continue to be put on Congress to meet the demands of the COVID-19 pandemic.

But even in that context, House Democrats led by Rep. Connolly managed to include in the HEROES Act pandemic relief legislation approved by the House in May a provision for $1 billion of Technology Modernization Act (TMF) funding aimed at “technology-related modernization activities to prevent, prepare for, and respond to coronavirus.” The legislation hit a stonewall in the Senate, but more recently has picked up public support from Senate Democrats, and the backing of Big Tech.

MeriTalk’s CIO Crossroads project – a series of indepth interviews with most of the CIOs of agencies included in the FITARA Scorecard about how they used technology to keep citizen services flowing during the pandemic – offers the plain truth about IT modernization: the further along the road an agency is to operating modern systems made scalable by cloud services, the better it is able to provide vital services.

Legislative interest in spurring Federal agency IT modernization is only likely to increase as the pandemic drags on, and the need to create tech-driven solutions for citizen service becomes more acute. And unlike many issues on Capitol Hill, Federal IT remains a remarkably bipartisan issue that joins both sides of the aisle in common purpose.

Citizen Service Scoring Finds Traction

On the longer-term horizon, the idea of using FITARA as a way to measure how well Federal agencies provide service to citizens is finding traction both in Congress and among the ranks of IT thought leaders.

Rep. Jody Hice, R-Ga., ranking member of the House Government Operations Subcommittee, earlier this month put citizen service measurement at the top of his list of updates to FITARA Scorecard grading categories, along with boosting Federal IT workforce skills, and encouraging agency migration to an “agile and secure cloud computing environment.”

“We need to find ways to get agencies to move the needle on these crucial issues,” he said, adding, “We need to put in place the right kind of incentives to bring about IT modernization at scale … as it relates to the pandemic.”

And among the ranks of recent Federal CIO leadership, the desire for citizen service measurement among the FITARA Scorecard categories is in full flower.

Suzette Kent, who stepped down as Federal CIO last month, told MeriTalk in an exclusive interview that scorecard categories that most agencies have aced need to be replaced with more challenging goals. “We should always be in dialogue about raising the bar,” she said.

“As a citizen, I feel even more passionate about one of the things that I talked about when I was in government, and that’s something that measures our progress toward improved service delivery – whether that’s digital or whether that’s a quality measurement of mission outcomes, or some other kind of measure that gauges are we doing what matters most to those we serve,” Kent said.

“Agencies already have some idea about what their goals are for digital transformation,” she said. “There may be some work to do in what the measurement might look like. There are some other things around assessing citizen satisfaction that are probably further away, but that doesn’t mean we shouldn’t work on some long-term goals to figure out how to get there.”

“Maybe it’s a strategic discussion around when we transition to new scoring categories, and what is the right timeline for that.” Kent said. “Is it when 80 percent of agencies make an A grade in a category, and then we start to transition to a new category? For example, the response to the coronavirus gave us a really clear indication that we needed to be moving faster on digital and mobile capabilities.”

Tony Scott, who was Federal CIO from 2015 to 2017, agreed with those sentiments and said he would look to government website modernization and performance as a first cut at the issue.

“One of the things that I think COVID exposed is that in some cases it’s still hard to find the right information on agency websites,” he said. “There’s an ease of use and user interface set of issues that I think really needs to be dealt with. How we serve citizens in this digital government era I think is something that needs even more emphasis than perhaps it’s gotten in the past.”

“I’d love to see modernizing the customer interface and ease of use being something that’s not only on the scorecard, but with a lot of emphasis on it,” Scott said.

“The [website] standards are there, but not all agencies comply with it,” he said. “There are all kinds of standards in place, but I don’t think that there’s necessarily been the amount or external pressure or motivation, let’s say, as there needs to be for agencies to comply. It’s not just the top-level domains, it’s all the subsidiary sections. Some agencies are quite large, and while the top level is fairly compliant with standards, as soon as you peel away that top layer of the onion you get to some that are still pretty dismal.”

Categories

Recent