Department of Agriculture (USDA) CIO Gary Washington said today that his agency is focusing on boosting its FITARA (Federal Information Technology Acquisition Reform Act) grades by the time the House Oversight and Reform Committee issues its next set of scores – expected in December – and is confident that the agency can accomplish that goal.
On the committee’s most recent FITARA Scorecard, USDA earned an overall score of “C-,” up one full letter grade from the previous tally on the strength of better performance in MGT Act and other categories. But the overall score was dragged down by an “F” grade in cybersecurity – the first time that category was figured into the committee’s scoring tabulations.
USDA was not alone in that situation. Other agencies, including the Commerce Department and the Department of Health and Human Services – were similarly weighed down with failing cybersecurity scores.
Speaking today at an event organized by ACT-IAC, Washington explained broader strategies the agency is employing – like closing down data centers and moving other functions to cloud infrastructure – that have helped its overall FITARA grade.
On the cybersecurity front, he pledged improvement over the balance of this year on that scoring category. “By the December scorecard we will improve on that,” he said. In particular, he said USDA was looking to improve its FISMA compliance as evaluated by the agency’s Inspector General.
“Our Secretary wants to make the Honor Roll” on FITARA, he said. “We are going to do everything we can to get that ‘A’ in overall score,” he added.
During a House Government Operations Subcommittee hearing last month, Washington told members of Congress that USDA had made strides in recent months to move away from some legacy systems, to employ new equipment in some areas, and to use common tools for network configuration and patching. “We are currently stabilizing, but in the next two months I absolutely expect our [cybersecurity] scores to improve,” he told the subcommittee.
In his remarks today, Washington said, “We are trying to get all of our security folks to sing from the same sheet of music.”
Separately, Stephen Kovac, Vice President of Global Government and Compliance at Zscaler, commented on the FITARA cybersecurity grades, saying, “There is more work to do to drive secure digital transformation.”
“As agencies move data and infrastructure to the cloud, they need to keep a tight focus on improving security,” he said. “There is tremendous opportunity to reduce duplication and take advantage of economies of scale, with the TIC 3.0 guidance and cloud-based OpEx security solutions. These options give agencies modern, feature-rich solutions without upfront cost. Agencies buy only what they use.”