Today, Rep. Gerald E. Connolly, Chairman of the Subcommittee on Government Operations, held a biannual hearing to assess implementation of the Federal Information Technology Acquisition Reform Act (FITARA), Modernizing Government Technology (MGT) Act, and the Federal Information Security Modernization Act of 2014 (FISMA), and consider opportunities for modernizing future iterations of the FITARA Scorecard.
“Key pillars of the FITARA Scorecard—including cybersecurity and IT modernization—remain on GAO’s high-risk list, highlighting the need for continued oversight of these issues,” said Chairman Connolly in his opening statement. “To conduct such oversight effectively, the FITARA Scorecard must accurately reflect the progress agencies have made in their IT efforts, which will in turn motivate agencies to prioritize meaningful changes to their IT infrastructures.”
The Subcommittee heard testimony from Ann Dunkin, Chief Information Officer for the Department of Energy; Guy Cavallo, Chief Information Officer for the Office of Personnel Management; Carol C. Harris, Director of Information Technology and Cybersecurity for the Government Accountability Office; David Powner, Executive Director for the Center for Data-Driven Policy, MITRE and former Director of Information Technology and Cybersecurity for the Government Accountability Office; Suzette Kent, CEO of Kent Advisory Services and former Federal Chief Information Officer; and Richard Spires, Principal at Richard A. Spires Consulting.
Members and witnesses highlighted how over the last six years the FITARA Scorecard has driven positive change in acquiring and managing information technology systems across 24 federal agencies, saving taxpayers more than $20 billion and improving the management and security of federal IT systems.
- Chairman Connolly said, “The Scorecard has served as an effective oversight tool since its inception. From November 2015 through December 2021, agencies receiving C or higher grades increased from 29 to 100 percent and for the most recent scorecard, 50 percent of agencies received an A or B.”
- “This Committee, with support from GAO, has performed thorough and consistent oversight on agencies’ implementation of the law using the FITARA scorecard to measure progress. Never have we seen such follow-through on an IT law, using data and metrics to drive outcomes,” said Mr. Powner.
- “FITARA has had a significant positive impact on agencies,” said Mr. Spires. “While the text of the legislation itself has been of aid, I believe it has been the oversight of Congress that has been the driving factor in making improvements. And I note that the passage of FITARA, and subsequent oversight efforts, particularly by this Subcommittee, have been handled in a bi-partisan and unified approach. That has made a significant positive difference in how seriously President Obama’s, President Trump’s, and now President Biden’s Administration have handled the implementation of FITARA.”
Witnesses explained that the Scorecard is a critical tool to drive progress, but Congress must ensure it evolves to reflect new best practices, the continually changing nature of IT services, and the innovative ways to measure IT improvements.
- “Although the FITARA scorecard has served as a mechanism to drive continuous improvement, we have now entered a new era,” said Ms. Kent. “Federal technology is the engine for remote work for the majority of our federal workforce. Digital and mobile channels are now the platform of primary engagement with Americans for many of our most critical government functions. Because of this new era, our technology metrics and measures should evolve to be more nimble and more aligned with the world outside government.”
- “The biannual scorecards have steadily evolved while serving as effective oversight tools for monitoring agencies’ implementation of FITARA and other IT-related statutory requirements. Going forward, it will be important for Congress to continue adapting oversight tools, such as the biannual scorecards, to address changes in the federal landscape and hold agencies accountable for improving IT management,” said Ms. Harris.
- Ms. Dunkin said, “Since FITARA was enacted, our use of technology has increased dramatically and changed the way we live and work in fundamental ways. While this ever-expanding use of technology generates new opportunities, it also creates ever-expanding and evolving risks. We are in a challenging and dynamic environment where we must protect our valuable digital assets, assess threats and risks in an increasingly hostile cyber environment, and meet growing customer and regulatory expectations—all without degrading our ability to innovate and modernize.”
Members discussed how a variety of factors have resulted in stalling grades on the Scorecard and explored possibilities to update the Scorecard so that it will continue to serve as an effective tool for oversight of IT management and acquisition.
- In questioning Ms. Harris about including an IT modernization category on the Scorecard, Rep. Brown noted that “the federal government has projected that it will spend approximately $111 billion on IT investments in fiscal year 2022, of which 57% is spent on operations and maintenance, including systems.”
- While questioning Ms. Kent about the next generation of FITARA Scorecard metrics, Rep. Porter emphasized that “we want to keep things narrow enough that we’re motivating the agency to make progress but we also have to make them broad enough to stay relevant as technology evolves.”