The Federal Information Technology Acquisition Reform Act (FITARA) scorecard must be updated for Congress to provide improved oversight of government modernization efforts and to better understand why a majority of agencies earned failing grades on their transition to the Enterprise Infrastructure Solutions (EIS) contract, several IT experts testified on Thursday.
According to the 13th FITARA scorecard, which was released at a hearing of the Government Operations Subcommittee of the House Committee on Oversight and Reform, 15 of 24 agencies failed in the category of EIS transition.
Federal agencies are facing several key deadlines in 2022 for migration of their telecom inventory to the $50 billion, 15-year EIS contract vehicle, which is managed by the General Services Administration. Agencies must have at least 90% of their telecommunications inventory moved to EIS by March 31, and a full migration completed no later than September 30. But even GSA, tasked with overseeing the governmentwide transition, received a failing grade in that category, as the Government Accountability Office’s IT and Cyber Director Carol Harris noted in her testimony.
The two agency witnesses, Energy Dept. CIO Ann Dunkin and Office of Personnel Management CIO Guy Cavallo, noted in their prepared testimony that they expected to hit these deadlines, despite receiving failing grades on EIS transition on the FITARA scorecard.
“DOE has awarded contracts for both data and voice,” Dunkin stated. “While our contract awards were made later than we would have preferred, DOE is confident we can meet the GSA disconnect target of September 2022.”
Cavallo said that OPM awarded its EIS contract last April and noted that the “late contract award negatively impacted our FITARA score for multiple scorecards.” Cavallo also said he expected to hit the GSA’s target, while also replacing its older phone inventory with virtual phones – an effort that is currently being piloted and is planned to be deployed agency-wide in the current fiscal year.
Richard Spires, formerly CIO at the Department of Homeland Security and the IRS, said at the hearing that, “It is a significant undertaking to migrate from one major networking contract to another. It takes a lot of work behind the scenes within these agencies to make that happen.”
Spires, who managed DHS tech during the transition from previous legacy contracts to Networx, told lawmakers: “I think many agencies struggled with that while also dealing with the day-to-day operations… The workforce issues are really behind a lot of where we see struggles.”
Changes are coming to the way agencies are graded on the FITARA scorecard, subcommittee chairman Rep. Gerry Connolly (D-Va.) said. A revamped scorecard should retire the data center optimization subcategory after the committee indicated thousands of federal data centers across the country have been closed since 2016, saving an estimated $4 billion, he said.
“Expected updates to agency IT data reporting requirements and upcoming revisions to the IT Dashboard provide an opportunity to enhance and upgrade the scorecard,” Rep. Connolly said in his opening remarks. “Congress must use metrics that empower and incentivize CIOs to improve federal IT. And we must collectively avoid bureaucratic gaming by cherry-picking metrics that enable agencies to inaccurately inflate their performance.”
New metrics could cover workforce development, customer experience, legacy IT retirement and supply chain management.
Experts continued urging lawmakers to revise the FITARA scorecard to more closely evaluate agencies’ cyber posture, including changing the Federal Information Security Management Act metrics. Just two agencies earned “A” grades on the FISMA cyber subcategory, while nine agencies received “C” scores and six earned “D” grades.
On Log4j, lawmakers requested a classified hearing to understand how agencies have been working to mitigate and respond to recent cyberattacks and ongoing threats.
Dunkin, whose agency received a “D” grade in the FISMA subcategory, told lawmakers she could speak to the agency’s cyber posture details and response to the software vulnerability in a classified setting, before adding: “Rest assured that we are vigilant in ensuring the security of DOE’s assets.”
Rep. Andrew Clyde (R-Ga.) responded: “Well, with a grade of D, that doesn’t give me much confidence.”
Overall, grades held mostly consistent for the 24 Chief Financial Officer Act agencies featured on the FITARA scorecard, with 13 maintaining the same scores from July 2021 and seven earning higher marks. The GSA, Department of Agriculture, Department of Housing Urban Development and the Social Security Administration received lower marks on the latest scorecard in part due to low marks associated with the EIS transition. Meanwhile, the U.S. Agency for International Development (USAID), the National Science Foundation, NASA and the Department of Transportation all earned “A” grades on the EIS transition after successfully moving to the new contract vehicle.