Efforts to modernize information technology systems are at a standstill at most federal agencies, according to the eighth iteration of the Federal Information Technology Acquisition Reform Act scorecard. Changes to the scoring methodology are the most likely explanation.
The House Committee on Oversight and Reform’s Subcommittee on Government Operations held a hearing on FITARA 8.0 on June 26.
The June 26 FITARA release showed that 11 of the 24 graded agencies received the same overall score — graded on an A to F scale — as in December 2018. Five agencies improved their grades, four dropped, and four agencies received two grades because of changes to the Office of Management and Budget’s data center optimization initiative (DCOI).
No agency received an overall grade of an “A” or a failing grade in Scorecard 8.0. Four agencies maintained their “B+” grades. Two agencies – the Homeland Security Department and the National Aeronautics and Space Administration– dropped to a “D-.” The Defense Department, which has consistently received grades ranging from “D+” to “F+” received a “C+” for the first time.
Some agencies have seen ups and downs in grading over the years. For example, the U.S. Agency for International Development is the only agency to ever receive an “A-.” After bringing its score to up an “A-” from a “D-,” its grade dropped to a “C-” in May 2018. Now, it’s a “B-.”
Scorecard 8.0 Grading Changes
Agency grade fluctuations can at least partially be explained by changes in the way agencies are scored. The first two scorecards evaluated four categories. Each scorecard since then has added or altered a category.
The grades in this iteration are based on six categories that receive letter grades: incremental development, risk reporting, portfolio management, data center consolidation, software licensing, and modernizing government technology. Agencies were also rated on whether the chief information officer reports to the agency secretary or deputy secretary and whether the CIO is permanent or acting.
There are three changes to the way agencies were graded in this iteration.
FISMA Addition to Scorecard
Scorecard 8.0 added a new category related to how well agencies are meeting their cybersecurity responsibilities under the Federal Information Security Modernization Act (FISMA). In previous scorecards, the FISMA category was pending and the grades weren’t included in agency final scores.
FISMA grades are up compared with the pending grades in December’s scorecard, but the grades were still poor, with 12 agencies receiving a “D” or “F.” The addition of FISMA grades can partially explain why agency progress appears to be at a standstill since the last scorecard: Although agencies may have made advances in other categories, the poor FISMA scores essentially pulled down their average, making it difficult for them to show overall improvement.
A new column for agency chief information officer (CIO) authority enhancements was added to Scorecard 7.0 as an area under consideration, but it didn’t show up in Scorecard 8.0.
The incremental development area “now captures projects that are not primarily software development in nature, such as a non-IT acquisition with a tech component,” Carol Harris, the Government Accountability Office’s director of IT management issues, said in her opening statement. She also noted that the change decreased 10 agencies’ scores for incremental development, while only three – the departments of Agriculture, Defense, and Treasury – went up.
Data Center Debate
The data center optimization initiative (DCOI) grades, highlighted in gray on the chart above, keeps the Scorecard 7.0 grades. However this time around, each agency received one overall grade based on DCOI scores from Scorecard 7.0 and one overall grade that excluded DCOI. This is because OMB’s DCOI guidance was updated in June and is likely to be fully incorporated into Scorecard 9.0. But the interim result on Scorecard 8.0 is that four agencies – the Housing and Urban Development Department, Veterans Affairs Department, Environmental Protection Agency, and Social Security Administration – received two overall grades.
OMB’s update changed the way it classifies data centers and how it measures agencies’ progress. As part of these changes, small server closets, telecom closets, single computers acting as servers, and other “spaces not designed to be data centers” – which OMB is calling non-tiered data centers – won’t have to be inventoried. These data centers account for 80% of agency data centers, Harris said.
Federal CIO Suzette Kent, of OMB, said that DCOI changes are partially aimed at better defining what’s classified as a data center, so things like printers and weather stations aren’t considered data centers if that’s not how they’re being used. She also explained that some agencies have special circumstances for operating a data center, which is the reason different agencies may have different targets.
Harris expressed concern over the DCOI updates. “If these changes are implemented as is, the committee will lose the ability to track and measure progress in this area since the initial scorecard because the baseline for comparison will have changed,” Harris said. “The changes will likely slow down or even halt important progress agencies should be making to consolidate, optimize, and secure their data centers.”
Rep. Gerry Connolly (D–Va.), chairman of House Oversight and Reform’s Subcommittee on Government Operations, expressed a different concern about OMB’s changes. He noted that because the scores emphasize optimization rather than consolidation of data centers, agencies may try to justify keeping all their data centers rather than satisfying the law. “What we obviously don’t want is a circumvention and a delusion of the goal, and we’re nervous ‘optimization’ gives a lot of wiggle room,” he told Kent.
FITARA metrics and categories are likely to continue to be revised. While these changing targets may make it difficult for agencies to improve their scores, it doesn’t have to be a problem for contractors. By keeping up with changes in the scorecard and tracking agency progress, contractors can pinpoint areas where agencies may require help, which could lead to future opportunities.
The Subcommittee on Government Operations is considering creating monetary incentives for agencies. Contractors may also want to track these changes in case some agencies have more money to put toward modernization. “The scorecards are meaningful to us, and eventually they’re going to be meaningful to the agencies because we’re working to attach dollars, both as penalties and rewards,” Ranking member Rep. Mark Meadows (R-N.C.) said in his opening statement.
To contact the analyst: Laura Criste in Washington, D.C. at firstname.lastname@example.org