DC on T2

Capitol Corner — January 2019

Published monthly as part of the FLC’s DC Perspective content, Capitol Corner focuses on one notable news item pertaining to the T2 community. The focus stems from agency publications, news sites, and DC-central organizations, with original sources, contacts, and links provided. For more information and Corner-related inquiries, please contact dcnews@federallabs.org.

The House Oversight IT Subcommittee’s End—and FITARA’s Future

Earlier this month, Virginia representative Gerry Connolly announced that the House Oversight IT Subcommittee would close and soon resume operations as part of the Government Operations Subcommittee. According to Connolly’s official biography, he will serve as chairman of the consolidated subcommittee, which maintains “legislative jurisdiction over the federal civil service [and] management of government operations and activities,” in addition to overseeing “federal IT security, acquisition policy, and management.” Connolly’s new role was accompanied by House Speaker Nancy Pelosi’s appointments of 15 Democratic members to the Oversight and Reform Committee, under which the Government Operations Subcommittee resides.

Connolly’s role of Subcommittee Chairman aligns with several IT initiatives we’ve covered over the past year. He was an original cosponsor of the Modernizing Government Technology Act (MGTA), a piece of legislation that was responsible for the Technology Modernization Fund (TMF) being set aside for key innovation projects at select agencies. Most notably, Connolly’s work with the original House Oversight IT Subcommittee included the Federal IT Acquisition Reform Act (FITARA). FITARA requires several (but not all) federal agencies to provide the Office of Management and Budget (OMB) with a comprehensive inventory of data centers, strategies to consolidate and optimize them to ensure maximum cost savings, and quarterly progress reports on their changes. After FITARA was passed in 2014, adoption of its processes was slow; by FITARA’s second phase-in of agency instruction, only 59 percent of the FITARA recommendations had been implemented by the affected agencies as of last March.

To combat this low adoption rate, President Trump signed an executive order last May that placed FITARA under control of the executive branch, alongside a three-pronged plan. As we reported, this order requires all agency chief information officers (CIOs) to convene as part of current bureau-level IT governance boards. By requiring CIOs to report on these boards, they can be more empowered and transparent when setting the agenda for their specific IT enterprise, which has governmentwide potential when combined across all FITARA-affected agencies.

When speaking on the now-transformed Government Operations Subcommittee, Connolly mentioned the FITARA scorecard. Agencies under FITARA’s jurisdiction are graded on their IT modernization initiatives as they relate to software license management, CIO reporting structure, and cybersecurity solutions, among other factors. To receive an A in any of the aforementioned IT zones, an agency must ensure the following.

  • With regard to software licenses, an agency will receive an A if it updates and maintains a comprehensive inventory and ensures that those licenses create better, cost-effective purchasing power. (If an agency has just a license library, it receives a C—a “passing” grade.)
  • With regard to CIO reporting, an agency will receive an A if its CIO oversees a specific working capital fund for IT modernization. (This initiative was spearheaded by the MGTA.) An agency scores a B if this fund will be in place by the end of the FY or within the next (FY 2019), a C for having a department-level (but not IT modernization-specific) capital fund, a D for having a different IT funding method, and an F if none of these other options currently exist.
  • The latest FITARA scorecard concerns the addition of agencywide cybersecurity solutions in line with the Federal Information Security Modernization Act (FISMA). FISMA was enacted to champion automated security tools to boost overall national security and the information health of specific agencies’ assets. While no scoring criteria exist at this time, the area combines with cross-agency priority (CAP) goals from President Trump’s Management Agenda. The Agenda claims that to enhance mission-critical government services, cybersecurity risks should be reduced governmentwide by leveraging commercial capabilities. This dovetails nicely into CAP Goal 14, which concerns accelerating lab-to-market T2.

Since May, when the last scorecards were issued and returned to agencies, FITARA scores have steadily risen, with the new grades published this past December. Seven agencies—most of which have their working capital funds regulated by a designated chief financial officer (CFO) under the CFO Act—have developed software licensing libraries since failing the requirement in May. Overall, 11 agencies showed progress in FITARA-scored IT areas, with 13 other agencies maintaining the same grade. No drops in grades were reported. The Department of Health and Human Services (HHS), for example, showed the most improvement, jumping from an aggregate grade of C- to B+. Government Accountability Office (GAO) Director of IT Management Carol Harris attributes much of the improved grades to streamlined software licensing libraries, which could save the government $714 million this year.

However, improvement is still desired in other areas of the FITARA scorecard, specifically the CIO reporting/funding provision. Only four agencies spoke of plans to establish a fund. Even though the FISMA-related cybersecurity scoring wasn’t established in December, the CIO Council previewed agency scores against preliminary criteria. Most agencies, if properly graded, would have earned a D or lower.

As cybersecurity concerns over tech theft and espionage continue to be battled out in Congress and elsewhere, strengthened cybersecurity controls and the funds to ensure them should be of utmost priority across all FITARA-complying agencies. The next scorecard’s release may not come until next quarter, yet such strides should be taken as soon as possible to ensure a whole-of-government IT modernization effort.

DC on T2