Federal agencies and the Office of Management and Budget (OMB) need to continue notching progress on IT acquisitions, operations, and cybersecurity necessary to meeting FITARA (Federal Information Technology Acquisition Reform Act) requirements, the Government Accountability Office (GAO) said.
According to a GAO report prepared in conjunction with the House Oversight and Reform Committee’s FITARA Scorecard 9.0, Federal agencies have implemented 61 percent of the 1,320 IT management-related recommendations from GAO since Fiscal Year 2010. Of the 3,323 security-related recommendations made since FY2010, 76 percent of those have been implemented, GAO said.
Looking forward, GAO urged agencies to focus on further improving CIO responsibilities.
“Laws such as the [FITARA] and related guidance assign 35 key responsibilities to agency CIOs to help address longstanding IT management challenges. In August 2018, GAO reported that none of the 24 selected agencies had established policies that fully addressed the role of their CIO,” the report said. “GAO recommended that OMB and the 24 agencies take actions to improve the effectiveness of CIOs’ implementation of their responsibilities.”
On the acquisition front, GAO found that 23 of the 39 recommendations – made after a January 2018 report found that most of the FITARA-covered agency CIOs “were not adequately involved in reviewing billions of dollars of IT acquisitions” – had been implemented.
GAO also said it has consistently found shortcomings in the Federal government’s approach to IT and that – as of Nov. 2019 – 76 percent of its recommendations had been implemented.
The Department of Homeland Security (DHS) is one of the agencies working to make more progress on the FITARA front. Testifying earlier this week at the House Government Operations Subcommittee’s FITARA Scorecard 9.0 hearing, DHS Acting CIO Elizabeth Cappello said key IT initiatives at the agency include establishing Authority to Proceed, Zero Trust, TIC 3.0, and Wide Area Network Modernization, among others, that will be essential to making gains in FITARA categories like cloud adoption, data center consolidation, and managing cyber risk.
“I use the FITARA Scorecard the same way this Committee does – to demonstrate my commitment to continuously improving IT and as a measure of progress for the Department. In important aspects, we know that we still have more work to do,” Cappello said.
Also testifying at this week’s hearing was National Aeronautics and Space Administration (NASA) CIO Renee Wynn, who talked about “new governance structure that gives the CIO greater visibility and authority within the Agency” and aligns with FITARA requirements. She also discussed further changes including:
- Increasing NASA CIO responsibility, accountability, and authority to drive efficiency and cost-savings through acquisition, deployment and management of IT, and ensuring the CIO reports directly to the agency Administrator;
- Establishing process changes with IT acquisition to ensure that the NASA CIO approves IT acquisition strategies and plans in partnership with the Office of Procurement, while leveraging strategic sourcing; and
- Using the Solutions for Enterprise-wide Procurement tool to help NASA manage Government-wide IT products to meet FITARA requirements.
“As evidenced by my testimony today, NASA is fully committed to implementing FITARA, and ensuring that our IT network is secure, effective and resilient,” Wynn said. “We look forward to working with Congress, the GAO, the NASA OIG and other Federal stakeholders, including OMB and other Federal agency CIOs in effectively implementing FITARA, and other associated laws, to reduce costs and increase the value of our IT acquisitions.”