What you need to know about changes to FITARA

Changes to the FITARA scorecard will affect industry and agencies alike. Here's what you need to know and how to prepare.

Changes to the FITARA scorecard introduced in December 2020 will affect both federal agencies and industry alike. There is a continued push to have agencies effectively use IT to meet FITARA objectives, especially in the scorecard categories of Cybersecurity and Modernizing Government Technology. With the next agency self-reporting period coming in April, vendors and systems integrators should be tracking these changes and helping agency customers meet their mission goals and boost their FITARA grades. (Click here to review the latest scorecard.)

Beyond the scorecard changes introduced in December, it’s safe to expect more transformation as the incoming administration introduces new policy priorities. What’s more, Congress has shown that, once agencies have achieved across-the-board success in a category, that category will be retired, and focus will shift to the next area of much-needed improvement. Here is how emphasis in FITARA compliance will be shifting with this latest reporting period.

Software Licensing /Emphasis on Transition to EIS

In this latest FITARA Scorecard, GAO’s House Government Operations Subcommittee chose to sunset the Software Licensing/MEGABYTE category, because all 24 agencies on the scorecard received an “A” grade.

Another recent change to the scorecard is the addition this past August of the “Transition off Networx” category, which grades agencies on their transition from the Networx telecommunications contract to the Enterprise Infrastructure Solutions contract. Unlike the Software Licensing category, the Networx transition poses a definite challenge for some agencies as five agencies have received a failing grade. No doubt, this area will be closely monitored by Congress over the next year.

Cybersecurity Remains Very Relevant

Despite the recent and upcoming FITARA scorecard changes, one category will not be sunsetting anytime soon – Cybersecurity. Recent attacks on SolarWinds and continuous threats from around the world have put this category in the spotlight, and Congressional eyes are closely watching developments. 

Jody Hice, ranking member of the House Committee on Oversight and Reform was responsible for issuing the 11th release of the FITARA scorecard, along with the House Rep. Gerald E. Connolly, Chairman of the Subcommittee on Government Operations. In a press release in December, Hice emphasized the crucial roles of Cybersecurity and IT Modernization. She noted that “Agencies’ information technology systems need to meet modern-day challenges, steward taxpayer dollars, and ensure the success of their critical mission. In light of the recent cyberattack against several U.S. departments and agencies, it’s also imperative to reflect on their state of cyber readiness.”

With cyber-attacks on the rise, this category is not only staying put on the scorecard but will be a main focal point for the subcommittee.

Effective Use of IT

Even with all 24 agencies receiving an overall passing grade, Subcommittee Chairman Rep. Gerry Connolly will continue to hold agencies accountable for improving their scorecard performance. “FITARA remains an effective tool at catalyzing IT advancement across the enterprise of the federal government,” Connolly noted. “Let’s ensure we use it to continue to raise the bar.” 

This begs the questions of how agencies can “raise the bar,” and how industry can best support its agency customers.

In his joint statement with Hice, Connolly provided some context to what that means, “In the midst of a global pandemic, continued reliance on remote work, and an unprecedented and highly sophisticated cyber-attack by a foreign adversary—the importance of federal agencies’ effective use of IT is too great to ignore.”

Effective use of IT not only means finding ways to use technology to boost an agency’s FITARA grade. Equal emphasis must be placed on what agencies can do to ensure that IT secures and protects mission-critical information and systems.

Although the Subcommittee on Government Operations has yet to hold a public hearing regarding FITARA 11.0, as mentioned earlier, it is likely that the focus of the next hearing will be shaped by new policy and changing federal government leadership. Regardless of the outcome of that hearing, the priorities outlined here provide the best roadmap currently available for improved FITARA compliance.