Federal agency scores plummeted on the 17th Federal IT Acquisition Reform Act (FITARA) scorecard. The reason for the drop in grades: Continued struggles to implement best practices for moving workloads and services to the cloud.
The scorecard, released by Rep. Gerry Connolly (D-Va.), co-author of FITARA, today, showed double the amount of “C” grades with 10 “Cs” and three “D” grades for the first time since July 2022.
Connolly is holding a FITARA scorecard roundtable today on Capitol Hill with the chief information officers from the Office of Personnel Management, which received a “C” grade, the Nuclear Regulatory Commission, which received a “B” grade and the U.S. Agency for International Development, which received the only “A” grade on the scorecard for fifth consecutive time.
Connolly updated the FITARA scorecard for this 17th version with the cloud computing category, bringing down nearly every agency’s grade. The ranking member of the Oversight and Reform Subcommittee on Cybersecurity, IT and Government Innovation, signaled the change to the scorecard in the previous version issued in September.
The latest scorecard showed 16 agencies with “F” grades and 6 with “D” grades under the cloud category. The grades are based on agency implementation of the best practices outlined in the 2019 Federal Cloud Computing Strategy from the Office of Management and Budget based on the Government Accountability Office analysis from January.
DoD earn only “A” grade under cloud
In his opening statement, Connolly said the cloud category replaces the data center consolidation score after agencies have made substantial progress in closing data centers and migrating workloads to the cloud.
“In spring of 2024, the Government Accountability Office (GAO) will release a report that subcommittee Democrats requested on the extent to which federal agencies complied with executive branch cloud computing guidance. Agencies will be graded based on their ability to meet five procurement-related requirements developed by OMB,” Connolly said. “Agencies will earn one point for full implementation of each requirement, a half point for partial implementation and no points for failing to implement the metric. Cloud spending in the federal government has increased from $10 billion in fiscal 2021 to more than $16 billion in 2023 and FedRAMP cloud authorizations have increased by more than 60% since 2019. This is a growing area of federal IT spending that demands oversight.”
Interestingly, the only agency to receive an “A” grade under this category was the Defense Department. Agencies that have been using cloud services and putting more than 70% of all services and workloads into the cloud like the General Services Administration and the Agriculture Department received “Ds,” and the Small Business Administration received an “F.”
The cloud scores brought down the Education Department and GSA’s overall scores as well. Both received “A”s in the September scorecard, but this time both received “Cs.”
“The strategy identified five key requirements of cloud procurement that help ensure successful cloud adoption. The five requirements focus on ensuring that the CIO oversees modernization, agency cloud-related policies and guidance are iteratively improved, service level agreements are in place, service level agreement contracts are standardized, and visibility in high value asset contracts is continuously ensured,” the scorecard detailed.
Connolly did not include the other previewed category in the previous scorecard, CIO reporting structure, budget and acquisitions in the 17th iteration.
New progress tracker
Connolly said there are several other evolutions with the scorecard.
He said the a minor change to the Modernizing Government Technology (MGT) category awards full credit to agencies that have an IT-dedicated account that satisfies the MGT Act’s intent, regardless of whether the account is officially called a “Working Capital Fund” (WCF).
He said such accounts must be IT-dedicated funding streams that provide at least three years of flexible spending that is fully controlled by the CIO.
Additionally, the Transparency and Risk Management category now focuses on the timeliness of agency data updates to create the new CIO Investment Evaluation category.
“Specifically, agencies will be graded on the recency of their IT Dashboard ‘CIO Evaluation History’ data feed, which displays how recently agencies’ CIOs submitted new risk level assessments for major IT investments. The more recent the assessment, the higher the grade to ensure that agencies’ CIOs evaluate IT investment risk in compliance with FITARA,” Connolly said. “Agencies have not been consistently updating their data. The raw data on risk designations that previously supported the Transparency and Risk Management category has been moved to the new progress tracker.”
The progress tracker, which also is new for the 17th iteration of the scorecard, focuses on some of the older FITARA categories like transparency and risk management, data center consolidation and CIO reporting that agencies have mostly been successful in meeting the goals of over the last five or so years.
“One reason we worked with GAO to create the Progress Tracker was to provide greater transparency for some of the scorecard’s underlying data that is not being updated regularly by agencies or no longer lends itself to being easily graded across agencies, but is still valuable to track,” he said. “Raw risk designation percentages for the Transparency and Risk Management category and total cost savings from the Portfolio Review Savings category are now displayed in the progress tracker. We want agencies to continue to update this information and be held accountable for the data they are reporting. For example, not once have all 24 Chief Financial Officer (CFO) Act agencies reported updated risk data in the same year. We would also like to drive more updated portfolio savings data from all 24 CFO agencies. The last time all agencies submitted their data was in 2019. On Scorecard 17.0, you will now see PortfolioStat savings data converted into raw numbers that are accumulative since the first PortfolioStat initiative in 2012.”
Connolly added the progress tracker also keeps the subcommittee’s eye on categories that are at risk of backsliding, like data center consolidation and managing software licenses through Making Electronic Government Accountable by Yielding Tangible Efficiencies (MEGABYTE) Act.
Connolly said the recent GAO report on software licenses “found substantial backsliding on many of the measures tracked by the previous MEGABYTE category on the scorecard. If no one is watching, if no one is keeping score, we know what happens. When the scorecard sunset the software licensing category, it signaled to agencies that this effort was no longer important. Unfortunately, progress has been lost and now must be restored. This example is why federal data center closures will remain an issue on our agenda.”
This story will be updated after the FITARA roundtable.