FITARA Has a Bounce Back Semester

The last time we wrote about FITARA, the news was pretty grim. The 6th check-in since the Federal Information Technology Acquisition Reform Act (FITARA) was enacted in December 2014 found that many agencies were backsliding regarding their ability to show progress against FITARA goals of Data Center Consolidation, IT Portfolio Review Savings, Incremental Development, and Risk Assessment Transparency. This was a bit surprising given that the introduction of the Modernizing Government Technology (MGT) Act was expected to help improve FITARA scores. While compliance with MGT is still slow, some other areas picked up momentum helping propel the FITARA scores upward.

The seventh version of the FITARA scorecard showed progress at many agencies over the six months between reports. No agencies saw their grades drop. Additionally, for the first time, there were no Fs on the report. Now, getting excited about no Fs may be setting the bar a bit low, but the DoD, due in part to sheer size and complexity, has struggled with the scorecard, and this cycle earned a D+. Other agencies making notable progress were the VA moving from a C+ to a B+, HHS from C- to B+, and Small Business Administration moving from a D+ to a B+. Continue reading

Digital Forensics 101

The digitization of records and processes across government increases the need for sound digital investigation tools and processes. Whether it is looking into a data breach or gathering information for litigation, organizations are spending a lot of time culling through this data to get answers to pressing issues. An IDG survey found that a vast majority of organizations conduct digital investigations on a weekly basis. These investigations range from proving regulatory compliance, security incident response (including post-event analysis), and stopping high risk employee behavior (acceptable use violations).[Tweet "A look at digital investigations with Tod Ewasko, Director of Product Mgmt. at AccessData. #GovEventsBlog"]

We sat down with Tod Ewasko, Director of Product Management at AccessData to learn more about the role of digital investigations as a part of everyday IT efforts.

Q: Who "owns" forensics? IT? Legal? HR?

A: The answer is kind of all three. Many people lump forensics in with cybersecurity, but it's really a separate entity. Yes, forensics tools are used to investigate cyber incidents, but they are not preventative. That is what you have the "hunting" tools out there for - watching firewalls and logs for anomalous behavior or activity. Once that is stopped, then the forensics tools come in to make sense of it - to see how it happened and drive the plans to make sure it does not happen again. Forensic tools look beyond the event and gather all data relevant to the systems in question.

Q: Is forensics all reactive then? Continue reading

Are We There Yet? Achieving IT Reform in the Federal Government

In this post, we provided an overview of The Federal Information Technology Acquisition Reform Act (FITARA) and the various other Acts that have been passed to help streamline the procurement and use of IT for a modern government. Even with all of this focus on improving IT infrastructure, compliance with FITARA has been slow. Grades on the self-assessment scorecards are stagnating, and compliance with other related acts has been just as slow. It's easy to agree that government IT needs a boost to meet the expectations of citizens, so why, with all of these incentives and compliance checks in place, is progress so slow?[Tweet "Are We There Yet? Achieving IT Reform in the Federal Government. #GovEventsBlog"]

In an IT and "business" environment as complex as the federal government, there are many reasons for the slow improvement toward FITARA goals. Here are just a few of the challenges agencies are facing in meeting what seems to be "no-brainer" directives: Continue reading

The Data Center Takes Center Stage

The Data Center is at the heart of our information-centric world and as such is key to government IT modernization efforts. Recognizing this, the Federal government introduced the Data Center Optimization Initiative (DCOI) in 2016 that requires agencies to meet specific consolidation, energy efficiency, and cost reduction goals by 2019. This initiative is an extension of and supercedes the Federal Data Center Consolidation Initiative (FDCCI), which focused primarily on reducing the data center real estate footprint. The investigation into data center utilization resulted in the closure of 1,900 data centers and nearly $1 billion in savings. DCOI operates on a similar premise of looking at underperforming data center assets, but extends the examination to energy efficiency and cost impacts. [Tweet "Meeting your #DCOI consolidation, energy efficiency, and cost reduction goals? #GovEventsBlog"]

To stay on track for the 2019 deadline, agencies will have to show they meet the following metrics by September 2018: Continue reading