Government Security: Looking From the Inside Out

With a number of high-profile security hacks involving widely used software, government agencies are retraining their focus on their organization's security measures and those of the vendors and service providers that work with them. This shift in focus was actually on the rise before the recent hacks in anticipation of cyberattacks just like the ones we've recently seen.

In January of 2020, the Defense Department implemented the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. Contractors have always been held responsible for implementing and documenting their IT systems' security that touch sensitive government data. Under CMMC, this continues, but adds the need for a third party to assess the contractor's compliance.

Continue reading

Agencies Meet FITARA Goals Even While Battling Pandemic Challenges

The latest Federal IT Acquisition Reform Act (FITARA) scorecard showed that all agencies still have passing grades when it comes to meeting federal goals for IT management and reporting, but there was some backsliding in the latest report.

Health and Human Services, Labor, and the Veterans Administration improved their overall scores, while five agencies -- Commerce, Small Business Administration, The General Services Administration, Social Security Administration, and U.S. Agency for International Aid - all dropped. A positive among the scores was that every agency received at least one A for the first time in the scorecard's history.

Continue reading

FITARA Has a Bounce Back Semester

The last time we wrote about FITARA, the news was pretty grim. The 6th check-in since the Federal Information Technology Acquisition Reform Act (FITARA) was enacted in December 2014 found that many agencies were backsliding regarding their ability to show progress against FITARA goals of Data Center Consolidation, IT Portfolio Review Savings, Incremental Development, and Risk Assessment Transparency. This was a bit surprising given that the introduction of the Modernizing Government Technology (MGT) Act was expected to help improve FITARA scores. While compliance with MGT is still slow, some other areas picked up momentum helping propel the FITARA scores upward.

The seventh version of the FITARA scorecard showed progress at many agencies over the six months between reports. No agencies saw their grades drop. Additionally, for the first time, there were no Fs on the report. Now, getting excited about no Fs may be setting the bar a bit low, but the DoD, due in part to sheer size and complexity, has struggled with the scorecard, and this cycle earned a D+. Other agencies making notable progress were the VA moving from a C+ to a B+, HHS from C- to B+, and Small Business Administration moving from a D+ to a B+. Continue reading

FITARA 6.0: The Case of the Falling Scores

As summer vacation is in full swing across the country, we're sure many of you are missing tracking the grades of your students (insert sarcasm font here). We wanted to fill that void with a look at where agencies stand on their FITARA report cards. We've written here before about the progress, and lack of progress, agencies are making regarding modernizing IT infrastructure and services. The sixth report card on FITARA compliance was issued in May so we wanted to revisit the topic.

The Federal Information Technology Acquisition Reform Act (FITARA) was enacted in December 2014 and agencies are evaluated on their progress against the Act's goals about twice a year. The latest report found that despite a renewed focus on modernization from both the executive and legislative branch, agencies are actually backsliding in terms of grades.

Part of the challenge agencies had with this reporting period was the addition of a new category to track progress on the Modernizing Government Technology (MGT) Act. This "failure" should perhaps have been graded on a curve since MGT has only been in place since December 2017, meaning many agencies have not yet had a chance to have their proposals funded, much less started work.

But even discounting the MGT "learning curve," agency scores show that there is a real struggle across the board in meeting FITARA goals around: Continue reading

Are We There Yet? Achieving IT Reform in the Federal Government

In this post, we provided an overview of The Federal Information Technology Acquisition Reform Act (FITARA) and the various other Acts that have been passed to help streamline the procurement and use of IT for a modern government. Even with all of this focus on improving IT infrastructure, compliance with FITARA has been slow. Grades on the self-assessment scorecards are stagnating, and compliance with other related acts has been just as slow. It's easy to agree that government IT needs a boost to meet the expectations of citizens, so why, with all of these incentives and compliance checks in place, is progress so slow?[Tweet "Are We There Yet? Achieving IT Reform in the Federal Government. #GovEventsBlog"]

In an IT and "business" environment as complex as the federal government, there are many reasons for the slow improvement toward FITARA goals. Here are just a few of the challenges agencies are facing in meeting what seems to be "no-brainer" directives: Continue reading