The latest “report card” grading 24 of the largest federal agencies on their management of a combined $100 billion in annual federal spending on information technology and cyber shows that while no one flunked, many earned a ‘C.’
The 15th edition of the scorecard was reviewed today by the House Oversight and Reform Committee, which brings in stakeholders twice a year to discuss how well agencies complied with the Federal Information Technology Acquisition Reform Act and similar legislation. The scorecard was created in 2015 as a management tool for agencies that comply with FITARA.
The latest scorecard, for December 2022, showed that seven of the two dozen agencies with chief financial officers, making them subject to FITARA, improved their grades since the last assessment in July. The U.S. Agency for International Development was the only department to receive an “A” overall.
Eleven agencies including the Small Business Administration, the Department of Housing and Urban Development and the Office of Personnel Management saw their scores dip by a plus or minus, though they remained within grade, according to the scorecard.
Where many agencies struggled was in their transition away from legacy telecommunications contracts, it said. The scorecard measures agencies’ adoption of Enterprise Infrastructure Solutions, the General Services Administration’s 15-year, $50 billion contract vehicle that will serve as the government’s next servicer of telecommunications.
GSA had set a goal that by Sept. 30 of this year, 100% of the agencies’ telecom inventory would be off current expiring contracts and moved to EIS. USAID was the only agency to meet that goal by the deadline. Four others — the Departments of Health and Human Services, Treasury, NASA and the Nuclear Regulatory Commission — received passing grades for being having more than 90% completion.
Carol Harris, director of IT and cybersecurity at the Government Accountability Office, testified during the Dec. 15 hearing that 19 agencies failed in the EIS category because they did not fully separate from legacy contracts, which are set to expire in May 2023.
Of those, 17 are less than 80% complete with their transitions, she said.
“Agencies need to act with tremendous urgency to move the bar here and get off of those legacy contracts as quickly as possible,” Harris said.
Though GSA has provided for continuity of service through May 2024, Harris said missing those off-ramp deadlines will lead to cost overruns.
That’s what happened with the last agency-wide telecoms handoff from FTS2001 Bridge and FTS2001 Crossover contracts. The transition to Networx in 2007 took three years longer than planned and as a result of the delays, GSA’s estimated cost increased by 44%. That amounted to roughly $329 million in lost savings.
Harris also highlighted how cybersecurity grades were based solely on fiscal year 2021 inspector general reports.
Jason Gray, chief information officer for USAID, said cybersecurity assessments can, and should, be rounded out with more metrics than are currently being used.
“The [Federal Information Security Management Act] scores that we get every year are great, but they’re dated,” he said during his testimony.
Harris agreed that the existing metric for cybersecurity is incomplete and having cross-agency performance goals under guidance from the Office of Management and Budget would help create a more holistic picture.
CAP goals are four-year plans that measure federal progress toward implementing the President’s Management Agenda.
“I think what’s important is that these CAP goals need to be addressed because it is the law,” Harris said. “Having IT weaved into existing CAP goals as an enabler is a great thing, but it is not what the law says. Real property and IT need to have standalone CAP goals because these are longstanding IT management issues.”
Molly Weisner is a staff reporter for Federal Times where she covers labor, policy and contracting pertaining to the government workforce. She made previous stops at USA Today and McClatchy as a digital producer, and worked at The New York Times as a copy editor. Molly majored in journalism at the University of North Carolina at Chapel Hill.