The House Oversight and Reform Committee is likely to release the 13th version of its FITARA Scorecard next week, with the House Government Operations Subcommittee also lining up a hearing to discuss the scorecard results.
The scorecard is compiled by the House Oversight Committee with help from the Government Accountability Office (GAO), and since 2015 has been issued twice per year to rank the 24 Federal CFO Act agencies in several categories to track their progress against IT-focused goals.
Speaking today at House Oversight on draft legislation to update the Federal Information Security Management Act (FISMA), Government Operations subcommittee ranking member Jody Hice, R-Ga., indicated that the subcommittee will hold its FITARA hearing next week.
Separately, a knowledgeable source indicated that the subcommittee hearing will be held on Jan. 20.
On the heels of today’s FISMA hearing, cybersecurity is likely to get some significant airtime at the subcommittee FITARA hearing next week. At today’s event, Rep. Hice suggested that the subcommittee may want to take another look at the data that goes into FITARA scoring in the cybersecurity category.
In response to a query from Rep. Hice, Jennifer Franks, Director of Information Technology and Cybersecurity at the Government Accountability Office (GAO), explained at today’s hearing that the data that goes into the cybersecurity grading on the FITARA scorecard is compiled from public sources.
Franks indicated that non-public data may be available to further inform the cybersecurity gradings, but that it would be difficult to use the data for that purpose because of its sensitivity.
The 12th edition of the FITARA Scorecard issued in July 2021 ranks the 24 CFO Act Federal agencies across eight metrics: 1) progress in transitioning to the GSA’s Enterprise Infrastructure Solutions (EIS) communications services contract; 2) CIO authority enhancements; 3) transparency and risk management; 4) portfolio review; 5) Data Center Optimization Initiative (DCOI); 6) Modernizing Government Technology (MGT) Act; 7) cybersecurity; and 8) whether the CIO reports to the agency head or deputy.