Although Federal agencies received low marks in the new cloud computing category of the 17th edition of the FITARA Scorecard issued today by Rep. Gerry Connolly, D-Va., tech leaders from several agencies expressed gratitude for creation of the new category and shared plans to improve their scores going forward.
The FITARA Scorecard grades are compiled with input from the Government Accountability Office (GAO) and have been published semi-annually – usually by the House Oversight and Accountability Committee – since 2015.
Rep. Connolly – ranking member of the House Oversight Subcommittee on Cybersecurity, Information Technology, and Government Innovation – hosted a roundtable discussion this morning with agency representatives to discuss the scorecard rather than via an official subcommittee hearing.
“A large part of this decrease in the grades was driven by the cloud computing category because it is brand new, and it’s something that we have not had a focus on relative to the scorecard,” said Carol Harris, director of information technology and cybersecurity at GAO. “So, the grades were low in this category.”
Of the 24 Federal agencies who participate in the FITARA Scorecard, just one – the Department of Defense – received an “A” grade in the new cloud computing category. One received a “C” – the Department of the Interior – six received a “D,” and 16 received an “F.”
Harris dove deeper into the details from a cloud procurement standpoint, explaining that a lack of service-level agreements (SLAs) – or the contracts between Federal agencies and their cloud providers – played a large factor in the failing cloud grades.
Since 2019, the Office of Management and Budget (OMB) has required Federal agencies to have SLAs for their cloud deployments, but Harris said “that’s not happening within the government.”
“We’ve seen very uneven implementation of these requirements. And these service level agreements are critically important because they’re intended to provide continuous awareness of the confidentiality, integrity, and the availability of the assets and the information in the cloud,” Harris said. “So, it’s critically important for agencies to have these SLAs.”
“Not only that, but OMB requires a standardization of these SLAs across agencies, and that’s also something that we haven’t seen,” she added.
Harris said that these “two key ingredients” are contributing to the 47 percent average failure rate on the scorecard in this particular area.
This spring, GAO will release a report to analyze Federal agencies’ compliance with executive branch cloud computing guidance. Agencies will be graded based on their ability to meet five procurement-related requirements developed by OMB.
“From a procurement standpoint, we need to get this right,” Harris said. “So, I’m really glad that as part of the new cloud category, we’re measuring this because we need to see improvement in this area.”
Sairah Ijaz, the deputy chief information officer (CIO) at the Department of Housing and Urban Development (HUD), said that she appreciates the evolution of the scorecard to include the cloud computing category.
The renewed focus on cloud computing “is important to us,” she said, adding that “being able to evolve the scorecard and keep that as something that we need to focus on” is crucial.
Jason Gray, the CIO at the United States Agency for International Development (USAID), agreed, noting that the FITARA Scorecard now allows him to have clear cloud goals – such as meeting SLA requirements.
“When I look up there, and I see the ‘D’ in cloud, it makes me go, ‘What’s going on?’ And the great thing is, I know exactly what’s going on,” Gray said. “And, I know exactly what I need to do to change that.”
“The thing I do value about FITARA is I don’t feel alone. I know I’m in this together with everyone. I have support across the CIO community, across the Federal government, across Congress – I feel empowered to bring about the change that needs to happen,” he added.
Gray, whose agency is the only agency to receive an overall “A” grade on the latest scorecard, attributed USAID’s success to “the embrace of FITARA across the board” at the agency. He said his employees all know what the scorecard is, and they actively look for ideas on “ways to reduce burden” and “ways to be more efficient and effective with money.”
“I know we’ve heard, ‘What gets measured gets managed, what gets managed gets done.’ That’s the exact thing that FITARA has been driving for all agencies, and I’m glad we have it,” Gray concluded. “I’m glad it’s growing and improving.”
FITARA Awards set for Tech Tonic March 14
Want to hear more about the latest FITARA Scorecard results, along with remarks from Rep. Connolly and presentation of MeriTalk’s FITARA Awards to individual agency CIOs? If so, please mark your calendars for March 14 for Tech Tonic – the next evolution of Cyber Smoke and the happiest hour in government IT. Please join us at Morton’s The Steak House on Connecticut Ave in D.C. from 5 p.m. to 9 p.m. for all the fun and friends.