Federal CIO Suzette Kent said today that the Office of Management and Budget (OMB) is working with the Department of Homeland Security (DHS) to update metrics for Federal Information Security Modernization Act (FISMA) reporting, and said that agencies are seeing progress in those metrics, which are being tracked in a newly added category in the Federal IT Acquisition Reform Act (FITARA) scorecard.
“OMB and DHS are updating the FISMA CIO metrics to align with the report to the president on Federal IT and the PMA [President’s Management Agenda], and we expect to see improvement in Q3 on those metrics,” Kent said at the Digital Government Institute’s 930gov conference.
This will be an area of particular interest to track for Federal agencies, as FISMA metrics were previewed in a new category in the most recent FITARA scorecard. Agencies struggled in the initial grading–which was not yet factored into overall FITARA grades–with no agency receiving higher than a C in the previewed category.
Regarding the Report to the President on IT Modernization, Kent said today that 40 of the 52 tasks outlined therein are now complete, adding three more to the tally since her last update less than three weeks ago. “I’m still very excited that we intend to finish by the end of the year,” Kent said of the completion of all 52 modernization tasks.
She added that completion of that work will be reflected in new cross-agency priority (CAP) quarterly goals in the PMA, that will build on the accomplished tasks.
“We set out an agenda. We’re delivering on it. But achieving those tasks actually starts the next set of work,” she added. “So when you see these next set of CAP goals posted, around accountability…you’ll actually start to see new tasks now that are coming out of the results of those modernization tasks.”
Kent also said that the administration has placed an emphasis on updating its IT policies, beginning the first week in September through the end of the calendar year. The first update to the administration’s 2011 cloud strategy and the 2010 Cloud First policy–known as Cloud Smart–is expected in the next month.
Kent added today that about half of the Federal agencies in DHS’ Continuous Diagnostics and Mitigation (CDM) Program are now entering the DEFEND stage–which primarily supports Phase 3 of CDM rollout–a sign of progress after agencies had lagged in implementation of the first two phases of the program.
She said the administration is applying “critical focus” to get the remaining three civilian CFO Act agencies onto DHS’ governmentwide dashboard for cybersecurity data, after CDM Program Manager Kevin Cox said in June that 20 of 23 agencies were now connected.
Kent stressed the importance of “continuing to raise the bar” in Federal IT, in a manner that is currently informing those new administration policies and based on lessons learned from private industry and agencies. She said that the administration is building playbooks based on private sector best practices, “agencies on the leading edge,” and the top takeaways from the centers of excellence.
“We can share best practices and leverage success stories to move faster,” Kent said. “That’s actually one of the most exciting parts of my job.”