New data center metrics to show up in FITARA scorecard
CIOs want FITARA scoring to grow as federal IT does, but not sprint ahead.
The FITARA scorecard coming up this winter will have to incorporate new Office of Management and Budget policy on agency data center reporting, according to one of the Government Accountability Office officials charged with managing the document.
The data center optimization category on the Federal IT Acquisition Reform Act scorecard will have to use OMB's new data center metrics, according to GAO's FITARA executive Kevin Walsh. Speaking at a July 31 ACT-IAC event on the progress of FITARA, he said the data center metrics used in past scorecards can't be used in the next.
The FITARA scorecard, said Maria Roat, CIO at the Small Business Administration, should evolve, but it shouldn't progress so quickly with technological developments that "it moves the goalposts" agencies are striving to reach.
At the event, Roat and Agriculture Department CIO Gary Washington said they've made progress in managing their agencies' IT spending through FITARA. However, both said the biggest benefit from the landmark legislation hasn't necessarily been more efficient, less costly systems. It has been evening out agency executive input into IT spending, they said.
"It's given us a seat at the table," said Roat. Washington agreed that federal CIOs now have good relationships with chief acquisition officers, chief financial officers and chief personnel officers, which provides a more cohesive environment for agency IT operations.
Roat and Washington, however, also agreed that the current methods used to measure Federal Information Security Management Act (FISMA) compliance are falling short, because they consider only a small portion of their cybersecurity efforts.
"It measures two systems out of hundreds," Roat said. "The cybersecurity score is not indicative of what agencies are doing."
"I agree on the FISMA scoring," Washington said.
Walsh said GAO was working to find a balance for scorecard evaluation, but without enough data on security, that was a hard target to hit. The scorecard, he said, is based on publicly available data, and some of the data agencies generate for cybersecurity activities might not be public. That can complicate the grading, he said, so GAO works with what it has.
The agency also has to work with Congress as to what goes into the scorecard, and some congressmen have specific areas of interest, he said.
All in all, Roat said, FITARA "has given CIOs a seat at the table" with other top-level agency administrators. She said her agency has progressed from "D-minus" on its initial FITARA report card in 2016 to a "B-plus" on the latest report card issued in June.