The latest edition of the FITARA Scorecard released today by the House Oversight and Reform Committee shows a mild trend toward declining agency grades across a range of IT-related performance measures.
But a more fulsome look into the committee’s evaluation shows that much of the grade volatility in the latest scorecard has more to do with ongoing changes to the committee’s scoring categories and methodologies.
On the latest scorecard, only one agency earned a higher score compared to the December 2021 gradings, eight agencies saw declining marks, and 15 agencies held steady with the previous grades. That declining trend compares to the previous scorecard issued in December 2021, which showed a more positive trend with seven agencies earning higher grades, four slipping backward, and 14 hanging steady.
What has changed over the last several months to make the two trendlines look different?
The biggest factor has less to do with what the 24 graded Federal agencies are doing, and more to do with how the committee is getting rid of long-standing grading categories – and very likely preparing to put new categories in place.
Some of the bigger changes evident on the 14th edition of the FITARA Scorecard issued by the committee today:
- The removal of a grading category for compliance with the Data Center Optimization Initiative (DCOI). The committee said late last year it would sunset the DCOI category, mainly because most agencies had gone about as far as they could go with complying with the policy, and so had earned “A” grades in the category. Fast-forward to the scorecard issued today, and some agency grades look choppier without that reliable “A” grade in the DCOI category.
- The absence of data available to the committee to help arrive at cybersecurity-related grades.
On the data center closure front, the committee also previewed a grading category that it may use on its next scorecard that ties into how well agencies can demonstrate to the committee that they have closed the “maximum number of data centers possible.” The grading in this previewed category will rely on how well agencies respond to the committee’s requests for that information, the panel said today.
And while not impacting the grades issued today, the committee also indicated it will be sunsetting its long-standing grading category for whether agency CIOs report to the agency secretary or deputy secretary. The removal of that category – and whatever it may be replaced with – will have a significant impact on agency scorecard grades later this year and thereafter.
“Notably, many agencies’ grades were impacted by the removal of the DCOI methodology sunset and absence of available data for cybersecurity cross-agency priority goals,” the committee said today. “If the same methodology from the prior scorecard had been used, four agencies’ grades would have increased and 20 would have remained the same.”