What’s the Scorecard on FITARA?

Where you land on FITARA’s scorecard in 2023 may be more important than you think.

To be relevant or not? That is the question. There is a direct correlation between technology modernization and the ability to quickly adapt to the advancement in technologies and innovation needed to thrive amidst a lack of resources, a shortage time, and possible threats.

The Federal Information Technology Acquisition Reform Act (FITARA) represents the first major overhaul of Federal information technology in over 20 years. FITARA aims to eliminate duplication and waste in information technology acquisition for the federal government; examine licensing software options; make the business case for acquisition and consolidate data centers. Along the way, it also makes agencies more relevant by optimizing their technologies.

With the help of the Office of Management and Budget (OMB), FITARA has had a significant positive impact on agencies. While the FITARA legislation itself is valuable, consistent oversight from Congress has made a real difference, especially in using the FITARA Scorecard to spotlight the agency efforts—or lack thereof— to advance IT management in those areas in which the scorecard measures progress.

How did FITARA score our largest federal agencies?

The US House Oversight and Reform Committee recently released its latest Federal Information Technology Acquisition Reform Act (FITARA) scorecard, measuring the progress of the 24 largest Federal agencies in managing their IT portfolios more effectively and efficiently.

The Scorecard 8.0, as it is known, includes, for the first time, a cybersecurity score reflecting FISMA (Federal Information Security Modernization Act of 2014) and Presidential Cross-Agency Priority (CAP) goal compliance. But again, the results are clear: most agencies need to do better  in this category. The highest grade was a B+, only obtained by three Federal agencies—the Department of Education, the General Services Administration, and the National Science Foundation.

As was presented and discussed in the FITARA 13.0 Hearing in January of 2022, there is consensus that the FITARA Scorecard should evolve to encompass the evolution of agency infrastructure and make it an even more valuable tool in measuring an agency’s IT management maturity of its unclassified systems environment. Recommended changes to the scorecard to evolve the program include:

• Agility – Encompass modern system development practices with a category measuring the use of DevSecOps
• IT Modernization – Improved Risk management processes and capabilities
• Cloud Computing – Evolve to a new, modern, interoperable IT infrastructure to facilitate cloud migration
• Zero-Trust Architecture – Evolve the existing cybersecurity category by measuring an agency’s cybersecurity posture, including adopting modern practices
• IT Workforce – Measure an agency’s ability to address its IT workforce challenges, including understanding workforce gaps and having the ability to recruit, develop, and retain IT staff

Once security is set, how do you keep it that way?

FITARA provides a solid baseline for improvement, but more is needed. You need more than assessing your security controls issue by issue. Once security is in place, you must maintain that posture through continual diagnostics and mitigation (CDM). Cybersecurity is never done. It never sleeps…but it does let automation take the reins.

This resourceful eBook—Securing Our Nation’s Infrastructure: Decoding STIG, CIS and CDM—will give you the intel you need to make the CDM part of your FITARA assessment fast, effortless, and easy to ace. See how automation is inextricably woven into the fibers of CDM and how you can make the FITARA grade by automating your security efforts with SteelCloud. By automating CDM for effortless compliance, you will:

• Remove the human effort—and error—from CDM
• Enjoy the agility of cloud computing without the risk
• Establish a Zero Trust stance and rapidly validate and verify everything…..inside and outside your network

How automation can be your biggest FITARA ally.

Recent threats carried out throughout some of our most highly regulated industries, financial institutions, and government reinforce the importance of being resilient in the face of continuing uncertainty, whether it be the uncertainty of the Federal budget, the political landscape, or the uncertainty of the next unexpected “Oh, what do we do now??”

Compliance-based measurement approaches alone can’t give you a clear picture of your organization’s maturity level. However, the nature of the environment could be more dynamic, and such practices need to consider the overall business strategy and mission. You also need:

 A holistic view of cybersecurity maturity and risk impact throughout the enterprise. Then you can establish a baseline to manage and track cyber risk activities.

• A flexible roadmap to continuously improve cybersecurity maturity and resilience and your FITARA scorecard results will also improve.
• CDM to ensure your baseline doesn’t drift and get out of compliance while you tackle other necessary work.

Watch our short demo video now to see how you can continually diagnose and mitigate every endpoint of your system—all while you sleep soundly, knowing that ConfigOS has been proven in countless implementations over years of use. Put the “M” in CDM with SteelCloud’s ConfigOS. Learn how we can help relieve the burdens of cybersecurity compliance through automation. To get started on your agency’s journey to a secure environment, enabled by automated security compliance, Schedule a demo today.