Advertisement

Hurd: FITARA Scorecard, MGT Act up for discussion at IT Subcommittee hearing

The FITARA Scorecard, Hurd explained, needs to evolve.
Will Hurd
Will Hurd (House Oversight and Government Reform Committee / Flickr)

Will Hurd wants to make sure agencies are continuing to build on their recent progress modernizing legacy systems.

That’s why the Texas Republican chair of the House Subcommittee on Information Technology scheduled a hearing Wednesday to explore the status of agencies’ IT modernization efforts. 

“Now that we have all the players in place a year into [the new administration], we’ve got to make sure we’re building upon the successes of the last couple of years. And so we can’t be moving backwards,” Hurd said. “And so that’s really what this focuses on: How are we making sure all 24 CFO agencies are modernizing? What are the steps that we’re really taking in order to get there?”

He told FedScoop to expect discussions focused on compliance with the Federal Information Security Management Act (FISMA) and the Federal IT Acquisition Reform Act (FITARA) and the Modernizing Government Technology Act.

Advertisement

The FITARA Scorecard in particular, he explained, needs to evolve over time.

Originally designed to oversee agencies’ implementation of FITARA, the scorecard should continue to become more of a “true digital hygiene scorecard,” Hurd explained.

“The idea is, the scorecard has to fit on one sheet of paper,” he said. “It should be an evolution. And some of those categories should be taken off.”

He continued: “We introduced the MEGABYTE Act onto the last scorecard. There should come a point where everybody should be able to know what software, how many licenses they have.” And when goals like that are accomplished, those scores will be taken off, he said.

Another area that may need to be reexamined is the metric around data center consolidation.

Advertisement

“I think that issue of data center consolidation, we can maybe be a little more sophisticated in how we’re scoring that to ensure we’re moving in the right direction,” he said.

Hurd is also curious to hear how an array of new CIOs are leveraging the various tools his subcommittee has provided them.

IT leadership reshuffled predictably last year with at the start of the new administration, and a new federal CIO wasn’t named until this January, when President Donald Trump appointed Suzette Kent as U.S. CIO.

Kent is not slated to speak at the hearing, but Hurd said there will likely be a discussion on how the Office of Management and Budget and Kent are working with the agency CIOs to implement the MGT Act, which was signed into law in December as part of the 2018 National Defense Authorization Act.

Margaret Weichert, deputy director for management in the Office of Management and Budget, is among those slated to testify at the hearing.

Advertisement

Hurd envisions the Technology Modernization Fund being used for agencies who don’t have a culture of modernization to “short circuit” the path to making real change, he said.

Hurd cautioned that he didn’t want to “reward previous bad behavior” but that agencies with a culture of modernization will likely be able to use their own working capital funds to continue to modernize, Hurd said.

Others scheduled to speak at the hearing are David Powner of the Government Accountability Office; Bill Zielinski, deputy assistant commissioner of the IT Category at the General Services Administration; and Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications at the Department of Homeland Security.

One final question Hurd hopes to address in this hearing and others in the future — or potentially in letters to CIOs – is if agencies are doing regular penetration tests of their networks.

“I’ve been told that oh yes, of course, it’s a best practice to do penetration testing. Well people may be confusing a scan of a network as a penetration test,” Hurd said.

Advertisement

It’s an issue that’s “popped up” in conversations he’s had with industry professionals

“So how often are we using… those third-party researchers to come in and actually do a proper penetration test?” he said. “I don’t think it’s as widespread as I originally thought.”

Latest Podcasts