The Federal Information Technology Acquisition Reform Act (FITARA) is an act that was passed in 2014 with the aim of improving IT acquisition processes across Federal agencies. Its goal is to ensure that agencies have effective oversight over their IT investments and are spending wisely on technology initiatives. The most recent scorecard, FITARA 16.0, was released on September 26, 2023. The grading categories on the scorecard are: CIO Authority Enhancements; Enhanced Transparency and Risk Management; Portfolio Review; Data Center Consolidation; Modernizing Government Technology (MGT) Act; Cybersecurity; Progress in transitioning off of GSA’s old Networx contract and onto its Enterprise Infrastructure Solutions (EIS) communications services contract.

Below are the FITARA grades for the Department of Veterans Affairs (VA) Office of Information and Technology (OIT). The rows are: “WAS” – grades given in the last FITARA scorecard from December 2022 and “IS” grades given in the latest FITARA 16.0 September 2023 rating. I added an additional row labeled “SHOULD BE” – representing grades I feel VA/OIT currently deserves and in the commentary, I explain my rationale.

Agency CIO Authority Enhancements FITARA grade: Was: A. Is: A.  Should be: B. FITARA assesses the degree to which agencies are using incremental or “Agile” modernization approaches, particularly in software development, rather than the poor performing “big-bang” approach.  VA’s 16.0 “A” score remained the same as in the FITARA 15.0 December 2022 scorecard. VA’s current FITARA “A” grade for incremental/Agile development overlooks VA’s faltering attention to VA’s massive and growing inventory of legacy systems and the resultant effects on Veterans’ outcomes. VA’s grade for Agency CIO Authority Enhancements should be a “B”.

VA Transparency and Risk Management FITARA grade: Was: B. Is: B. Should be: C. This FITARA grade is based on project cost, schedule, and performance variance data reported by VA/OIT to the Office of Management and Budget (OMB) and reflected in the Federal IT Dashboard. In this latest FITARA 16.0 scorecard, VA’s score remained at a “B” grade.  VA/OIT has done an excellent job allocating and tracking IT infrastructure investments through a Technology Business Management (TBM) framework which is a contributing factor in its score.  However, VA/OIT lacks transparency into its major software Enterprise License Agreements, e.g., Microsoft, Oracle, Adobe, etc. In addition, the cost and schedule variance data that VA/OIT uploads to OMB are still predominately project estimates made by VA managers and their supporting contractors who have a vested interest in the reported data. VA’s current FITARA grade for VA Transparency and Risk Management should be a “C”.

VA Portfolio Review Savings FITARA grade: Was: D. Is: D. Should be: D. The “D” grade given to VA/OIT in FITARA 16.0 is unchanged from the “D” grade received in December 2022.  This grade is given based upon the degree to which VA/OIT has been successful in driving down costs by finding unnecessary or duplicative IT spending and improve agency processes to drive mission and customer-focused IT solutions.  This “PortfolioStat” has historically been focused on IT commodities purchases such as internet, mobile phone, and other infrastructure products. In VA, the CIO’s spending oversight, active governance processes, dedicated work by VA/OIT’s Office of Strategic Sourcing, and adoption of the Technology Business Management (TBM) framework are all best practices. However, more can be done to consolidate duplicative and eliminate unused software licenses. VA/OIT lags in its adoption of modern and available COTS products to gain insights into this wasteful spending on licenses. VA’s grade here should be “D“.

VA Data Center Consolidation FITARA grade: Was: A. Is: A. Should be: A. VA’s A grade is warranted due to VA/OIT/Infrastructure Operation’s dedicated management focus on this issue. VA’s data center consolidation team is attentive and effective.  I give VA an “A” grade for Data Center Consolidation.

VA Modernizing Government Technology FITARA grade: Was: D. Is: D. Should be: A. VA/OIT again received a “D” grade in FITARA 16.0.  A “D” grade for VA modernization should be reconsidered. It is simultaneously modernizing its electronic health record (EHRM), its financial systems Financial Management Business Transformation (FMBT), (hopefully soon) its human resource systems (HCM), and its supply chain systems (SCM), all the while aggressively moving legacy applications to the cloud. Each one of these VA modernization efforts is massive in size, scope, and complexity. I repeat my earlier argument that use or nonuse of the Modernizing Government Technology (MGT) Act Working Capital Fund should not be the basis for this FITARA grade. VA has its own internal Franchise Funds which can be used for the same purpose.  VA deserves an “A” grade for Modernizing Government Technology.  

VA Cybersecurity: Was: D. Is: C. Should be: C. In this latest FITARA 16.0 scorecard, VA’s cyber grade improved to a “C”. FITARA cyber scoring methods are still vague and confusing. However, by the time the next FITARA scorecard comes out, CISA will have created a solid baseline to measure cross-government cyber efforts. Having said that, VA’s Chief Information Security Officer has made strong progress in VA’s cybersecurity management and staffing which substantiates the improved score. To move towards an A score, VA must a) prioritize and fund increased observability of its “BEDROCK” legacy applications and b) modernize its identity authentication and access management infrastructure, and c) deal with its “Internet of Medical Things” cyber weaknesses. VA deserves a “C” grade for Cyber.

 VA Transition off Networx: Was: C. Is: F. Should be: F. The metric for this grade was changed to a pass/fail in FITARA 15. Each agency is now measured by whether it has moved at least 90% of its telecom services off the old General Services Administration (GSA) Networx telecommunications contract to the new GSA Enterprise Infrastructure Solutions (EIS) contract. VA/OIT has made steady progress but could and should accelerate its efforts to meet the 90% goal.  VA’s grade should be an “F”.