Rep. Gerry Connolly, D-Va., said today that his office is planning to issue the 18th version of the congressional FITARA Scorecard sometime in September.
The congressman – who is ranking member of the House Subcommittee on Cybersecurity, IT, and Government Innovation and an author of the 2014 Federal Information Technology Acquisition Reform Act (FITARA) that gave rise to the scorecards that have been issued twice per year since 2015 – confirmed the planning for the next scorecard following remarks at a Carahsoft event in Washington today.
“We are planning for the September timeframe” for FITARA 18.0, Rep. Connolly told MeriTalk.
Asked whether any scoring category changes are in the offing for the coming version of the scorecard, the congressman did not promise any.
But he did reiterate that he wants to add in a scoring category related to compliance with legislation approved late in 2022 to codify into law the Federal Risk and Authorization Management Program (FedRAMP) that evaluates the security of cloud computing services used by Federal agencies.
The Office of Management and Budget is still in the process of finalizing guidance that puts the new law into effect.
That process has not stopped the General Services Administration (GSA) – which runs FedRAMP – from going forward with substantial changes to the program, including GSA’s action announced in May to create a new FedRAMP governing board to replace the program’s Joint Authorization Board (JAB), which has served as the primary governance and decision-making body for the program since it was created in 2011.
Many Federal agencies received lower grades on the 17th edition of the FITARA Scorecard issued in February due at least in part to a significant reshuffling of the IT-related categories that the scorecard uses to issue overall grades for the 24 largest Federal agencies.
Those changes included a reduction in the number of scoring categories to six from seven, the removal of a category tracking progress on data center modernization, and the addition of categories covering cloud computing and CIO investment evaluation.
Speaking at MeriTalk’s Tech Tonic event in March, Rep. Conolly said that scoring category changes are baked into the philosophy behind the scorecards. “It’s always going to be an evolving product that’s never going to be static,” he said.
