Two Virginia lawmakers are pushing to revive the government’s most influential IT oversight tools, warning that meaningful federal tech modernization won’t happen without a modernized FITARA Scorecard and a fully funded FedRAMP program.
Reps. James Walkinshaw, D-Va., and Suhas Subramanyam, D-Va., joined MeriTalk’s Fix Fed Tech event in Washington, where they discussed today’s biggest federal technology challenges and how to fix them.
The Dec. 4 session kicked off a series of working groups that will culminate in a recommendations report that MeriTalk will present to Congress and the General Services Administration (GSA) next summer.
“Our goal for this program is to bring together the leaders from the hill, and we would like to welcome Republicans to the conversation – that dialog is still ongoing,” Steve O’Keeffe, the founder of MeriTalk, said in his opening remarks. “Fixing federal technology, giving American citizens and American businesses better services at a low cost, is good for everybody.”
Reviving FITARA
The Federal Information Technology Acquisition Reform Act (FITARA) Scorecard grades the 24 largest federal agencies on their progress across a range of IT-related categories.
The House Committee on Oversight and Reform typically held semiannual FITARA Scorecard hearings to review agencies’ grades, which were compiled with input from the Government Accountability Office (GAO).
That oversight mechanism fell apart in 2023 when the Republican majority on the House Committee on Oversight and Reform decided not to continue the FITARA Scorecard.
In response, the late Rep. Gerry Connolly, D-Va., author of FITARA and former ranking member of the House Oversight Committee, issued his own scorecards and hosted roundtable discussions to discuss the results with agency representatives.
However, there has not been a FITARA Scorecard since September 2024 – despite GAO’s finding that the implementation of FITARA has resulted in $31.4 billion in cost savings across the federal government.
“Obviously, Gerry was frustrated, and I was frustrated – am frustrated – that the majority on the Oversight Committee made a decision not to continue the scorecard,” Walkinshaw, who previously served as Connolly’s chief of staff, said on Thursday.
“I think all of us concede that the FITARA Scorecard needs to be modernized, but I think it has been, by and large, an effective tool to encourage, incentivize, and help agency leadership on their modernization journey,” he said, adding, “And I think it’s a loss that that doesn’t exist in this moment.”
Walkinshaw said he and Subramanyam have talked about developing a modernized version of the FITARA Scorecard that takes “elements that are still relevant,” while adding in stronger categories for AI and cyber.
“I think there’s an opportunity to do that,” Walkinshaw said. “If Congress agreed on one overarching modernization scorecard, and in an ideal world, placed into statute the requirements that agencies compile the data and analysis that would feed into that scorecard, then you would have that.”
Subramanyam emphasized that any new scorecard must reflect shared priorities and values for federal IT.
For instance, Subramanyam said, “Do we want more small businesses getting more work in fed IT? We have to figure out what our values are, what our priorities are, what the right balance is between these values as we’re thinking about how we’re scoring these as well.”
“It’s one thing to have a scorecard, it’s another to have a scorecard that you can feel like, okay, this number or this grade is reflecting what we really want out of fed IT. That’s not easy,” he added.
Stabilizing FedRAMP
As for GSA’s Federal Risk and Authorization Management Program (FedRAMP), the lawmakers warned that the program’s recent staffing and budget cuts threaten its ability to support secure cloud adoption across government.
In September, FedRAMP Director Pete Waterman said that the program is down to 28 employees after losing over 50 employees in fiscal year (FY) 2025. Additionally, he noted FedRAMP’s budget has gone from $22 million to $11 million during FY 2025.
“I think DOGE has done harm. I think the cuts to the [FedRAMP Program Management Office] (PMO) are indiscriminate. I think they’ve set us back,” Walkinshaw said. “There’s been heroic efforts to overcome that. But I don’t think the cuts made any sense. I think they’re exactly the kind of example of cuts that in one spreadsheet might look like they save money, but aren’t actually going to save money long term.”
“The role that Congress can play is [to] advocate to fund the PMO. I don’t think we can judge or grade their progress when it, in my view, hasn’t been funded in the way that it needs to be funded so that they can function,” he said.
Subramanyam questioned how the program can fulfill its existing responsibilities – such as continuous monitoring – under a limited staff. That challenge becomes even more significant as FedRAMP’s 20x initiative aims to increase the number of authorized cloud service providers.
“We can’t even do continuous monitoring for what we have right now, right?” he said. “We have to solve that problem too if we want FedRAMP to be a success and be what we wanted it to be in the first place,” Subramanyam said. “And I think some of that takes funding. I think Congress needs to step in and help fund that – or change it. One of those two things needs to happen.”
“We’re going to have to do something to make sure the program doesn’t drown,” O’Keeffe concluded.