Info Know-how and Cybersecurity: Evolving the Scorecard Stays Essential for Monitoring Companies’ Progress

What GAO Discovered Since November 2015, the scorecards issued by this Subcommittee have served as…

Info Know-how and Cybersecurity: Evolving the Scorecard Stays Essential for Monitoring Companies’ Progress

What GAO Discovered

Since November 2015, the scorecards issued by this Subcommittee have served as efficient oversight instruments for monitoring businesses’ implementation of varied statutory IT provisions and addressing different key IT points. The chosen provisions are from legal guidelines such because the Federal Info Know-how Acquisition Reform Act (generally known as FITARA) and the Federal Info Safety Modernization Act of 2014. The scorecards have assigned every lined company a letter grade (i.e., A, B, C, D, or F) primarily based on elements derived from statutory necessities and extra IT-related subjects.

As of December 2022, fifteen scorecards had been launched (see determine).

Scorecards Launch Timeline with Related Elements

Info Know-how and Cybersecurity: Evolving the Scorecard Stays Essential for Monitoring Companies’ Progress

The Subcommittee-assigned grades have proven regular enchancment as demonstrated by the removing (or sundown) of elements. For instance, throughout 2020 and 2021, all 24 businesses obtained A grades for software program licensing and information heart optimization, leading to removing of those elements.

However the enhancements made by utilizing the scorecard, the federal authorities’s difficulties buying, creating, managing, and securing its IT investments persist. Continued oversight by Congress to carry businesses accountable for implementing statutory provisions and addressing longstanding weaknesses is important. Evolving the elements of the scorecard to adapt to modifications within the federal panorama additionally stays necessary.

Towards this finish, GAO offered enter to this Subcommittee relating to further measures that might be added, together with subjects associated to IT legacy system modernization and buyer expertise. GAO additionally offered enter on methods to reinforce the cybersecurity element.

Contemplating methods to evolve scorecard elements is important to rising Congress’ potential to watch businesses’ implementation of statutory IT provisions and tackle different key IT subjects. Company consideration to implementing GAO suggestions may also be instrumental in delivering wanted enhancements.

Why GAO Did This Examine

Federal IT methods present important companies which are important to the well being, financial system, and protection of the nation. For fiscal 12 months 2023, the federal authorities plans to spend over $122 billion on IT investments.

Nonetheless, many of those investments have suffered from ineffective administration. Additional, current excessive profile cyber incidents have demonstrated the urgency of addressing cybersecurity weaknesses.

GAO has lengthy acknowledged the significance of addressing these difficulties by together with the administration of IT acquisitions and operations in addition to the cybersecurity of the nation as areas on its high-risk listing.

To enhance the administration of IT, Congress and the President enacted FITARA in December 2014. FITARA applies to the 24 businesses topic to the Chief Monetary Officers Act of 1990, though with restricted applicability to the Division of Protection.

GAO was requested to supply an outline of the scorecards launched by this Subcommittee and the significance of evolving the elements. For this testimony, GAO relied on its beforehand issued merchandise.

Since 2010, GAO has made roughly 5,400 suggestions to enhance IT administration and cybersecurity. As of December 2022, federal businesses have absolutely carried out about 76 % of those. Nonetheless, many important suggestions haven’t been carried out—almost 300 on IT administration and greater than 700 on cybersecurity.

For extra info, contact Carol C. Harris at (202) 512-4456 or [email protected] or Jennifer R. Franks at (404) 679-1831 or [email protected]