Making the Grade: Three Steps to Improve FITARA Performance
The most recent release of the Federal Information Technology Acquisition Reform Act scorecard shows progress, but also highlights IT challenges federal agencies are still facing on their path to IT modernization.
Overall, five agencies improved in the eighth scorecard, which grades agencies on their usage of data centers, cyber security tools and other IT priorities. Another five agencies had scores which have dropped, and 11 agencies saw no change in their grades from the previous scorecard released in December 2018.
“FITARA is more than just a scorecard though,” Steve Harris, Senior Vice President and General Manager, Dell EMC Federal said in a recent MeriTalk article. “It also helps agencies understand where their IT dollars are going.”
“We need to get a clear picture of the real Federal IT spend—that’s why FITARA’s so important,” according to Harris. “It empowers CIOs with the responsibility for agencies’ IT spend.”
While some might be discouraged that the federal government isn’t getting the highest marks across the board for IT management, it’s not an easy task. Agencies face a triumvirate of priorities in offloading legacy systems, maximizing current investments and planning for future modernization.
The FITARA scorecard addresses a host of different IT issues, with some of the most important measures focusing on an agency’s ability to phase out legacy systems—especially costly, aging data centers, while also prioritizing cyber security and risk management improvements.
Below we have listed a few recommendations agencies can take to address these issues and even, possibility bump their FITARA grades in the process.
- Aging Data Centers and Transitioning to the Cloud
The benefits of cloud abound, including better security, reliability and significant cost savings. And while agencies cannot simply toss aging data storage in favor of a fully cloud-enabled environment, there are some incremental steps that can be implemented as they progress toward a more modern infrastructure.
Every agency’s journey to cloud is unique with varying requirements. However, there is one fundamental commonality. Every agency houses massive stores of data that need to be transferred and analyzed, with some datasets being incredibly sensitive and others needing to be made available as widely as possible.
Because of this, agencies need a myriad of storage options with the ability to shift data through different containers quickly and efficiently. A multi-cloud solution can in most cases be the best option, as it offers a variety of on- and off-premises cloud options, allowing agencies to move data to whichever option makes the most sense.
Multi-cloud is built on an architecture that allows agencies to seamlessly integrate with a variety of cloud providers, while still keeping an on-premises private cloud available for the most sensitive data. It also provides a platform that agencies can use to tailor IT services for each unique, mission-driven need. This makes the move away from data centers and into the cloud much less daunting for federal IT teams who need to modernize on tight budgets.
- Automating Cyber Security
Protecting agency networks from cyberattacks is one of the most critical, and difficult, tasks that federal IT teams face. There simply isn’t enough manpower or hours in the day to sift through every possible threat, and then find a novel way to mitigate those considered to be dangerous. Manual monitoring is no longer sufficient.
The only way to effectively take on these vast cyber threats is through automated processes, using technology to sort through thousands of logs at a time, flagging only the most serious threats.
Programmed systems identify threats by learning to understand network behavior. This allows them to respond to abnormal occurrences in near real-time. Once a threat is detected, the computers shut down the affected areas, stopping the attack from spreading. This kind of automation makes for safer federal networks and places more importance on remediation when things really go wrong.
- Tackling Risk Management Framework
The National Institute of Standards and Technology’s (NIST) Risk Management Framework (RMF) sets out a method for agencies to constantly evaluate the security of their systems. NIST breaks down the process into six steps that take into account the whole lifecycle of an IT environment.
RMF is vastly important to an agency’s agile and evolving security posture, especially as new technology is onboarded. But it’s also complex and difficult to manage. Thankfully, there are ways to mitigate the burden of this work on in-house IT teams.
Iron Bow and its partners streamlined the arduous continuous evaluation process to ensure every requirement is met to keep our nation’s data as safe as possible. Combing through the endless data to find those specific to RMF reporting requirements can eat up a lot of time.
But new technology allows agencies to sift through mountains of data and create a record of all machine behavior, user behavior, security threats and fraudulent activity—all essential to meeting RMF requirements.
This not only makes for a more robust RMF process, but it also allows agency IT workers to focus on bigger, and more mission-critical projects.
These are just a few ways to improve an agency’s FITARA score. And more than just boosting scores, they’re tactics that will also position the federal government to be more agile and innovative moving forward. There’s no better time for feds to embrace these next great leaps into modernization.
For more information on how Iron Bow can help with this transition, navigate to our website.
TechSource in your Inbox
Sign-up here to receive our latest posts by email.