Representative Will Hurd (R-TX), chair of the House Oversight and Government Reform IT subcommittee, wants to expand the range of tools used to evaluate federal agencies’ use of technology.
The Federal Information Technology Acquisition Reform Act (FITARA) was passed in 2014, and the Making Electronic Government Accountable By Yielding Tangible Efficiencies (MEGABYTE) Act was added in 2016. Under these, agencies are given a letter grade based on whether CIOs are being granted new authorities as prescribed, the transparency and risk management efforts, accurate and timely reporting on IT projects, and data center optimization efforts.
During a recent hearing of Hurd’s panel, Homeland Security’s Jeanette Manfra suggested a Homeland Security binding operational directive requiring agencies to bring the time to patch vulnerabilities down to 30 days. Previously the average time was over 200 days, which they agreed would earn a grade of F, with the current average of 15 days or within a week possibly scoring an A.
Gerry Connolly (D-VA) questioned whether this was premature, saying he would support such ideas “once we make more substantial progress on implementation of what’s in front of us.”
