The Government Accountability Office (GAO) last week issued a new statement of interest from their Director, Information Technology and Cybersecurity entitled “GAO-22-106105 Information Technology and Cybersecurity: Using Scorecards to Monitor Agencies' Implementation of Statutory Requirements”.

According to the GAO, “the federal government annually spends more than $100 billion on IT and cyber investments—many of which have been ineffectively managed. Congress passed laws to address these issues, including the Federal Information Technology Acquisition Reform Act (FITARA). Since 2015, Congress has issued scorecards to monitor agencies' implementation of FITARA and key IT topics. We testified that the scorecards have evolved and served as effective oversight tools.

Both IT management and cybersecurity are on our High Risk List. About 77% of the 5,300 recommendations we've made in these areas since 2010 have been implemented. Since November 2015, this Subcommittee has issued scorecards as an oversight tool to monitor agencies' progress in implementing various statutory IT provisions and addressing other key IT issues. The selected provisions are from laws such as the Federal Information Technology Acquisition Reform Act (commonly referred to as FITARA), Making Electronic Government Accountable by Yielding Tangible Efficiencies Act of 2016, the Modernizing Government Technology Act, and the Federal Information Security Modernization Act of 2014. The scorecards have assigned each covered agency a letter grade (i.e., A, B, C, D, or F) based on components derived from statutory requirements and additional IT-related topics. As of July 2022, fourteen scorecards had been released…”