The 15th iteration of the Federal Information Technology Acquisition Reform Act scorecard launches with a new category that evaluates agencies’ progress in cybersecurity and shows that the General Services Administration was the only agency to reach a grade of at least 90 percent in the FITARA scorecard’s new cybersecurity category, Federal News Network reported Thursday.
According to FNN, 14 agencies scored above 80 percent. The departments of Justice and Health and Human Services recorded 88 percent each, while the Department of Education received a grade of 87 percent.
The Department of the Interior got the lowest score at 68 percent.
Chris DeRusha, federal chief information security officer and a previous Wash100 awardee, told the House Oversight and Reform Committee’s government operations subpanel that the Office of Management and Budget on Wednesday unveiled cyber metrics on the Performance.gov site.
“The metrics that we put up and performance.gov yesterday are a good representative sample where we’ve been focused in [cyber] executive order implementation,” he told the subcommittee during a hearing Thursday.
DeRusha cited as an example the metrics’ protect category, which he said focuses on four factors including smart patching, multifactor authentication and encryption.
“For us, we’ve been really focused on ensuring that we’re putting the most attention and understanding where there may be gaps in implementation, and opportunities for new policy interventions,” he added.
The U.S. Agency for International Development is the only agency that received an A rating in the scorecard, according to the report.
Seven agencies showed improvement in their letter grades, while 17 agencies maintained their scores. None of the 24 agencies received a D or an F grade.