This project is not an official government website. None of the content herein should be considered official law, policy, or guidance.
Want to stay up-to-date on the latest policy releases? Check out EOPbot!

Federal Information Technology Acquisition Reform Act (FITARA)

The Federal Information Technology Acquisition Reform Act (FITARA) is a law to improve IT management and oversight, which builds upon the Clinger-Cohen Act. It was a bipartisan effort of The House Committee on Oversight and Government Reform (HOGR), and has remained a major area of interest for the Government Operations subcommittee, which focus on government IT issues.

Unlike its predecessor, it only applies to CFO Act Agencies, leaving out all small agencies from its authority enhancements. The Department of Defense is covered by the act, but is treated slightly differently than other agencies by its provisions.

For the covered agencies, FITARA gives the top-level agency Chief Information Officer (CIO) responsibility for all IT for that agency, but also gives Congress a single person to blame for agency IT failures of any sort. The Office of Management and Budget (OMB), and specifically OFCIO, is responsible for overseeing compliance with most aspects of this law. There are several major aspects that it touches on:

  1. All IT investments must be approved by the agency CIO. The CIO should ensure that software development projects are using Agile development practices (called “incremental development” in the law).

  2. As part of the Capital Planning and Investment Control (CPIC) process created by Clinger-Cohen, major IT investments must be reported to The Office of the Federal Chief Information Officer (OFCIO) at OMB, which in turn will be reported publicly (on the IT Dashboard) on a monthly basis. Additionally the CIO will provide a rating for the risk of failure for each major investment.

  3. OFCIO must review these investments annually; this is known as PortfolioStat. Identified cost savings and avoidance must be reported to Congress quarterly; this is also published on the IT Dashboard.

  4. Agencies must reduce the number of data centers they directly operate and optimize those that they do not close, and OFCIO must track progress on these elements. Originally this was known as The Federal Data Center Consolidation Initiative (FDCCI) but is known today as The Data Center Optimization Initiative (DCOI). (see Cloud & Data Center policy for more details.)

  5. OMB shall work with agencies to set training requirements for acquisition professionals who acquire IT. For this item, OFPP is assigned this duty.

  6. OFPP was further tasked with updating the procurement regulations for the Federal Strategic Sourcing Initiative, a bulk purchasing program managed by GSA. (Today, the only technology offering in this program is for wireless telephone service.) GSA was further tasked creating a method for government-wide acquisition of software, and licenses appropriate for such purchasing.

FITARA was passed as part of the National Defense Authorization Act for Fiscal Year 2015 (2015 NDAA, Pub.L. 113-291).

The FITARA Enhancement Act of 2017 extended the sunset date of the DCOI requirement from 2018 to 2020. This was further extended to 2022 by the 2020 The National Defense Authorization Act (NDAA)

FITARA Scorecard

Since the passing of FITARA, The Government Accountability Office (GAO) reports twice a year on progress of agencies in meeting the goals of the law, in a report known as the FITARA Scorecard. The preparation of this scorecard comes at the direction of The House Committee on Oversight and Reform (HCOR), and a large hearing is held with every major release - usually featuring the Federal Chief Information Officer (FCIO) and several agency CIOs, as well as a representative from GAO. Since this scorecard is measuring FITARA, only the CFO Act agencies appear on it.

The scorecard has evolved over the years to include other technology topics not directly addressed by FITARA or Clinger-Cohen, including the recent addition of tracking agency progress in migrating to EIS contracts.

Data center closures have remained a major focal point of the scorecard. However, in January 2022 on Scorecard 13 every single covered agency received an A in this category, the first time such a sweep has occurred on any topic on the scorecard. This may largely be attributed to the very hard work of many agencies, as well as the incredibly brilliant improvements to the DCOI policy introduced in OMB memorandum M-19-19.