Homeland Security

GAO: DHS coming up short on FITARA implementation

Shutterstock image: charting data. 

The Department of Homeland Security needs stronger IT contract evaluation and approval by its CIO in order to fully comply with the Federal IT Acquisition Reform Act, according to a new Government Accountability Office report.

Under FITARA, agency CIOs must review and approve IT contracts associated with major investments, but according to the report, the DHS CIO "did not participate in the approval of any of the 48 contracts in GAO's sample associated with major investments." DHS's CIO is now Richard Staropoli, but he was appointed by President Donald Trump only in late April. Luke McCormack was Staropoli's predecessor as DHS CIO.

GAO reviewed 131 action plans developed by DHS to implement FITARA as well as DHS's IT acquisition human capital, data consolidation and IT program risk assessment plans. GAO then conducted a deeper review of 31 of the 109 action plans DHS said it had completed.

The report found that DHS has not successfully implemented three of the reviewed action plans, including using the updated TechStat process to support troubled IT programs.

Further, GAO said the DHS CIO is no longer conducting risk evaluations of 30 IT investments and updating the ratings on the Office of Management and Budget's IT Dashboard in accordance with FITARA.

"Instead, multiple DHS organizations and officials are to evaluate these investments and the CIO's assessment only accounts for about 18 percent of the total score," states the GAO study.

The report also states that the CIO did not prioritize reviews of major IT contracts with known performance problems, and "there were many contracts and interagency agreements in our sample for which DHS officials were unable to map to a major or non-major IT investment; as such, they could not ensure that these contracts and agreements were reviewed by the appropriate officials."

In addition, GAO found that DHS is not meeting the human capital requirements of FITARA, stating: "the department faces challenges in strengthening its IT acquisition cadre because it has not yet identified the specific positions or personnel that are to be included in the cadre."

GAO did note that DHS has taken steps towards bringing CIO acquisition approval in line with FITARA, but that more action is necessary.

The report makes seven recommendations, including updating DHS's IT acquisition review governance process, updating IT risk assessment procedures to ensure the CIO is reporting assessments to the OMB Dashboard and implementing a plan to identify future IT skillset needs and resolving any gaps identified.

DHS concurred with all seven recommendations, and noted in a letter included in the report that "as of April 2017, the Department has completed approximately 95 percent of FITARA action items."

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected