Fiscal Year 2022
Released June, 2021

Goal 5. Objective 3: Optimize information technology investments to improve process efficiency and enable innovation to advance program mission goals

HHS information technology investments help achieve the Department's mission by acquiring and managing the technology infrastructure and systems for its health care and human services programs and mission-support programs.  From externally facing websites such as HHS.gov to internal applications that manage programs and resources, HHS needs information technology solutions to be modernized, secure, and responsive to customer demands.  The Department's current modernization investments include cloud computing, data center consolidation and improvements, information technology portfolio reviews, shared services, and a digital strategy that makes it easier to access information using HHS websites and tools.  In addition, HHS is working to increase partnerships with industry, academia, and other organizations to leverage their technology expertise as well.

In the previous administration, the Office of the Secretary led this objective.  All divisions contribute to the achievement of this objective.  HHS has determined that performance toward this objective is progressing.  The Department is progressing in this objective, but HHS plans to enhance that progress moving forward.  The narrative below provides a brief summary of progress made and achievements or challenges, as well as plans to improve or maintain performance.

Increase the percentage of systems with an Authority to Operate (ATO) (Lead Agency - ASA; Measure ID - 3.3)

Measure FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 FY 2021 FY 2022
Target N/A N/A N/A Baseline 96.5% 97% 100% 100%
Result N/A N/A N/A 96% 95% 98% 12/31/21 12/31/22
Status N/A N/A N/A Actual Target Not Met Target Exceeded Pending Pending

An ATO authorizes an information system to connect to or operate within the HHS network for a specified period based on the implementation of a set of security and privacy controls.  Prior to issuing an ATO, HHS assesses the system to ensure that it will not compromise network data, cause technical support problems, and has the appropriate controls in place.  The HHS Office of Information Security identifies the organizations and systems not in compliance with ATO requirements and diligently works with OpDiv's cybersecurity programs and Federal Information Security Management Act reporting leads across the Department to increase compliance.

It is the responsibility of the OpDiv Chief Information Security Officers and StaffDiv system owners to maintain their system ATOs.  In FY 2020, OpDivs implemented new training sessions for Information System Security Officers with guidelines and outreach as well as investing in a transformation project that streamlined the ATO process.  In addition, an OpDiv implemented a Customer Engagement Team to assist customers through the ATO process.  The Office of the Secretary also established its HHS Emergency Response Authorization Policy, which includes processes and requirements in the event of an emergency that requires implementation of a new information system in an expedited and secure manner.  As a result of these proactive initiatives coupled with the creation of several new information systems in support of HHS' COVID-19 response, HHS successfully met the overall ATO FY 2020 compliance target.

Improve the score to an "A" in each of the Federal Information Technology Acquisition Reform Act (FITARA) related Scorecard Metrics, per GAO and the House Oversight and Government Reform Committee (Lead Agency - ASA; Measure ID - 3.4)49

Measure FY 2015 FY 2016 FY 2017 FY 2018 FY 2019 FY 2020 FY 2021 FY 2022
Target N/A N/A N/A 90% 90% 90% 90% Discontinued
Result N/A 64% 64% 89% 70% 70% 12/31/21 N/A
Status N/A Actual Historic
Target Not Met but Improved Target Not Met Target Not Met Pending N/A

FITARA established standards for buying and managing computer technology.  The FITARA scorecard reports agency progress towards IT modernization.  Scorecard results demonstrate the connection of technology capability to agency leadership and the agency's ability to use technology to drive change.  The scorecard reports progress on a biannual basis.

HHS received a C- (i.e., 70%) on the scorecard released in June 2020.  While grades may be flat, they signal a connection of the technology capability to the leadership of the agency and using technology to truly drive change.  HHS will continue to work to combat cyber threats and incidents as well as work towards a holistic view of the enterprise.

49 HHS will retire this measure in FY 2021.  Throughout the history of the scorecard, sub-category measures of the scorecard have changed or have been retired.  The House Committee on Oversight and Reform has signaled several more changes over the coming year, which creates uncertainty that would challenge HHS's ability to execute on such a broad goal.  Instead, HHS will focus on other priorities that provide better metrics (e.g., increase percentage of systems with an Authority to Operate) in measuring this objective's performance.

