Skip to main content

ACT-IAC: Where government and industry leaders collaborate.

You are here

FITARA IT Maturity Model (version 2)

IT Management Maturity Model
In support of the implementation of the FITARA (Version 2)

The objective of the Federal Information Technology Acquisition Reform Act (FITARA) is to improve the management of IT within an agency and hence, improve the ability for that agency to deliver its mission and conduct its business.  The Office of Management and Budget (OMB) has drafted guidance to implement FITARA.

This guidance sets forth a “Common Baseline” to establish a framework of IT management capabilities and related roles and responsibilities that agencies are expected to implement.  Recognizing that one size does not fit all, the Common Baseline sets a minimum level of standards that provide flexibility for agencies to implement the law in a manner consistent with each agency’s unique requirements.  In August 2015, agencies provided OMB with a copy of their FITARA Common Baseline self-assessments and improvement plans for IT management and this IT Management Maturity model provides both context for OMB and reporting agencies and a way for those agencies to develop a roadmap on how to improve IT management maturity over time.

To support the implementation of FITARA, ACT-IAC formed a working group to develop the first IT Management Maturity Model to help agencies assess their maturity in five critical functions of IT management. Since the initial development and implementation of this model in September 2015, additional federal-wide initiatives, policies and legislation were issued that tie directly into the tenets of FITARA and IT management.

Updated Model
In June 2018, ACT-IAC reconvened its working group to evaluate the current Model and make adjustments to further assess IT management within agencies. The key updates to the model include the following:

The key updates to the model: Legislation and policies consulted:
  • Adding the Cybersecurity Category
  • Adding the Technology Business Management (TBM) Attribute
  • Strengthening emphasis on modernization & incremental development
  • Building in stronger focus on software license management
  • Ensuring connections between IT strategic planning and IT budget planning       
  • Including IT workforce re-training to meet IT priorities.
  • Congressional Oversight and Government Reform (OGR) FITARA Scorecard
  • Technology Business Management (TBM)
  • Managing Government Technology (MGT) Act
  • Making Electronic Government Accountable By Yielding Tangible Efficiencies (MEGABYTE) Act
  • Federal Information Security Modernization Act of 2014 (FISMA)
  • Executive Orders focusing on IT resource management

Download ACT-IAC IT Management Maturity Model full paper

IT Management Maturity Model Functions

OMB Common Baseline Mapping to IT Maturity Model

OMB’s Common Baseline for IT Management includes sections for Budget Formulation, Budget Execution, Acquisition, and Organization & Workforce. This paper reorganized and reoriented these sections slightly to support the development of the IT Management Maturity Model.

Governance Key Themes

 

  • Involvement from all appropriate stakeholders, including CIO, CAO, CFO, CHCO (the CXOs) and the mission and business leadership
  • Each level of governance has the ability to make authoritative decisions that are binding for that organization
  • Governance decisions are completed timely to support IT management needs
  • Having comprehensive linkage from agency strategy to portfolios to programs
  • Tying IT strategic planning and funding needs together to make better funding decisions
  • Making evidence-based decisions based on accurate and actionable data


Download PDF of Maturity Model - Governance Function

Budget Key Themes

 

  • Involvement from all appropriate stakeholders, including CIO, CAO, CFO, CHCO (the CXOs), and the mission and business leadership
  • Clearly stated and quantified relationship between agency mission and business outcomes and IT investment scope and timelines
  • Highlights the use of the Technology Business Management (TBM) taxonomy to inform IT decisions
  • There is clear CIO review and approval authority
  • Allocating sufficient resources and time to make sound portfolio decisions and meet budgetary timelines
  • Enables many of the objectives for incremental and modular development


Download PDF of Maturity Model - Budget Function

Cybersecurity Key Themes
  • Cybersecurity is a new category added to version 2.0
  • Involvement from all appropriate stakeholders, including CIO, CAO, CFO, CHCO (the CXOs) and the mission and business leadership
  • Clearly stated and quantified relationship between agency mission and business outcomes and IT investment scope and timelines
  • There is clear CIO review and approval authority
  • Enables many of the objectives for incremental and modular development
  • Allocating sufficient resources and time to make sound portfolio decisions and meet budgetary timelines


PDF of Maturity Model - Cybersecurity Function

Acquisition Key Themes

 

  • Involvement from all appropriate stakeholders, including CIO, CAO, CFO, CHCO (the CXOs), and the mission and business leadership
  • Timeliness to facilitate smaller, faster increments in program implementation
  • Going beyond strategic sourcing vehicles to consolidate commodity purchasing and manage total cost of ownership
  • Making evidence-based decisions based on accurate and actionable data, including enterprise spend data
  • Focusing on software procurement and management across the agency
  • Recognizing and incorporating IT security requirements as part of the acquisition process


PDF of Maturity Model - Acquisition Function

Organization & Workforce Key Themes

 

  • Involvement from all appropriate stakeholders, including CIO, CAO, CFO, CHCO (the CXOs), and the mission and business leadership
  • Workforce policies clearly align to workforce planning strategies, processes, and models at a bureau/component and program level
  • Leadership have the necessary skills and experience to drive the cultural change to reach demonstrated maturity level
  • IT Leadership set standards and requirements for non-technical staffing supporting IT execution
  • Agency CIOs have the proper organization placement and authority
  • There is an effective, complete workforce planning process to identify workforce skill, competency gaps, and re-train the IT workforce as needed


PDF of Maturity Model - Organization & Workforce Function

Program Management Key Themes

 

  • Well-defined set of management disciplines (e.g., schedule, budget, estimation, risk) that are used throughout the agency
  • Involvement from all appropriate stakeholders, including CIO, CAO, CFO, CHCO (the CXOs) and the mission and business leadership
  • A comprehensive and adaptable system development life cycle
  • There is both a business and technical architecture for each program
  • Field smaller and incremental releases of functionality to lower risk and get end user feedback
  • Program teams have the right information
  • IT security requirements included in each program


PDF of Maturity Model - Program Management Function

IT Maturity Model 2

Given the policy changes within the last several years, the Model is updated to include six functions to better capture all aspects of IT Maturity. The six functions are depicted above:

  • Governance – the collaboration and decision making glue by which IT management works.
  • Budget – the process to formulate, obtain approval, and execute the use of funds to support IT.
  • Acquisition – the buying process used to obtain IT products and services.
  • Organization & Workforce – the process to determine needed competencies and develop and sustain a workforce that has those competencies through recruitment and professional development.
  • Program Management – 1) the set of disciplines used to deliver IT capabilities to meet an agency mission or business need, or 2) the operations and maintenance of an existing system.
  • Cybersecurity – the process to establish, monitor and refine secure IT resources.