GAO tells NSF CIO to improve tech procurement and management

GAO tells NSF to fix its tech management

The Government Accountability Office has told the National Science Foundation’s CIO to improve how the agency plans, manages, and buys technology. The recommendations were sent in a February 12th letter to NSF CIO Clyde Richards and published publicly on Thursday.

The GAO stated that paying attention to the "open recommendations" will help ensure the effective use of IT at the agency. It bluntly noted that "NSF needs to improve its acquisition of cloud services and its reviews of the agency’s IT portfolio."

Standardizing cloud contracts is a priority

A core demand is for the NSF to develop guidance for standardizing cloud service-level agreements. The GAO believes the agency must consistently hold cloud service providers accountable for performance.

This means having a clear SLA and a remediation plan for non-compliance with every cloud vendor. The watchdog also wants an overhaul of contracts for "high value assets that are managed and operated in the cloud."

Annual reviews and cybersecurity concerns

The GAO recommends the NSF complete annual reviews of its entire IT portfolio. These reviews are required by federal rules and are meant to identify duplication and find ways to streamline operations.

The letter also cites "multiple open recommendations in the area of cybersecurity," referencing the Federal Information Security Modernization Act of 2014. The letter was copied to Federal CIO Gregory Barbaccia at the OMB, who is leading a government-wide push to cut costs and standardize procurement.

The NSF's sprawling IT landscape

Clyde Richards was named permanent CIO seven months ago, after serving in an acting capacity. He joined the NSF as deputy CIO in March 2024, following a career that included roles at the Defense Counterintelligence and Security Agency.

The NSF manages a budget of roughly $9 billion for scientific research. Its extensive IT infrastructure supports a major ongoing transformation, which includes several high-profile projects:

• Transferring management of the NCAR-Wyoming Supercomputing Center to a third-party operator.
• Establishing a National Artificial Intelligence Research Resource Operations Center.
• Expanding its CloudBank initiative, a $20 million project to give researchers access to commercial cloud computing.

A pattern of government IT oversight

For the GAO, "open recommendations" are outstanding issues that require a CIO's direct attention. The office states that implementing them can significantly improve government IT by strengthening security, cutting costs, and ensuring compliance.

This intervention follows a pattern. Last year, the GAO delivered over a dozen recommendations concerning the Department of Veterans Affairs' troubled health records upgrade program. Some of those recommendations had been open since 2020, highlighting the slow pace of change in federal IT modernization.