FedRAMP Authorization Expands Agency Access to GitHub Open Source Resources


GitHub is among the first cloud service providers to receive FedRAMP Tailored approval, according to a report

With GitHub achieving FedRAMP (Federal Risk and Authorization Management Program) operating authority for its Business Cloud, government agencies can now have access to a vast range of open source software resources and developers.

The FedRAMP authorization will allow government agencies to move beyond GitHub’s licensed platform for internal enterprise software development and take advantage of a wider universe of cloud-based open source development resources, knowing that they meet federal security guidelines, FedScoop reported.

A growing number of government agencies all over the world utilize GitHub’s open source collaboration platform. According to GitHub’s latest figures, 143 U.S. federal civilian agencies, 14 Department of Defense agencies and 48 state agencies use GitHub to collaborate on code, data, policy and procurement.

FedRAMP approval

FedRAMP, a supporting body of the US General Services Administration (GSA), standardizes security assessment, authorization, and continuous monitoring of cloud products and services by federal agencies. It offers a single authorization process, speeding up the government’s adoption of cloud services so that the agencies do not have to individually authorize cloud service offerings.

GitHub gained FedRAMP operating authority last October through a new process called FedRAMP Tailored, which provides a more streamlined security approval process that is better suited for software-as-a-service providers such as GitHub. GitHub is said to be among the first cloud service providers to receive FedRAMP Tailored approval.

“We have historically had [government] customers on GitHub.com, but they were either doing it as shadow IT under a team plan or non-mission-critical system,” FedScoop quoted Jamie Jones, GitHub principal architect, as saying.

He explained that as GitHub.com did not have an authority to operate (ATO) it was not deemed appropriate for most organizations’ day-to-day mission-critical applications.

One key benefit of using the FedRAMP-authorized Business Cloud, as per Jones, is that GitHub can now support the agency’s identification and authorization tools.

“For the extra capabilities we are providing, including faster support requests or the ability to use SAML and your identity providers, it’s far less of an administrative burden,” he said.

The FedRAMP-authorized GitHub Enterprise Cloud also offers enhanced security services and features that are not yet available for Enterprise customers.

To know more about the new FedRAMP authorization and the expanded options for federal agencies, read this special report, “Federal Access to Open Source,” produced by FedScoop and underwritten by GitHub.






Please enter your comment!
Please enter your name here