Governments around the world use GitHub to build software, shape policy, and share information with constituents. To better support the missions of our government community, we participated in the US government’s recent efforts to streamline the security review and authorization for certain software tools—and today we’re pleased to share that GitHub Business Cloud is authorized via the FedRAMP Tailored baseline of security controls.
This exciting milestone means government users can continue to use GitHub with the confidence that our platform meets the low impact software-as-a-service (SaaS) baseline of security standards set by our US federal government partners.
The US General Services Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP) standardizes security assessment, authorization, and continuous monitoring of cloud products and services by federal agencies. Instead of agencies individually authorizing cloud service offerings, FedRAMP offers a single authorization process, speeding up the government’s adoption of cloud services.
FedRAMP applies to a wide range of government technology services. The team at GSA recognized an opportunity to fine-tune FedRAMP specifically for software-as-a-service (SaaS) providers, allowing GitHub to provide feedback as they created the new FedRAMP Tailored framework. We’ve completed the assessment phase and Business Cloud has secured the FedRAMP Tailored Authorization.
In the summer of 2009, The New York Senate was the first government organization to post code to GitHub. In 2013 the GSA made their initial commit—and today GitHub has thousands of active government users. Agencies use GitHub to develop software, collaborate with the public on open source, publish data sets, solicit input on policies, and more.
The Tailored framework lowers the barrier to entry for cloud software providers interested in securing FedRAMP Authorization. It’s our hope that the new framework controls helps SaaS providers more efficiently meet government security standards and makes it easier for federal, state, and local government agencies to use the development tools they need to do their best work.
With GitHub’s FedRAMP Authorized service, agencies can:
These are not restricted to government agencies—and everyone in the GitHub community can benefit from these security and privacy enhancements.