GitHub is FedRAMP Authorized
GitHub is FedRAMP approved via the Tailored baseline of security controls, ensuring the United States government can confidently and securely manage their low impact data and source code.
Governments around the world use GitHub to build software, shape policy, and share information with constituents. To better support the missions of our government community, we participated in the US government’s recent efforts to streamline the security review and authorization for certain software tools—and today we’re pleased to share that GitHub Business Cloud is authorized via the FedRAMP Tailored baseline of security controls.
This exciting milestone means government users can continue to use GitHub with the confidence that our platform meets the low impact software-as-a-service (SaaS) baseline of
security standards set by our US federal government partners.
What is FedRAMP?
The US General Services Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP) standardizes security assessment, authorization, and continuous monitoring of cloud products and services by federal agencies. Instead of agencies individually authorizing cloud service offerings, FedRAMP offers a single authorization process, speeding up the government’s adoption of cloud services.
FedRAMP applies to a wide range of government technology services. The team at GSA recognized an opportunity to fine-tune FedRAMP specifically for software-as-a-service (SaaS) providers, allowing GitHub to provide feedback as they created the new FedRAMP Tailored framework. We’ve completed the assessment phase and Business Cloud has secured the FedRAMP Tailored Authorization.
Privacy and security enhancements for the GitHub community
In the summer of 2009, The New York Senate was the first government organization to post code to GitHub. In 2013 the GSA made their initial commit—and today GitHub has thousands of active government users. Agencies use GitHub to develop software, collaborate with the public on open source, publish data sets, solicit input on policies, and more.
The Tailored framework lowers the barrier to entry for cloud software providers interested in securing FedRAMP Authorization. It’s our hope that the new framework controls helps SaaS providers more efficiently meet government security standards and makes it easier for federal, state, and local government agencies to use the development tools they need to do their best work.
With GitHub’s FedRAMP Authorized service, agencies can:
- Securely collaborate in the cloud
- Foster innovation and continuously test new ideas
- Modernize the way you build software
These are not restricted to government agencies—and everyone in the GitHub community can benefit from these security and privacy enhancements.
Written by
Related posts
2024 is the biggest global election year in history. What’s at stake for developers?
GitHub is considering what is at stake for our users and platform, how we can take responsible action to support free and fair elections, and how developers contribute to resilient democratic processes.
GitHub named a Leader in the Gartner first-ever Magic Quadrant for AI Code Assistants
This year, as part of its annual Magic Quadrant series, Gartner published a first-of-its-kind report analyzing the state of play in the AI Code Assistants market–and named GitHub a Leader.
Survey: The AI wave continues to grow on software development teams
We surveyed 2,000 people on software development teams at enterprises in the U.S., Brazil, India, and Germany about the use, experience, and expectations around generative AI tools in software development.