GitHub is FedRAMP Authorized
GitHub is FedRAMP approved via the Tailored baseline of security controls, ensuring the United States government can confidently and securely manage their low impact data and source code.
Governments around the world use GitHub to build software, shape policy, and share information with constituents. To better support the missions of our government community, we participated in the US government’s recent efforts to streamline the security review and authorization for certain software tools—and today we’re pleased to share that GitHub Business Cloud is authorized via the FedRAMP Tailored baseline of security controls.
This exciting milestone means government users can continue to use GitHub with the confidence that our platform meets the low impact software-as-a-service (SaaS) baseline of
security standards set by our US federal government partners.
What is FedRAMP?
The US General Services Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP) standardizes security assessment, authorization, and continuous monitoring of cloud products and services by federal agencies. Instead of agencies individually authorizing cloud service offerings, FedRAMP offers a single authorization process, speeding up the government’s adoption of cloud services.
FedRAMP applies to a wide range of government technology services. The team at GSA recognized an opportunity to fine-tune FedRAMP specifically for software-as-a-service (SaaS) providers, allowing GitHub to provide feedback as they created the new FedRAMP Tailored framework. We’ve completed the assessment phase and Business Cloud has secured the FedRAMP Tailored Authorization.
Privacy and security enhancements for the GitHub community
In the summer of 2009, The New York Senate was the first government organization to post code to GitHub. In 2013 the GSA made their initial commit—and today GitHub has thousands of active government users. Agencies use GitHub to develop software, collaborate with the public on open source, publish data sets, solicit input on policies, and more.
The Tailored framework lowers the barrier to entry for cloud software providers interested in securing FedRAMP Authorization. It’s our hope that the new framework controls helps SaaS providers more efficiently meet government security standards and makes it easier for federal, state, and local government agencies to use the development tools they need to do their best work.
With GitHub’s FedRAMP Authorized service, agencies can:
- Securely collaborate in the cloud
- Foster innovation and continuously test new ideas
- Modernize the way you build software
These are not restricted to government agencies—and everyone in the GitHub community can benefit from these security and privacy enhancements.
Written by
Related posts
An update on GitHub availability
Here’s what we’ve done—and what we’re still doing—to improve our availability and reliability.
GitHub Copilot is moving to usage-based billing
Starting June 1, your Copilot usage will consume GitHub AI Credits.
Changes to GitHub Copilot Individual plans
We’re making these changes to ensure a reliable and predictable experience for existing customers.