What is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. See the GSA definition.

Details about the FedRAMP program highlight the process and status of how cloud services are assessed and certified in the FedRAMP marketplace.

GitLab and FedRAMP

FedRAMP authorization is applicable only to Cloud Service Offerings, as a significant focus of the controls are on operational aspects of a service. In the context of GitLab products, it is only applicable to GitLab SaaS Services.

GitLab is pursuing FedRAMP Moderate authorization for a SaaS service we provide and host. When we have an expected timeline for achieving FedRAMP-authorized status, we will add it to our product roadmap.

In the meantime, customers are able to deploy GitLab into their FedRAMP authorization boundary including AWS, Google Cloud, Azure, or on-prem/data center. GitLab provides documentation on how to install a FIPS-compliant version of our software.

If you want to learn more about GitLab and how we support public sector agencies, departments, and organizations, please contact us.