The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. See the GSA definition.
Specifically, FedRAMP is focused on cloud products and services, evaluating and certifying cloud PAAS, IAAS, and SAAS offerings. Details about the FedRAMP program highlight the process and status of how cloud services are assessed and certified in the FedRAMP marketplace.
GitLab is both a product that you can host and a cloud service that we host.
You can deploy GitLab into your FedRAMP cloud PaaS such as AWS, Google Cloud, Azure, and others. In fact, many agencies and customers deploy and manage their own instance of GitLab in their cloud with the majority of our government customers using an on-premise instance of our software product in their cloud environment (like AWS, Google Cloud, or Azure) or in a hybrid or multi-cloud environment. Other customers find that they can install and run a self-managed instance of the GitLab product by placing it in a FedRAMP-authorized data center and using a FedRAMP-authorized Cloud Service Provider.
For our hosted offering of GitLab.com, we're working toward FedRAMP certification. When we have an expected timeline for achieving FedRAMP-authorized status, we will add it to our product roadmap.
If you want to learn more about GitLab and how we support public sector agencies, departments, and organizations, please contact us.