FedRAMP and GitLab
What is FedRAMP?
The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. See the GSA definition.
GitLab and FedRAMP
FedRAMP authorization is applicable only to Cloud Service Offerings, as a significant focus of the controls are on operational aspects of a service. In the context of GitLab products, it is only applicable to GitLab SaaS Services.
GitLab is pursuing FedRAMP Moderate authorization for a SaaS service we provide and host. When we have an expected timeline for achieving FedRAMP-authorized status, we will add it to our product roadmap.
In the meantime, customers are able to deploy GitLab into their FedRAMP authorization boundary including AWS, Google Cloud, Azure, or on-prem/data center. GitLab provides documentation on how to install a FIPS-compliant version of our software.
If you want to learn more about GitLab and how we support public sector agencies, departments, and organizations, please contact us.