To Get Things Done, You Need Great, Secure Tools

To folks new to government, one of the most surprising differences between our work and work in the private sector are the barriers in accessing commercially available software, and commercially available Software-as-a-Service (SaaS) in particular. There are good reasons for these barriers: the government places premiums on considerations such as security, privacy, accessibility, license management, and competition. It takes great care to work within those considerations while also providing digital teams with great tools to get work done.

Since GSA created the Technology Transformation Service (TTS) in May 2016, we have made enormous investments in the overall security posture of 18F, including bolstering the partnership between TTS and the GSA Chief Information Officer’s office (GSA IT). About six months ago, we announced that we were “full steam ahead” on our FedRAMP assessment process for cloud.gov, a Platform-as-a-Service for government teams. As part of that process, we invested significant effort into automating our infrastructure to ensure continuous improvements. These efforts helped the cloud.gov team receive final signatures from the CIOs of GSA, Department of Defense, and the Department of Homeland Security to certify that the platform meets the controls necessary to operate in the federal government.

To make system delivery easier, and to pave the way for development teams in other agencies, we have also made significant investments in the past year to dramatically improve our ability to make use of commercially available SaaS products. Part of this process has been continuing our close collaboration with GSA IT. TTS can only deliver on projects like cloud.gov by working in tight collaboration with GSA’s CIO, CTO, CISO, and security and compliance folks. Together, we’re helping GSA chart this new territory. For example, in September, GSA IT issued a new policy related to GSA’s IT Standards Profile, which established a new “pilot process” that enables TTS to test out commercially available cloud-based SaaS and ensure compliance with various federal laws and policies. Similarly, GSA IT issued a new OAuth Integration Policy, which provides clarity around user authentication and authorization for TTS’s use of commercially available SaaS products. Our close collaboration means that we can have the tools and resources we need, and we’re more aligned with industry best practices.

Similarly, TTS is focused on helping bring commercially available products and services that are used widely in the private sector into the federal government. For example, TTS and the GSA’s Federal Acquisition Service have been working in partnership to purchase SaaS products that TTS relies upon. We’re also working closely with GSA’s Schedule 70 program to help make it easier for innovative companies to work with the federal government.

Finally, the FedRAMP program recently announced its “FedRAMP Tailored” initiative, which will help accelerate the availability of low-impact SaaS offerings government-wide, making it possible for agencies to more readily adopt commercially available SaaS.

In the long-run, GSA wants to make it easy for the government to take advantage of best-of-breed software, and to accelerate adoption of SaaS by government agencies. We will continue to improve TTS processes, ensure that our systems are secure, and partner with industry to help reduce the barriers for effective software delivery in the government.

This post was originally published on the 18F blog.