We can't control the decisions they make, and wouldn't want to... Each agency has their own CIO, and needs to be able to make decisions about stacks based their needs. Compliance requirements for running a service in public are so huge that agencies have conservatively stuck to ancient options, or farmed it all out to vendors. Our goal is to make the operations, deployment, and compliance aspects of service delivery trivial so they can put more of their resources (and those of the vendors they pay) into the improvement of the services they provide rather than sinking a huge portion of their budgets into redundantly addressing compliance and deployment concerns. And of course, use modern tech.
Good luck with that. I was only a government contractor and the amount of blue badges that argue how the other agency is doing it wrong / stupid and they would never use their stack is insane.
You're right, everyone is on the hook for their own agency, and with such strict regulations they are very conservative about using each other's stuff, which is effectively delegating decisions and responsibility to others that may get them in trouble.
This is a major reason for cloud.gov going after the FedRAMP JAB P-ATO recognition. "JAB" is the Joint Authorization Board comprised of the CIOs of the Department of Defense, Department of Homeland Security, and the General Services Administration. Having a triple-sign-off from three CIOs under a consistently applied set of standards is the highest social proof you can get in government that will convince other agency CIOs that it is OK to use your stuff at their agency. Normally it's vendors that go through this program... We're among the few to do it for a government-developed-and-operated service, and the first to do it for something as generally useful as a PaaS.
The other aspect is making sure everything we do to deploy and document the platform's compliance is open source and subject to scrutiny, so they can check for themselves... and ideally contribute in areas they think it could be better, of course!
bmogilefsky|9 years ago
BinaryIdiot|9 years ago
bmogilefsky|9 years ago
This is a major reason for cloud.gov going after the FedRAMP JAB P-ATO recognition. "JAB" is the Joint Authorization Board comprised of the CIOs of the Department of Defense, Department of Homeland Security, and the General Services Administration. Having a triple-sign-off from three CIOs under a consistently applied set of standards is the highest social proof you can get in government that will convince other agency CIOs that it is OK to use your stuff at their agency. Normally it's vendors that go through this program... We're among the few to do it for a government-developed-and-operated service, and the first to do it for something as generally useful as a PaaS.
The other aspect is making sure everything we do to deploy and document the platform's compliance is open source and subject to scrutiny, so they can check for themselves... and ideally contribute in areas they think it could be better, of course!
wslack|9 years ago