top | item 11838929

(no title)

You're right, everyone is on the hook for their own agency, and with such strict regulations they are very conservative about using each other's stuff, which is effectively delegating decisions and responsibility to others that may get them in trouble.

This is a major reason for cloud.gov going after the FedRAMP JAB P-ATO recognition. "JAB" is the Joint Authorization Board comprised of the CIOs of the Department of Defense, Department of Homeland Security, and the General Services Administration. Having a triple-sign-off from three CIOs under a consistently applied set of standards is the highest social proof you can get in government that will convince other agency CIOs that it is OK to use your stuff at their agency. Normally it's vendors that go through this program... We're among the few to do it for a government-developed-and-operated service, and the first to do it for something as generally useful as a PaaS.

The other aspect is making sure everything we do to deploy and document the platform's compliance is open source and subject to scrutiny, so they can check for themselves... and ideally contribute in areas they think it could be better, of course!

discuss

BinaryIdiot|9 years ago

You're fighting the good fight and seems you have a good path. Curious how far you guys make it (it almost seems like everyone is against using "the other guy's" stuff but the vast majority of the time it would save millions). Good luck!