The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. See the GSA definition.
Details about the FedRAMP program highlight the process and status of how cloud services are assessed and certified in the FedRAMP marketplace.
GitLab is both a product that you can host (self-managed) and a cloud service that we host (SaaS). GitLab is pursuing FedRAMP Moderate authorization. When we have an expected timeline for achieving FedRAMP-authorized status, we will add it to our product roadmap. In the meantime, customers are able to deploy GitLab into their FedRAMP authorization boundary including AWS, Google Cloud, Azure, or on-prem/data center. GitLab provides documentation on how to install a FIPS-compliant version of our software.
If you want to learn more about GitLab and how we support public sector agencies, departments, and organizations, please contact us.