-
Notifications
You must be signed in to change notification settings - Fork 87
Github Team Management
David Waltermire edited this page May 9, 2024
·
13 revisions
This page documents how FedRAMP PMO manages the on-boarding and off-boarding of developers, including internal FedRAMP developers, partner developers from other with federal agencies (e.g. GSA, NIST), or contractor teams (e.g. badged contractors for 10x working on the ASAP Project) actively contracted to continue work on artifacts in this repository.
Per TTS guidance recommended in ADR 3, the FedRAMP Automation work and repository use intentionally configured in the Github organization for GSA project. Within that organization, there is a hierarchy of teams.
-
GSAorganization-
fedramp-automationteam as a container for specific child teams below:-
fedramp-automation-adminsteam to maintain administrative control and overall continuity for different partner developers. This group includes federal employees in the FedRAMP PMO, in addition to the OSCAL support developer, with that goal in mind. -
fedramp-oscal-contributorsteam for developers that need write access to manage issues and feature branches. These users need to be a member of the GSA organization first.
-
-
- For new repositories:
- Create the repository, for this example scenario
fedramp-example-repousing the Github user interface by accessing github.com/organizations/GSA/repositories/new.
- Create the repository, for this example scenario
- View the configuration page for repo permissions by accessing github.com/GSA/fedramp-example-repo/settings/access.
- Perform a user review and accordingly remove any users or groups that do not require permission to the repository.
- You must
fedramp-automation-adminsteam with theAdminrole. - You should add
fedramp-oscal-contributorsteam or a relevant project-specific development team with theWriterole.
- Confirm the user is part of the
GSAorganization.- If not, confirm the developer is following the Github user configuration standard
- Email GSA Github Support at [email protected] to request the user be added to the GSA organization.
- Confirm the user has accepted the invitation to the GSA organization.
- Add or request on your behalf that a member of the
fedramp-automation-adminsteam add the user tofedramp-oscal-contributorsor a relevant project-specific team.- Confirm the user has accepted the invitation to the relevant FedRAMP Automation team.
- At the conclusion of a particular project, remove or request on your behalf that a member of
fedramp-automation-adminsteam remove the user from thefedramp-oscal-contributorsor a relevant project-specific team. - If the user is a contractor or external partner, and all contract or inter-agency work is complete, email GSA Github Support at [email protected] to request the user be removed from the GSA organization.