Github Team Management

Summary

This page documents how FedRAMP PMO manages the on-boarding and off-boarding of developers, including internal FedRAMP developers, partner developers from other with federal agencies (e.g. GSA, NIST), or contractor teams (e.g. badged contractors for 10x working on the ASAP Project) actively contracted to continue work on artifacts in this repository.

Organization and Team Structure

Per TTS guidance recommended in ADR 4, the FedRAMP Automation work and repository use intentionally configured in the Github organization for GSA project. Within that organization, there is a hierarchy of teams.

• GSA organization
  • fedramp-automation team as a container for specific child teams below:
    • fedramp-automation-admins team to maintain administrative control and overall continuinity for different partner developers. This group includes federal employees in the FedRAMP PMO, in addition to the OSCAL support developer, with that goal in mind.
    • fedramp-automation-partners team for developers for different developer groups, mentioned above, to be grouped in a team for streamlined permissions to current or newly formed repositories.

Standard Operating Procedures

Repository Permissions

• For new repositories:
  • Create the repository, for this example scenario fedramp-example-repo using the Github user interface by accessing github.com/organizations/GSA/repositories/new.
• View the configuration page for repo permissions by accessing github.com/GSA/fedramp-example-repo/settings/access.
• Perform a user review and accordingly remove any users or groups that do not require permission to the repository.
• You must fedramp-automation-admins team with the Admin role.
• You should add fedramp-automation-partners team or a relevant project-specific development team with the Write role.