From b6b72e95a8846e56a877dad4e89abb0d95eda530 Mon Sep 17 00:00:00 2001 From: Peter Burkholder Date: Fri, 1 Feb 2019 13:08:20 -0500 Subject: [PATCH 1/3] Import of GDoc 1pager + compliance/records --- tools.md | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 tools.md diff --git a/tools.md b/tools.md new file mode 100644 index 0000000..029a546 --- /dev/null +++ b/tools.md @@ -0,0 +1,90 @@ + +# Communication Tools + +Here is a quick introduction to the common, and free, communication tools that 18F teams use when working with other federal agencies. 18F can help you decide which tools best fit your needs and help you get set up. + +## Slack + +[Slack](https://slack.com/) is an instant messaging tool that uses themed chat rooms (called channels) to help teams quickly communicate on a daily basis, in an open, collaborative way. The 18F team will create a channel for your project in our Slack workspace, which you can access from your web browser. + +
+ Compliance and records considerations + +- Slack is ATO'd for use in GSA, and has an FedRAMP Agency Authorization at the [LI-SaaS impact level](https://tailored.fedramp.gov/). Slack operates within the AWS public cloud. +- All communication in Slack are considered records and conform to GSA's record management policy. +
+ +## GitHub + +[GitHub](https://github.com/) is an online code storage and collaboration platform. 18F will create a repository (commonly called a repo) for this project and use it to store both documents and code. By default, 18F's work with your team on GitHub will be visible to the public. Your 18F team can tell you more more about the benefits of working in the open. Teams may also use GitHub, as well as browser add-ons that complement it, to collaboratively track project tasks. + +
+Compliance and records considerations + +- GitHub is ATO'd for use in GSA, and has an FedRAMP Agency Authorization at the [LI-SaaS impact level](https://tailored.fedramp.gov/). GitHub operates their own datacenters. +- All communication in GitHub are considered records and conform to GSA's record management policy. +
+ +## Github Wikis + +[Wikis](https://help.github.com/articles/about-github-wikis/) are a section of GitHub that teams use to store supporting documents. Each GitHub repository has its own wiki, and anyone on your team can edit the wiki. A wiki is a good place to store documents that the team will refer back to throughout a project such as design principles, research results, or a project roadmap. + + +## Trello + +[Trello](https://trello.com/) is a project management tool that organizes information into lists. Teams often use it to track specific tasks through different stages (such as backlog, in progress, in review, and done). Trello boards can be private or open to the public. + +
+Compliance and records considerations: + +- Trello does not have FedRAMP authorization nor any in progress. GSA IT has approved LiSaaS ATO through 2020-01-09 +- Trello boards should be considered records +
+ +
+Trello alternatives + +### Zenhub + +Not recommended from a compliance perspective. No FedRAMP in progress, no GSA IT approval for use of the service. From a user perspective, it's great that it works within GitHub and provides higher-level scoping and linking (e.g., epics and dependencies) than does Jira. + +### GitHub Projects + +Not recommended from usability/UI perspective, as the interface is basic without the richness of other planning systems or the simplicity of Trello. Compliance/records considerations are the same as for GitHub + +### Jira + +GSAIT Jira instance is not recommended: pretty difficult to grant access to outsiders, and it's pretty heavyweight and difficult to configure for ease of use. + +### Microsoft Azure Devops Boards + +Bundled with Azure, but not within FedRAMP services in scope. +
+ +## Google Drive + +[Google Drive](https://www.google.com/drive/) is a storage and collaboration platform or spreadsheets, slide decks, and text documents. Documents on Google Drive are not public. Your 18F team can get your team access to our Google Drive so everyone can collaborate. + +## Google Hangouts and Zoom + +[Google Hangouts](https://hangouts.google.com/) and [Zoom](https://zoom.us/) enable staff all over the country to video chat in remote meetings. We've found that video calls help teams stay connected and are easier to manage than conference calls for large groups. + +
+Compliance and records considerations + +- [Zoom for Government has an FedRAMP Agency ATO](https://marketplace.fedramp.gov/#/product/zoom-for-government) (Moderate Impact) in process and should be authorized in Q1 2019. Agencies using the service include GSA, DHS and Customs and Border protection. +- Recordings of meetings are records and should be treated as such + +
+ +## Mural + +[Mural](https://mural.co/) is an online collaborative whiteboard tool. In team workshops, it allows teams to collectively generate ideas by drawing on sticky notes and moving them around as if they were in the same room. You don't need to have an account to participate and you can access the tool from any browser. + +
+Compliance and records considerations + +- Mural is hosted on AWS commercial public cloud. Has a GSA ATO, but does not have a FedRAMP authorization or anything in process +- Generally would not store "records" but be used for transient organization of information for discussion purposes. However GSA records officer has determined that "This product likely creates a number of record types. However, the specific types of records created will depend on the context in which this product is used." so you should be sure to export and archive Mural's periodically. +- Truly low-impact: Mural should not used to store anything confidential or authoritative, and is generally not used as such, but is used for ephemeral organization of information and production visualizations. Non-GSA participants are invited to use the service anonymously., +
\ No newline at end of file From c1b508ae51da979d167b4feba0ae928413c83ae8 Mon Sep 17 00:00:00 2001 From: "Peter Burkholder (@pburkholder)" Date: Wed, 13 Feb 2019 11:27:52 -0500 Subject: [PATCH 2/3] Add link to HBR chat article It may be useful to read about [what managers need to know about social tools](https://hbr.org/2017/11/what-managers-need-to-know-about-social-tools) when getting started. --- tools.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools.md b/tools.md index 029a546..f049b07 100644 --- a/tools.md +++ b/tools.md @@ -5,7 +5,7 @@ Here is a quick introduction to the common, and free, communication tools that 1 ## Slack -[Slack](https://slack.com/) is an instant messaging tool that uses themed chat rooms (called channels) to help teams quickly communicate on a daily basis, in an open, collaborative way. The 18F team will create a channel for your project in our Slack workspace, which you can access from your web browser. +[Slack](https://slack.com/) is an instant messaging tool that uses themed chat rooms (called channels) to help teams quickly communicate on a daily basis, in an open, collaborative way. The 18F team will create a channel for your project in our Slack workspace, which you can access from your web browser. It may be useful to read about [what managers need to know about social tools](https://hbr.org/2017/11/what-managers-need-to-know-about-social-tools) when getting started.
Compliance and records considerations @@ -87,4 +87,4 @@ Bundled with Azure, but not within FedRAMP services in scope. - Mural is hosted on AWS commercial public cloud. Has a GSA ATO, but does not have a FedRAMP authorization or anything in process - Generally would not store "records" but be used for transient organization of information for discussion purposes. However GSA records officer has determined that "This product likely creates a number of record types. However, the specific types of records created will depend on the context in which this product is used." so you should be sure to export and archive Mural's periodically. - Truly low-impact: Mural should not used to store anything confidential or authoritative, and is generally not used as such, but is used for ephemeral organization of information and production visualizations. Non-GSA participants are invited to use the service anonymously., -
\ No newline at end of file + From 67263e5a073d102e2dc99be952dea7208744e803 Mon Sep 17 00:00:00 2001 From: "Peter Burkholder (@pburkholder)" Date: Tue, 30 Apr 2019 12:18:09 -0400 Subject: [PATCH 3/3] Correct Mural hosting to Azure, not AWS --- tools.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools.md b/tools.md index f049b07..3f2730a 100644 --- a/tools.md +++ b/tools.md @@ -84,7 +84,7 @@ Bundled with Azure, but not within FedRAMP services in scope.
Compliance and records considerations -- Mural is hosted on AWS commercial public cloud. Has a GSA ATO, but does not have a FedRAMP authorization or anything in process +- Mural is hosted on Azure commercial public cloud. Has a GSA ATO, but does not have a FedRAMP authorization or anything in process - Generally would not store "records" but be used for transient organization of information for discussion purposes. However GSA records officer has determined that "This product likely creates a number of record types. However, the specific types of records created will depend on the context in which this product is used." so you should be sure to export and archive Mural's periodically. - Truly low-impact: Mural should not used to store anything confidential or authoritative, and is generally not used as such, but is used for ephemeral organization of information and production visualizations. Non-GSA participants are invited to use the service anonymously.,