This repository was archived by the owner on Jun 10, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
Import of GDoc 1pager + compliance/records #28
Open
pburkholder
wants to merge
3
commits into
18F:master
Choose a base branch
from
pburkholder:tools-w-compliance
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
|
|
||
| # Communication Tools | ||
|
|
||
| Here is a quick introduction to the common, and free, communication tools that 18F teams use when working with other federal agencies. 18F can help you decide which tools best fit your needs and help you get set up. | ||
|
|
||
| ## Slack | ||
|
|
||
| [Slack](https://slack.com/) is an instant messaging tool that uses themed chat rooms (called channels) to help teams quickly communicate on a daily basis, in an open, collaborative way. The 18F team will create a channel for your project in our Slack workspace, which you can access from your web browser. It may be useful to read about [what managers need to know about social tools](https://hbr.org/2017/11/what-managers-need-to-know-about-social-tools) when getting started. | ||
|
|
||
| <details> | ||
| <summary> Compliance and records considerations</summary> | ||
|
|
||
| - Slack is ATO'd for use in GSA, and has an FedRAMP Agency Authorization at the [LI-SaaS impact level](https://tailored.fedramp.gov/). Slack operates within the AWS public cloud. | ||
| - All communication in Slack are considered records and conform to GSA's record management policy. | ||
| </details> | ||
|
|
||
| ## GitHub | ||
|
|
||
| [GitHub](https://github.com/) is an online code storage and collaboration platform. 18F will create a repository (commonly called a repo) for this project and use it to store both documents and code. By default, 18F's work with your team on GitHub will be visible to the public. Your 18F team can tell you more more about the benefits of working in the open. Teams may also use GitHub, as well as browser add-ons that complement it, to collaboratively track project tasks. | ||
|
|
||
| <details> | ||
| <summary>Compliance and records considerations</summary> | ||
|
|
||
| - GitHub is ATO'd for use in GSA, and has an FedRAMP Agency Authorization at the [LI-SaaS impact level](https://tailored.fedramp.gov/). GitHub operates their own datacenters. | ||
| - All communication in GitHub are considered records and conform to GSA's record management policy. | ||
| </details> | ||
|
|
||
| ## Github Wikis | ||
|
|
||
| [Wikis](https://help.github.com/articles/about-github-wikis/) are a section of GitHub that teams use to store supporting documents. Each GitHub repository has its own wiki, and anyone on your team can edit the wiki. A wiki is a good place to store documents that the team will refer back to throughout a project such as design principles, research results, or a project roadmap. | ||
|
|
||
|
|
||
| ## Trello | ||
|
|
||
| [Trello](https://trello.com/) is a project management tool that organizes information into lists. Teams often use it to track specific tasks through different stages (such as backlog, in progress, in review, and done). Trello boards can be private or open to the public. | ||
|
|
||
| <details> | ||
| <summary>Compliance and records considerations:</summary> | ||
|
|
||
| - Trello does not have FedRAMP authorization nor any in progress. GSA IT has approved LiSaaS ATO through 2020-01-09 | ||
| - Trello boards should be considered records | ||
| </details> | ||
|
|
||
| <details> | ||
| <summary>Trello alternatives</summary> | ||
|
|
||
| ### Zenhub | ||
|
|
||
| Not recommended from a compliance perspective. No FedRAMP in progress, no GSA IT approval for use of the service. From a user perspective, it's great that it works within GitHub and provides higher-level scoping and linking (e.g., epics and dependencies) than does Jira. | ||
|
|
||
| ### GitHub Projects | ||
|
|
||
| Not recommended from usability/UI perspective, as the interface is basic without the richness of other planning systems or the simplicity of Trello. Compliance/records considerations are the same as for GitHub | ||
|
|
||
| ### Jira | ||
|
|
||
| GSAIT Jira instance is not recommended: pretty difficult to grant access to outsiders, and it's pretty heavyweight and difficult to configure for ease of use. | ||
|
|
||
| ### Microsoft Azure Devops Boards | ||
|
|
||
| Bundled with Azure, but not within FedRAMP services in scope. | ||
| </details> | ||
|
|
||
| ## Google Drive | ||
|
|
||
| [Google Drive](https://www.google.com/drive/) is a storage and collaboration platform or spreadsheets, slide decks, and text documents. Documents on Google Drive are not public. Your 18F team can get your team access to our Google Drive so everyone can collaborate. | ||
|
|
||
| ## Google Hangouts and Zoom | ||
|
|
||
| [Google Hangouts](https://hangouts.google.com/) and [Zoom](https://zoom.us/) enable staff all over the country to video chat in remote meetings. We've found that video calls help teams stay connected and are easier to manage than conference calls for large groups. | ||
|
|
||
| <details> | ||
| <summary>Compliance and records considerations</summary> | ||
|
|
||
| - [Zoom for Government has an FedRAMP Agency ATO](https://marketplace.fedramp.gov/#/product/zoom-for-government) (Moderate Impact) in process and should be authorized in Q1 2019. Agencies using the service include GSA, DHS and Customs and Border protection. | ||
| - Recordings of meetings are records and should be treated as such | ||
|
|
||
| </details> | ||
|
|
||
| ## Mural | ||
|
|
||
| [Mural](https://mural.co/) is an online collaborative whiteboard tool. In team workshops, it allows teams to collectively generate ideas by drawing on sticky notes and moving them around as if they were in the same room. You don't need to have an account to participate and you can access the tool from any browser. | ||
|
|
||
| <details> | ||
| <summary>Compliance and records considerations</summary> | ||
|
|
||
| - Mural is hosted on Azure commercial public cloud. Has a GSA ATO, but does not have a FedRAMP authorization or anything in process | ||
| - Generally would not store "records" but be used for transient organization of information for discussion purposes. However GSA records officer has determined that "This product likely creates a number of record types. However, the specific types of records created will depend on the context in which this product is used." so you should be sure to export and archive Mural's periodically. | ||
| - Truly low-impact: Mural should not used to store anything confidential or authoritative, and is generally not used as such, but is used for ephemeral organization of information and production visualizations. Non-GSA participants are invited to use the service anonymously., | ||
| </details> | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Although these tools are freely available and have free tiers the pricing model of these tools that we're on is usually a paid version the features we need for security and compliance aren't typically offered in the free tier.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@afeld & @JJediny -- these tools should probably be considered 'widely-used' enough to merit sponsorship through FedRAMP
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect we should probably close this in favor of the efforts currently ongoing in the handbook.
cc @colinmurphy01
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed and we'll be posting a new PR today.