This repository was archived by the owner on Jul 1, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 119
Github Team Management
Rene Tshiteya edited this page May 9, 2024
·
13 revisions
This page documents how FedRAMP PMO manages the on-boarding and off-boarding of developers, including internal FedRAMP developers, partner developers from other with federal agencies (e.g. GSA, NIST), or contractor teams actively contracted to continue work on artifacts in this repository.
Per TTS guidance recommended in ADR 3, the FedRAMP Automation work and repository use intentionally configured in the Github organization for GSA project. Within that organization, there is a hierarchy of teams.
-
GSAorganization-
fedramp-automationteam as a container for specific child teams below:- fedramp-oscal-maintainers team to maintain administrative control and overall continuity for different partner developers. This group includes federal employees in the FedRAMP PMO.
- fedramp-oscal-contributors team for developers that need write access to manage issues and feature branches. These users need to be a member of the GSA organization first.
-
- For new repositories:
- Create the repository, for this example scenario
fedramp-example-repousing the Github user interface by accessing github.com/organizations/GSA/repositories/new.
- Create the repository, for this example scenario
- View the configuration page for repo permissions by accessing github.com/GSA/fedramp-example-repo/settings/access.
- Perform a user review and accordingly remove any users or groups that do not require permission to the repository.
- You must add
fedramp-oscal-contributorsteam or a relevant project-specific development team with theWriterole. - FOR NEW ADMINS ONLY: You must add fedramp-oscal-maintainers team with the
Adminrole.
- Confirm the user is part of the
GSAorganization.- If not, confirm the developer is following the Github user configuration standard
- Email GSA Github Support at [email protected] to request the user be added to the GSA organization.
- Confirm the user has accepted the invitation to the GSA organization.
- Add or request on your behalf that a member of the
fedramp-automation-adminsteam add the user tofedramp-oscal-contributorsor a relevant project-specific team.- Confirm the user has accepted the invitation to the relevant FedRAMP Automation team.
- At the conclusion of a particular project, remove or request on your behalf that a member of fedramp-oscal-maintainers team remove the user from the
fedramp-oscal-contributorsor a relevant project-specific team. - If the user is a contractor or external partner, and all contract or inter-agency work is complete, email GSA Github Support at [email protected] to request the user be removed from the GSA organization.