jezhumble · March 14, 2016 16:49
diff --git a/ato-signature-apps-gov b/ato-signature-apps-gov
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512

 - -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512

 Apps.gov Authorization Decision 
 Product Owner: Andrew Stroup | System Owner: Andrew Stroup

 Thru: 
 Jez Humble
 Deputy Infrastructure Director, 18F
 Designated Authorizing Official


 From: 
 Aaron Snow
 Deputy Associate Administrator, 18F
 Authorizing Official

 Subject: Authority to operate for https://apps.gov/
 
 A scoped security assessment of this system has been performed by the 18F DevOps team in accordance with 18F methodologies to detect vulnerabilities in sites managed by second or third parties.
 
 Apps.gov is an active marketplace that helps gov employees evaluate and compare cloud-based products. Information on product's description, certifications, and contract vehicles are listed. Additionally, resources for tech companies to list their products and how to get started selling to the federal government can be found.

 Using NIST FIPS 199 methodology, this system has been given the following security categories if the following are lost:

 Confidentiality: n/a
 Integrity: Low
 Availability: Low

 The system contains only publicly available information for general consumption and overall meets the requirements in Guidelines for Granting Authority to Operate 18F Hosted Open Data Systems. 
 
 Based on the results from automated scans of the infrastructure, operating system, code base, and attack surface area, I have determined that the risk to agency operations, data, or assets resulting from the operation of the system is acceptable.

 Accordingly, I am issuing an authorization to operate the system in its existing environment through March 12, 2017 under the following conditions:
 
 The security boundary of the underlying infrastructure or the system will not be significantly altered; changes will require re-assessment. 
 The security authorization of the information system will remain in effect through the date above, as long as the system falls under the definition of an OpenData system and any critical security issues identified as a result of continuous monitoring are remediated immediately.

 Relevant repository: https://github.com/presidential-innovation-fellows/apps-gov

 System Security Plan: https://github.com/presidential-innovation-fellows/apps-gov/blob/master/system-security-plan.yml

 Approved:

 PGP Signature

 Aaron Snow
 Deputy Associate Administrator, 18F

 Thru:

 PGP Signature	

 Jez Humble
 Deputy Infrastructure Director, 18F
 - -----BEGIN PGP SIGNATURE-----
 Version: Keybase OpenPGP v2.0.51
 Comment: https://keybase.io/crypto

 wsBcBAABCgAGBQJW5EEMAAoJECbC5Z4TCRnSJxwH/jaIlIaj+OQToHtIvpy3dtJi
 eFX0EtTyCmvyYBt7k33vvgVcyDqzpkeNLDA3mmVJJ3RnX81tyhmrUwCTiDhcljfe
 1tYRYwov1I6GXRO7BAW034n0wdXsRvcl5N4AaStojHaG2qdhu/wBvbRp58HcpU9u
 I7S56EwPZ+Fq3yomn157tPDUYHNMH7wyv/hgUM5Vnqmz6YeVtK0nXOlUc2u5COa3
 U0z7zcTWNs8aXTitrTLrCCtAiyoMtdGLZylYQmJ39sMFnf4irtfimCHP2VUiw1J0
 w+yp1+cgH1BgNwnZzTVcvfy+hCxzIektcFY13I8m6R4Aa2w8dra3fEMoChbW2Wk=
 =kzU7
 - -----END PGP SIGNATURE-----
 -----BEGIN PGP SIGNATURE-----
 Version: Keybase OpenPGP v2.0.51
 Comment: https://keybase.io/crypto

 wsBcBAABCgAGBQJW5XxtAAoJEE+MYuFudW5K+N4H/jLu6ikoi1qYAKCsCj0otELi
 QbAalyCwWaZNKUEsY/ClE/IC51v/VYfeITuo9XFZ7hpAa3xueZEQ2mBgu2mPeu4F
 YygvN8xyFVCtJjHlDwxCWtQoamgz29/VjDif8Oz/kI5PtUU6Wo9Fb8MWFj90AzGF
 wPJyIVvKS9jxrmXZVCNgKlQNiuLCcztyU2vsYe6S0gvxizW4eA6k2G7dDQQ/4iDu
 XnnzM8mbP2cNd66DtYwTwFSfTRFzefeXeMEVCXLudEKtH36ShD5cla+ACG0XjOIc
 KEUu287VvqLPF90QO4f3yFaGQgBcowRNbR/HSFlxEJlSwKN9UYjrzxIH1C4EOos=
 =B6k5
 -----END PGP SIGNATURE-----
	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA512

	- -----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA512

	Apps.gov Authorization Decision
	Product Owner: Andrew Stroup \| System Owner: Andrew Stroup

	Thru:
	Jez Humble
	Deputy Infrastructure Director, 18F
	Designated Authorizing Official


	From:
	Aaron Snow
	Deputy Associate Administrator, 18F
	Authorizing Official

	Subject: Authority to operate for https://apps.gov/

	A scoped security assessment of this system has been performed by the 18F DevOps team in accordance with 18F methodologies to detect vulnerabilities in sites managed by second or third parties.

	Apps.gov is an active marketplace that helps gov employees evaluate and compare cloud-based products. Information on product's description, certifications, and contract vehicles are listed. Additionally, resources for tech companies to list their products and how to get started selling to the federal government can be found.

	Using NIST FIPS 199 methodology, this system has been given the following security categories if the following are lost:

	Confidentiality: n/a
	Integrity: Low
	Availability: Low

	The system contains only publicly available information for general consumption and overall meets the requirements in Guidelines for Granting Authority to Operate 18F Hosted Open Data Systems.

	Based on the results from automated scans of the infrastructure, operating system, code base, and attack surface area, I have determined that the risk to agency operations, data, or assets resulting from the operation of the system is acceptable.

	Accordingly, I am issuing an authorization to operate the system in its existing environment through March 12, 2017 under the following conditions:

	The security boundary of the underlying infrastructure or the system will not be significantly altered; changes will require re-assessment.
	The security authorization of the information system will remain in effect through the date above, as long as the system falls under the definition of an OpenData system and any critical security issues identified as a result of continuous monitoring are remediated immediately.

	Relevant repository: https://github.com/presidential-innovation-fellows/apps-gov

	System Security Plan: https://github.com/presidential-innovation-fellows/apps-gov/blob/master/system-security-plan.yml

	Approved:

	PGP Signature

	Aaron Snow
	Deputy Associate Administrator, 18F

	Thru:

	PGP Signature

	Jez Humble
	Deputy Infrastructure Director, 18F
	- -----BEGIN PGP SIGNATURE-----
	Version: Keybase OpenPGP v2.0.51
	Comment: https://keybase.io/crypto

	wsBcBAABCgAGBQJW5EEMAAoJECbC5Z4TCRnSJxwH/jaIlIaj+OQToHtIvpy3dtJi
	eFX0EtTyCmvyYBt7k33vvgVcyDqzpkeNLDA3mmVJJ3RnX81tyhmrUwCTiDhcljfe
	1tYRYwov1I6GXRO7BAW034n0wdXsRvcl5N4AaStojHaG2qdhu/wBvbRp58HcpU9u
	I7S56EwPZ+Fq3yomn157tPDUYHNMH7wyv/hgUM5Vnqmz6YeVtK0nXOlUc2u5COa3
	U0z7zcTWNs8aXTitrTLrCCtAiyoMtdGLZylYQmJ39sMFnf4irtfimCHP2VUiw1J0
	w+yp1+cgH1BgNwnZzTVcvfy+hCxzIektcFY13I8m6R4Aa2w8dra3fEMoChbW2Wk=
	=kzU7
	- -----END PGP SIGNATURE-----
	-----BEGIN PGP SIGNATURE-----
	Version: Keybase OpenPGP v2.0.51
	Comment: https://keybase.io/crypto

	wsBcBAABCgAGBQJW5XxtAAoJEE+MYuFudW5K+N4H/jLu6ikoi1qYAKCsCj0otELi
	QbAalyCwWaZNKUEsY/ClE/IC51v/VYfeITuo9XFZ7hpAa3xueZEQ2mBgu2mPeu4F
	YygvN8xyFVCtJjHlDwxCWtQoamgz29/VjDif8Oz/kI5PtUU6Wo9Fb8MWFj90AzGF
	wPJyIVvKS9jxrmXZVCNgKlQNiuLCcztyU2vsYe6S0gvxizW4eA6k2G7dDQQ/4iDu
	XnnzM8mbP2cNd66DtYwTwFSfTRFzefeXeMEVCXLudEKtH36ShD5cla+ACG0XjOIc
	KEUu287VvqLPF90QO4f3yFaGQgBcowRNbR/HSFlxEJlSwKN9UYjrzxIH1C4EOos=
	=B6k5
	-----END PGP SIGNATURE-----