GSA Open Source Software (OSS) Policy

Purpose

The purpose of this Order is to update GSA’s policy on open source software development and publication, reinforce GSA’s commitment to a transparent, open-first approach to software development, provide clear guidance to our industry partners on the government’s expectations for open source strategy, handling of code, responsibilities and practices, and to outline the agency’s responsibility for complying with OMB’s open source policy.

This policy aims to:

1. Enhance efficiency – Maximize the value of government’s technology investment;
2. Promote sharing – Make it easier to collaborate, share standards, and promote best practices;
3. Increase competition – Encourage vendor diversity by providing open access to projects, data, code and playbooks, making it easier for a broader community of providers, including small, specialized vendors to participate;
4. Increase transparency – Allow other government agencies and governments to leverage, extend, and share improvements to code as they meet their own similar needs and allow the American public to more easily understand and participate in government; and
5. Enhance security – When combined with secure code practices such as NIST SP 800-218 Secure Software Development Framework, improve the security and resilience of our technology while reducing the risks associated with closed systems, data, and processes.

Background

Beginning with our initial open source strategy in 2015 and subsequently with the issuance of our first Open Source Policy in 2016, the Office of GSA IT takes an open-first approach to data, application programming interfaces, artificial intelligence, and source code. At approximately the same time, OMB published OMB Memorandum M-16-21. The release of this memorandum prioritized the creation of an agency-wide process of releasing open source code. As GSA continues to lead with forward-thinking technology processes, the agency will provide high levels of support for open source development from GSA IT infrastructure and development tools. 

Applicability

1. This Order applies to all GSA Services, Staff Offices, and Regional components.
2. This Order applies to the Office of Inspector General (OIG) only to the extent that the OIG determines it is consistent with the OIG’s independent authority under the IG Act and it does not conflict with other OIG policies or the OIG mission.
3. This Order applies to the Civilian Board of Contract Appeals (CBCA) only to the extent that the CBCA determines it is consistent with the CBCA’s independent authority under the Contract Disputes Act and other authorities and it does not conflict with the CBCA’s policies or the CBCA mission.

Cancellation

This Order supersedes CIO 2107.1, GSA Open Source Software (OSS) Policy, dated January 14, 2019. 

Summary of Changes

1. Updated document to conform with OAS 1832.1C.
2. Simplifies the policy to focus on GSA’s open-first posture.
3. Updates the policy to align with current federal open source requirements and simplify compliance.

Roles and Responsibilities

1. GSA’s Chief Technology Officer (CTO) is responsible for establishing implementation guidance and publishing on https://open.gsa.gov.
2. GSA Service and Staff Offices (Project teams) are responsible for using a suitable version control system with appropriate configuration and security tooling for secure development, and ensuring that it supports the application’s level of strategic importance in terms of integrity, confidentiality, and availability.
3. GSA Service and Staff Offices (Project teams) are responsible for being “open first” by requiring new custom code to be developed in the open in publically-readable repositories. Sufficient justification will be required for new custom code that does not follow these guidelines. For guidance, see https://open.gsa.gov.