ContextQMD
Back to Gitlabhq

GitLab Dedicated for Government

doc/subscriptions/gitlab_dedicated_for_government/_index.md

18.11.28.3 KB
Original Source

{{< details >}}

  • Tier: Ultimate
  • Offering: GitLab Dedicated for Government

{{< /details >}}

GitLab Dedicated for Government is a single-tenant SaaS solution designed for government agencies and organizations in regulated industries.

It provides the following:

  • FedRAMP Moderate authorized with Authority to Operate (ATO)
  • TX-RAMP Level 2 certified (TX-RAMP ID: TX1549412)
  • Isolated infrastructure in a dedicated AWS account deployed on AWS GovCloud in the US-West region
  • GitLab manages all operations and compliance requirements with government-specialized teams and processes
  • Access to complete DevSecOps platform capabilities while maintaining FedRAMP compliance

This offering removes the complexity of compliance infrastructure management so your teams can focus on development.

Security architecture

Your instance includes the following security controls:

  • FedRAMP Moderate compliance with continuous monitoring aligned to federal requirements
  • Data sovereignty guaranteed through AWS GovCloud infrastructure in the US-West region
  • Isolated infrastructure in a dedicated AWS account separate from all other tenants
  • Encryption standards that meet FIPS requirements for data at rest and in transit
  • Access controls that follow principle of least privilege with comprehensive audit trails

Data residency and infrastructure isolation

To meet US data residency requirements, your instance is deployed on AWS GovCloud in the US-West region.

All customer data, including repositories, databases, artifacts, and backups, remains within the AWS GovCloud boundary. Your environment includes all infrastructure necessary to host the GitLab application with complete isolation from GitLab.com.

Data is encrypted at rest and in transit using FIPS-compliant encryption standards.

Access controls

Your environment is protected through multiple layers of security controls:

  • Engineers do not have direct access to your tenant environment and operate with the minimum permissions required for their role.
  • Infrastructure is monitored 24 hours a day, 7 days a week for security threats and anomalies.
  • All access and changes are logged and reviewed by the GitLab Security Incident Response Team.
  • Access requests follow formal security policies and approval workflows aligned with government compliance requirements.

Available features

GitLab Dedicated for Government provides the complete GitLab Ultimate feature set with the exception of unavailable features.

These features are designed to work within FedRAMP compliance and government security frameworks.

Availability and scalability

Your instance leverages modified versions of the cloud native hybrid reference architectures with high availability enabled.

When onboarding, GitLab matches you to the closest reference architecture size based on your number of users.

[!note] The published reference architectures serve as a foundation. GitLab Dedicated for Government extends these with additional AWS services for enhanced security and compliance, which means costs differ from standard reference architecture estimates.

Disaster recovery

GitLab backs up all your datastores, including databases and Git repositories. These backups are tested and stored securely in a separate cloud region by default for added redundancy.

Authentication and authorization

You can configure single sign-on (SSO) using:

Your instance acts as the service provider, and you provide the necessary configuration for GitLab to communicate with your Identity Provider (IdP).

You can configure multiple identity providers for your instance.

Email delivery

Email is sent using Amazon Simple Email Service (Amazon SES). The connection to Amazon SES is encrypted.

To send application email using an SMTP server instead of Amazon SES, you can configure your own email service.

Advanced search capabilities are included. You can search across your entire GitLab instance including code, work items, merge requests, and more.

Unavailable features

To maintain FedRAMP certification and meet government security requirements, some GitLab features are not available in GitLab Dedicated for Government.

Authentication, security, and networking

FeatureAlternative
LDAP or Kerberos authenticationUse SAML or OIDC with your identity provider
FortiAuthenticator or FortiToken 2FAUse identity provider MFA

Communication and collaboration

FeatureAlternative
Reply-by emailUse web interface
Service DeskUse issue tracking
MattermostUse external chat tools

Development and AI features

FeatureAlternative
Some GitLab Duo AI capabilitiesSee supported AI features
Server-side Git hooksUse push rules or webhooks
Features configured outside of the GitLab user interfaceContact support

Application features

GitLab Pages is not available when a custom domain is configured. When you configure a custom domain, the original tenant_name.gitlab-dedicated.com domain is no longer available, which prevents GitLab Pages from functioning.

Operational features

The following operational features are not available:

  • Geo
  • Self-serve purchasing and configuration
  • Support for deploying to non-AWS cloud providers, such as GCP or Azure
  • Pre-production environments

Feature flags

Feature flags control which features are available in your instance:

  • Only features with flags enabled by default are available
  • Features with flags disabled by default are not available
  • You cannot modify feature flags

Service operations

GitLab manages all maintenance, monitoring, and support for your instance using government-specific operational processes. These processes prioritize compliance, security, and stability throughout all maintenance and support activities.

Maintenance

Your instance receives regular maintenance:

  • Monthly upgrades with the latest patch release during your preferred weekly window
  • Emergency maintenance for critical security issues

Releases and versions

Your instance runs one release behind the latest GitLab version. For example, if the latest version is 16.8, your instance runs 16.7.

This approach provides stability while you receive critical security patches through emergency maintenance. Features are rolled out after compliance and change review processes.

Service level agreement

Your instance maintains a service level agreement (SLA) of 99.9% monthly availability. GitLab uses internal service level objectives (SLOs) to support delivery of this SLA commitment.

The following targets apply:

  • Recovery point objective (RPO) target: 4 hours maximum data loss window in a disaster recovery scenario
  • Recovery time objective (RTO) target: Service restoration is prioritized by incident severity and impact

GitLab works to restore service as quickly as possible while ensuring data integrity and security.

Contact sales

Ready to get started? Contact our sales team to discuss your requirements and learn how we can support your organization's compliance and security needs.