doc/subscriptions/gitlab_dedicated_for_government/_index.md
{{< details >}}
{{< /details >}}
GitLab Dedicated for Government is a single-tenant SaaS solution designed for government agencies and organizations in regulated industries. GitLab manages all infrastructure, operations, and compliance requirements, so your teams can focus on development.
Your instance has the following capabilities:
GitLab Dedicated for Government is authorized under the following programs, so your agency can procure and deploy without additional compliance reviews:
FedRAMP Moderate : Meets federal security requirements for cloud services, with Authority to Operate (ATO).
GovRAMP (Package ID: SR25098) : Meets state and local government security requirements for cloud services.
TX-RAMP Level 2 (TX-RAMP ID: TX1549412) : Meets Texas state security requirements for cloud services.
Your instance includes the following security controls:
To meet US data residency requirements, your instance is deployed on AWS GovCloud in the US-West region. The GitLab instance runs exclusively on AWS GovCloud. Your own workloads and adjacent systems can run on any platform, including GCP or Azure, and integrate with your instance.
All customer data, including repositories, databases, artifacts, and backups, remains within the AWS GovCloud boundary. Your environment includes all infrastructure necessary to host the GitLab application with complete isolation from GitLab.com.
Data is encrypted at rest and in transit using FIPS-compliant encryption standards.
Your environment is protected through multiple layers of security controls:
GitLab Dedicated for Government provides the complete GitLab Ultimate feature set. These features are designed to work within FedRAMP and GovRAMP compliance and government security frameworks.
Your instance leverages modified versions of the cloud native hybrid reference architectures with high availability enabled.
When onboarding, GitLab matches you to the closest reference architecture size based on your number of users.
[!note] The published reference architectures serve as a foundation. GitLab Dedicated for Government extends these with additional AWS services for enhanced security and compliance, which means costs differ from standard reference architecture estimates.
GitLab backs up all your datastores, including databases and Git repositories. These backups are tested and stored securely in a separate cloud region by default for added redundancy.
You can configure single sign-on (SSO) using:
Your instance acts as the service provider, and you provide the necessary configuration for GitLab to communicate with your Identity Provider (IdP).
You can configure multiple identity providers for your instance.
Email is sent using Amazon Simple Email Service (Amazon SES). The connection to Amazon SES is encrypted.
To send application email using an SMTP server instead of Amazon SES, you can configure your own email service.
Advanced search capabilities are included. You can search across your entire GitLab instance including code, work items, merge requests, and more.
GitLab Duo AI features are authorized under FedRAMP and GovRAMP and available to federal, state, local, and education agencies with no additional compliance review. Available features include:
To maintain FedRAMP and GovRAMP certification and meet government security requirements, some GitLab features are not available in GitLab Dedicated for Government.
| Feature | Alternative |
|---|---|
| LDAP or Kerberos authentication | Use SAML or OIDC with your identity provider |
| FortiAuthenticator or FortiToken 2FA | Use identity provider MFA |
| Feature | Alternative |
|---|---|
| Reply-by email | Use web interface |
| Service Desk | Use issue tracking |
| Mattermost | Use external chat tools |
| Feature | Alternative |
|---|---|
| Some GitLab Duo AI capabilities | See supported AI features |
| Server-side Git hooks | Use push rules or webhooks |
| Features configured outside of the GitLab user interface | Contact support |
GitLab Pages is not available when a custom domain is configured.
When you configure a custom domain, the original tenant_name.gitlab-dedicated.com
domain is no longer available, which prevents GitLab Pages from functioning.
The following operational features are not available:
Feature flags control which features are available in your instance:
GitLab manages all maintenance, monitoring, and support for your instance using government-specific operational processes. These processes prioritize compliance, security, and stability throughout all maintenance and support activities.
Your instance receives maintenance during fixed weekly windows. For details, see GitLab Dedicated maintenance operations.
Your instance runs one release behind the latest GitLab version. For example, if the latest version is 16.8, your instance runs 16.7.
This approach provides stability while you receive critical security patches through emergency maintenance. Features are rolled out after compliance and change review processes.
Your instance maintains a service level agreement (SLA) of 99.9% monthly availability. GitLab uses internal service level objectives (SLOs) to support delivery of this SLA commitment.
The following targets apply:
GitLab works to restore service as quickly as possible while ensuring data integrity and security.
Ready to get started? Contact our sales team to discuss your requirements and learn how we can support your organization's compliance and security needs.