#slack usage on fouo tasks
588 views
Skip to first unread message
Brandon Whalen
Dec 14, 2016, 7:54:33 PM12/14/16
to mil...@googlegroups.com
Does anyone know anyone that is using slack inside of the government
or by contractor teams that do work for the government? I'm guessing
that it's not allowed because of the export controls that impact most
cloud services but maybe I'm wrong and somehow slack is only hosted in
the US and okay?
Thanks,
Brandon
or by contractor teams that do work for the government? I'm guessing
that it's not allowed because of the export controls that impact most
cloud services but maybe I'm wrong and somehow slack is only hosted in
the US and okay?
Thanks,
Brandon
Message has been deleted
Kit Plummer
Dec 14, 2016, 10:03:27 PM12/14/16
to mil-oss@googlegroups.com Software
I know of at least one govie-run RocketChat server in the public and a couple on the inside.
RocketChat is a turd - at least on the client side. Don't know why peeps just didn't stick with XMPP. :D
On Wed, Dec 14, 2016 at 5:13 PM, Andrzejewski, Brian C <brian.c.an...@uscis.dhs.gov> wrote:
Cannot post to the google listserv (becomes "Public speaking...") - nor can this info be public.
https://apps.gov/products/Slack/
It is *not* approved per its ToS for Federal CUI/FOUO data handling - they will also not offer any 800-53 control list.
https://slack.com/terms-of-service/supplement
The litmus test is if they received a FOIA request - and if they will respect the export restriction. They currently fail both.
We do have a risk exception on file for official gov business, but no FOUO, CUI, nor PII can enter. They lack a FedRAMP ATO and FedRAMP Authorization to leverage as a SaaS.
Your gov customer *can* do a risk waiver for gov use, but again, if they cannot respond to a FOIA or maintain export control restrictions.
---
Brian Andrzejewski
Security Engineer, Cyber Defense Branch
Information Security Division (ISD)
USCIS/Office of Information Technology (OIT)
brian.c.andrzejewski@uscis.dhs.gov
202-600-0935(m)
--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com To unsubscribe from this group, send email to mil-oss+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ben Francis
Dec 14, 2016, 10:18:53 PM12/14/16
to mil...@googlegroups.com
I really liked Mattermost before we switched to Slack at my $dayjob. I couldn't tell why we switched, because I saw no difference in functionality. Mattermost solves the cloud problem, too. Just spin up a VM or container in your own environment, and Bob's your uncle.
Ben
On Dec 14, 2016 10:03 PM, "Kit Plummer" <kitpl...@gmail.com> wrote:
I know of at least one govie-run RocketChat server in the public and a couple on the inside.RocketChat is a turd - at least on the client side. Don't know why peeps just didn't stick with XMPP. :D
On Wed, Dec 14, 2016 at 5:13 PM, Andrzejewski, Brian C <brian.c.andrzejewski@uscis.dhs.gov> wrote:
Cannot post to the google listserv (becomes "Public speaking...") - nor can this info be public.
https://apps.gov/products/Slack/
It is *not* approved per its ToS for Federal CUI/FOUO data handling - they will also not offer any 800-53 control list.
https://slack.com/terms-of-service/supplement
The litmus test is if they received a FOIA request - and if they will respect the export restriction. They currently fail both.
We do have a risk exception on file for official gov business, but no FOUO, CUI, nor PII can enter. They lack a FedRAMP ATO and FedRAMP Authorization to leverage as a SaaS.
Your gov customer *can* do a risk waiver for gov use, but again, if they cannot respond to a FOIA or maintain export control restrictions.
---
Brian Andrzejewski
Security Engineer, Cyber Defense Branch
Information Security Division (ISD)
USCIS/Office of Information Technology (OIT)
Trevor Vaughan
Dec 16, 2016, 10:30:39 AM12/16/16
to mil...@googlegroups.com
+1 to XMPP
I need emojis I guess :-|
On Wed, Dec 14, 2016 at 10:03 PM, Kit Plummer <kitpl...@gmail.com> wrote:
I know of at least one govie-run RocketChat server in the public and a couple on the inside.RocketChat is a turd - at least on the client side. Don't know why peeps just didn't stick with XMPP. :D
On Wed, Dec 14, 2016 at 5:13 PM, Andrzejewski, Brian C <brian.c.andrzejewski@uscis.dhs.gov> wrote:
Cannot post to the google listserv (becomes "Public speaking...") - nor can this info be public.
https://apps.gov/products/Slack/
It is *not* approved per its ToS for Federal CUI/FOUO data handling - they will also not offer any 800-53 control list.
https://slack.com/terms-of-service/supplement
The litmus test is if they received a FOIA request - and if they will respect the export restriction. They currently fail both.
We do have a risk exception on file for official gov business, but no FOUO, CUI, nor PII can enter. They lack a FedRAMP ATO and FedRAMP Authorization to leverage as a SaaS.
Your gov customer *can* do a risk waiver for gov use, but again, if they cannot respond to a FOIA or maintain export control restrictions.
---
Brian Andrzejewski
Security Engineer, Cyber Defense Branch
Information Security Division (ISD)
USCIS/Office of Information Technology (OIT)
Trevor Vaughan
Vice President, Onyx Point, Inc
Vice President, Onyx Point, Inc
-- This account not approved for unencrypted proprietary information --
Gray B.
Dec 16, 2016, 6:59:56 PM12/16/16
to Military Open Source Software
GSA is formally using Slack and we straight up love it. My division - the Technology Transformation Service - has a #friends channel available to other feds (ping me off thread with your .gov or .mil address if interested), as well as a number of public channels (#devops or #opensource-public might be the most of interest, signup here). We'd love to have any of you join us there for collaboration regardless, but if you'd like to learn more about GSA's IT's handling of Slack, asking in one of those channels would be the best place to find out.
Gray B.
On Friday, December 16, 2016 at 10:30:39 AM UTC-5, Trevor Vaughan wrote:
+1 to XMPPI need emojis I guess :-|
On Wed, Dec 14, 2016 at 10:03 PM, Kit Plummer <kitpl...@gmail.com> wrote:
I know of at least one govie-run RocketChat server in the public and a couple on the inside.RocketChat is a turd - at least on the client side. Don't know why peeps just didn't stick with XMPP. :D
To post to this group, send email to mil...@googlegroups.com To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
--
--
You received this message because you are subscribed to the "Military Open Source Software" Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
Boyd Fletcher
Dec 16, 2016, 7:19:44 PM12/16/16
to mil...@googlegroups.com
It's sad that much of dod and ic are moving to microsoft's propriety sip/simple implementation
At least apple bet the farm on xmpp.
But the rest of the world (esp militaries) are largely using xmpp
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en
www.mil-oss.org
---
You received this message because you are subscribed to the Google Groups "Military Open Source Software" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mil-oss+u...@googlegroups.com.
Brandon Whalen
Dec 17, 2016, 12:57:02 PM12/17/16
to mil...@googlegroups.com
For my use case I had a few things I really wanted
1) Group chat - We’ve got distributed teams that need to talk to each other
2) Searchable history of discussions - So you can see what happened when you left, look up that command Bob told you to run 2 months ago, etc
3) Ability to section off discussions based on topics so that people not on a project don’t see the discussion about it
4) Easy to add new users or support for ldap
5) Hosted in US
6) STIGgable
7) Apps for iOS/Android
8) Ability to add pictures/files to chats
Thanks to Ben’s suggestion since it looks like mattermost has all of those. We spun up a container to play with in a few minutes but we can easily create a locked down web server and then add the mattermost stuff to it. I also really like that the code is open source which makes auditing it easier.
One thing that I would like to have had is the ability to link to JIRA tickets but that wan’t a showstopper. We looked at using HipChat but I really didn’t like that we could only get it as a vm image and didn’t have source code access.
Brandon
> On Dec 16, 2016, at 7:19 PM, Boyd Fletcher <boyd.f...@gmail.com> wrote:
>
> It's sad that much of dod and ic are moving to microsoft's propriety sip/simple implementation
>
> At least apple bet the farm on xmpp.
>
> But the rest of the world (esp militaries) are largely using xmpp
>
>
> On Dec 16, 2016, at 10:30, Trevor Vaughan <tvau...@onyxpoint.com> wrote:
>
>> +1 to XMPP
>>
>> I need emojis I guess :-|
>>
>> On Wed, Dec 14, 2016 at 10:03 PM, Kit Plummer <kitpl...@gmail.com> wrote:
>> I know of at least one govie-run RocketChat server in the public and a couple on the inside.
>>
>> RocketChat is a turd - at least on the client side. Don't know why peeps just didn't stick with XMPP. :D
>>
>> To post to this group, send email to mil...@googlegroups.com To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
1) Group chat - We’ve got distributed teams that need to talk to each other
2) Searchable history of discussions - So you can see what happened when you left, look up that command Bob told you to run 2 months ago, etc
3) Ability to section off discussions based on topics so that people not on a project don’t see the discussion about it
4) Easy to add new users or support for ldap
5) Hosted in US
6) STIGgable
7) Apps for iOS/Android
8) Ability to add pictures/files to chats
Thanks to Ben’s suggestion since it looks like mattermost has all of those. We spun up a container to play with in a few minutes but we can easily create a locked down web server and then add the mattermost stuff to it. I also really like that the code is open source which makes auditing it easier.
One thing that I would like to have had is the ability to link to JIRA tickets but that wan’t a showstopper. We looked at using HipChat but I really didn’t like that we could only get it as a vm image and didn’t have source code access.
Brandon
> On Dec 16, 2016, at 7:19 PM, Boyd Fletcher <boyd.f...@gmail.com> wrote:
>
> It's sad that much of dod and ic are moving to microsoft's propriety sip/simple implementation
>
> At least apple bet the farm on xmpp.
>
> But the rest of the world (esp militaries) are largely using xmpp
>
>
> On Dec 16, 2016, at 10:30, Trevor Vaughan <tvau...@onyxpoint.com> wrote:
>
>> +1 to XMPP
>>
>> I need emojis I guess :-|
>>
>> On Wed, Dec 14, 2016 at 10:03 PM, Kit Plummer <kitpl...@gmail.com> wrote:
>> I know of at least one govie-run RocketChat server in the public and a couple on the inside.
>>
>> RocketChat is a turd - at least on the client side. Don't know why peeps just didn't stick with XMPP. :D
>>
Reply all
Reply to author
Forward
0 new messages