Azure DevOps Fedramp

[Mul-ti-pass]

@SaurabhSharma-MSFT This page is the Fedramp roadmap. The 4th column shows if meeting Fedramp requirements is planned for 2019. So you are already showing audit release plans. I am pretty sure @jaredtait and are interested Azure DevOps once it meets Fedramp requirements. Obviously it is not on the above roadmap for 2019, is it on the roadmap for 2020?

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: f0757109-f5b1-f77c-9e15-9497891db841
• Version Independent ID: 01f4f175-bfb0-5146-ae7d-02a62b7448b1
• Content: Azure Services in FedRAMP and DoD SRG Audit Scope
• Content Source: articles/security/compliance/azure-services-in-fedramp-auditscope.md
• Service: security
• GitHub Login: @Jain-Garima
• Microsoft Alias: gjain

[SaurabhSharma-MSFT]

@Mul-ti-pass My apologies I am not aware of the plan. @Jain-Garima Can you please help providing this detail.

[jaredtait]

Thank you @Mul-ti-pass for keeping this going. I am interested in using Azure DevOps as well as Application Insights when it reaches Fedramp requirements at any level.

[holytshirt]

I was wondering if there is an update on this issue. My company would love to use Azure DevOps but require it to be Fedramp compliant.

[borg-1of1]

Was just looking today (8 July 2022) and did not see Azure DevOps on the list. Saw GitHub AE there and numerous other Azure/Microsoft products but not DevOps. Any update on this?

[docrinehart]

Bumping the thread. Would really like to have a clear answer if Azure DevOps Services is FedRAMP authorized given that it's build on Azure, which could mean by-proxy, that it is for at least US-based instances.

[CLJ4050]

Keeping this alive. It would be great if Azure DevOps had FedRAMP ATO. It seems that there is interest in the Azure Government community, but I cannot find anything on whether Azure DevOps is authorized to operate. Any information would be great.

[Jain-Garima]

Keeping this alive. It would be great if Azure DevOps had FedRAMP ATO. It seems that there is interest in the Azure Government community, but I cannot find anything on whether Azure DevOps is authorized to operate. Any information would be great.

Azure DevOps is not authorized for FedRAMP. Will update once we have plans to get it reviewed and authorized.

[jackiekazil]

Any updates on FedRAMP status?

[ghost]

I would also like an update on if becoming FedRAMP authorized is in the Product backlog for Azure Devops

[jstuparitz]

@Jain-Garima any update for us on FedRAMP for Azure DevOps?

[austinsonger]

It is crazy that Atlassian only authorized tool is "Trello" and its crazy that Atlassian Jira isn't either. Microsoft could take more business from Atlassian if Azure DevOps was authorized.

[dennisreda]

Agree 100% here. It'd be extremely valuable if DevOps got FedRAMP certified.

[Craigc73]

+1 for ADO FedRAMP. A customer I work with would move to ADO service if it had FedRAMP accreditation. They are currently using ADO Server, but because ADO Server is not FIPS 140-2 or 140-3 compliant, they are making moves to remove it and have the 400+ projects move to another solution :(

[holytshirt]

You pretty much have to go to GitHub and GitHub actions as they are FedRAMP Tailored. We passed our audits multiple times and our company and product was FedRAMP moderate.

[dennisreda]

Speaking as a project manager, I need more than just a code repo. Azure DevOps has a Wiki for knowledge management, boards for status of tasks, long range planning tools, a test service to create/execute/track test cases and test plans. It's a pretty comprehensive all-in-one PM tool.