Is GitHub FIPS 140-2 compliant?

I’ve been unable to find any official documentation regarding GitHub’s FIPS compliance. I would assume given the numerous partnerships with federal agencies including the NSA, GitHub is FIPS compliant, but it would be nice to see some official documentation. Any help?

Hi @aaraney and welcome to the GitHub Support Community! At this time, GitHub Enterprise Cloud is not FIPS 140-2 certified. We include some components (such as OpenSSL) that are not FIPS 140-2 compliant.

I will note, if it would meet your compliance needs, that GitHub Enterprise Cloud is FedRAMP Tailored Authorized. Additionally, we offer GitHub AE on Azure Government Cloud with FedRAMP High authorization.

If you’re interested in discussing these offerings and your needs, I recommend reaching out to our GitHub Government team who can provide additional information on these offerings.

1 Like