GSA Instructional Letter
The purpose of this Instructional Letter (IL) is to establish the General Services Administration’s (GSA) policy on open source software development and publication and to communicate responsibilities to the organization for compliance with Office of Management and Budget’s (OMB) open source policy. Specifically, the IL includes the following:
a. A rationale for implementing open source code produced by/for the agency; and
b. The incorporation of M-16-21, OMB’s Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software requirements.
GSA is known for being forward-thinking with implementing new technologies. As part of GSA IT’s technical vision, “Be Open,” GSA has taken an open-first approach to data, Application Programming Interfaces (APIs), and source code. Specifically, GSA developed a workgroup with representation from multiple technology program offices to identify good processes for publishing open source code. Around the same time, OMB published the Federal Source Code Policy, M-16-21, which highlighted the importance of creating an agency-wide process of releasing open source code.
This IL applies to all Heads of Services and Staff Offices (HSSOs) and Regions.
This IL requires GSA organizations to account for and publish their open source code in accordance with OMB M-16-21 including:
a. Establish a new baseline of software development and acquisition that supports an open source approach as it promotes GSA IT’s vision goal of “Being Open;”
b. Maintain a posture of being “open first” and requiring justification for new custom code that will not be opened;
c. Utilize a publication process that is the responsibility of the organization releasing code. (Note: The GSA Chief Technology Office (CTO) is leading an effort with Security and Acquisition IT Offices in developing an automated code scan and release process to be published on GSA’s open source policy repository with further instructions for use.);
d. Release open source code through a public-facing software version control platform including code developed by GSA personnel and contractors;
e. Ensure contracts follow OMB’s three-step software analysis outlined in M-16-21 and include contract requirements for open source code requirements when applicable. Contracts for custom development of software must also acquire and enforce rights sufficient to enable Government-wide reuse of custom-developed code (Note: Further collaboration to occur with the GSA Chief Procurement Officer outlining procedures regarding contracts and OSS.); and
f. Include a metadata file in each project’s source code repository. The metadata file will contain information about the project that can be included in GSA’s code inventory.
GSA is responsible for the following:
b. Being “open first” for implementation of all code with custom code not being compliant requiring justification for not being so;
d. Moving to a standard Version Control System as identified by the CTO’s office allowing for future compliance via automation;
e. Publishing all new open source code, barring some exceptional request. This allows GSA to be the example agency by exceeding the policy directed 20 percent code release; and
f. Publishing the inventory JSON on www.gsa.gov/code.json.
DAVID SHIVE Chief Information Officer Office of GSA IT