Open Source Software

GSA Instructional Letter

11/3/2016


1. Purpose

The purpose of this Instructional Letter (IL) is to establish the General Services Administration’s (GSA) policy on open source software development and publication and to communicate responsibilities to the organization for compliance with Office of Management and Budget’s (OMB) open source policy. Specifically, the IL includes the following:

a. A rationale for implementing open source code produced by/for the agency; and

b. The incorporation of M-16-21, OMB’s Federal Source Code Policy: Achieving Efficiency, Transparency, and Innovation through Reusable and Open Source Software requirements.


2. Background

GSA is known for being forward-thinking with implementing new technologies. As part of GSA IT’s technical vision, “Be Open,” GSA has taken an open-first approach to data, Application Programming Interfaces (APIs), and source code. Specifically, GSA developed a workgroup with representation from multiple technology program offices to identify good processes for publishing open source code. Around the same time, OMB published the Federal Source Code Policy, M-16-21, which highlighted the importance of creating an agency-wide process of releasing open source code.


3. Applicability

This IL applies to all Heads of Services and Staff Offices (HSSOs) and Regions.


4. Policy

This IL requires GSA organizations to account for and publish their open source code in accordance with OMB M-16-21 including:

a. Establish a new baseline of software development and acquisition that supports an open source approach as it promotes GSA IT’s vision goal of “Being Open;”

b. Maintain a posture of being “open first” and requiring justification for new custom code that will not be opened;

c. Utilize a publication process that is the responsibility of the organization releasing code. (Note: The GSA Chief Technology Office (CTO) is leading an effort with Security and Acquisition IT Offices in developing an automated code scan and release process to be published on GSA’s open source policy repository with further instructions for use.);

d. Release open source code through a public-facing software version control platform including code developed by GSA personnel and contractors;

e. Ensure contracts follow OMB’s three-step software analysis outlined in M-16-21 and include contract requirements for open source code requirements when applicable. Contracts for custom development of software must also acquire and enforce rights sufficient to enable Government-wide reuse of custom-developed code (Note: Further collaboration to occur with the GSA Chief Procurement Officer outlining procedures regarding contracts and OSS.); and

f. Include a metadata file in each project’s source code repository. The metadata file will contain information about the project that can be included in GSA’s code inventory.


5. Responsibilities

GSA is responsible for the following:

a. Establishing an internal policy that incorporates M-16-21 requirements by November 6, 2016 and publishing this policy on www.gsa.gov/digitalstrategy;

b. Being “open first” for implementation of all code with custom code not being compliant requiring justification for not being so;

c. Inventorying all new code developed after August 8, 2016 using a standard JavaScript Object Notation (JSON) file format with metadata criteria established by OMB;

d. Moving to a standard Version Control System as identified by the CTO’s office allowing for future compliance via automation;

e. Publishing all new open source code, barring some exceptional request. This allows GSA to be the example agency by exceeding the policy directed 20 percent code release; and

f. Publishing the inventory JSON on www.gsa.gov/code.json.


6. Signature

DAVID SHIVE
Chief Information Officer
Office of GSA IT