-
The 18F engineering sandwich for cloud based web apps
on September 6, 2022
We often talk about 18F Engineering as a technology shop, but that's too broad. There are very few technology choices we actually make at the project level. When we build, we usually build open-source cloud-based web applications. We combine a limited set of technologies to make our applications. To explain this, we'll use the metaphor of a sandwich shop.
-
Navigating ATOs
on October 19, 2021
ATO processes work differently at different federal agencies. As a technology and design consultancy inside the United States government, 18F has worked on ATOs at many of them. We are still learning and experimenting, but there are definite patterns we have seen work well across multiple agencies.
-
Using agile and DevOps to get better results than a change control board
on March 2, 2021
Agile is a way of quickly reacting to the demands of your project and DevOps is a methodology for building infrastructure and applications that is able to adapt and change quickly. Using these methods, you can avoid many of the pitfalls of traditional waterfall practices described above.
-
Rapid implementation of policy as code
on May 12, 2020
No policy or rule stays the same forever. In response to a crisis, policy changes often come much faster, and stakes can be higher.
-
Product management at 18F, part 3 - Products and Platforms
on December 20, 2018
While our consulting work serves the needs of a particular customer, managing one of our products means we are responsible for a shared service used by many of our partners. Managing one of the products and platforms means thinking beyond any individual customer. This work requires that we constantly evaluate market needs, ensure the product matches those needs, and support the business side of product management.
-
Shared infrastructure as code
on August 15, 2018
At many government agencies, a central IT team manages DNS directly. Other teams must request changes using help desk tickets, which can have inconsistent turnaround times, and are susceptible to human error. Having DNS records as code and doing changes through pull requests brought turnaround time down from multiple days to under ten minutes.
-
Win big by going small
on March 13, 2018
Adopting this “smaller is better” mindset as a way to overhaul a large, complex legacy system can feel counterintuitive. But the notion of smallness — of distilling complex, interdependent tasks into achievable units of work — is fundamental to building modern software in both the private and public sector.
-
Getting DevOps buy-in to facilitate agile
on January 25, 2018
Agile without DevOps is a bundle of potential energy with no outlet. We’ve found that it’s easier to get agency buy-in for DevOps if automated security audits are part of that work.
-
Automated scanning for sensitive information in the development lifecycle
on September 26, 2017
Often when developing open source software, and especially software that relies on outside services, you’ll find that you have to manage sensitive information. While there are a large number of things that can be considered sensitive, open source developers often deal with sensitive items such as API tokens, passwords, and private keys that are required for the system to function. Here's how we approached keeping this information safe.
-
FICAM partners with Federalist on new federal identity playbooks
on September 5, 2017
The General Services Administration has developed digital versions of its Federal Identity, Credential and Access Management Roadmap and associated implementation guidance and put them online with the adoption of 18F’s Federalist platform.
-
Government launches login.gov to simplify access to public services
on August 22, 2017
Today, the U.S. Digital Service and 18F are excited to announce the launch of login.gov, a single sign-on solution for government websites that will enable citizens to access public services across agencies with the same username and password.
-
From launch to landing: How NASA took control of its HTTPS mission
on May 25, 2017
In 2015, the White House Office of Management and Budget released M-15-13, a "Policy to Require Secure Connections across Federal Websites and Web Services" the memo emphasizes the importance of protecting the privacy and security of the public's browsing activities on teh web. This is a guest post by [Weary Antelope]* of NASA who was instrumental in NASA's successful HTTPS and HSTS migration.
-
cloud.gov is now FedRAMP Authorized for use by federal agencies
on February 2, 2017
We’re delighted to announce that cloud.gov is now FedRAMP Authorized, which enables agencies to quickly transition their web-based services to efficient and easy-to-use cloud hosting. FedRAMP Authorized status marks completion of a comprehensive security and compliance assessment that enables federal agencies to start using cloud.gov with significantly reduced effort. cloud.gov is a government-customized hosting platform that takes care of technical infrastructure and security compliance requirements.
-
Open source collaboration across agencies to improve HTTPS deployment
on January 6, 2017
[Divine Flea]* at the Department of Homeland Security writes for 18F: To facilitate secure connections for citizens, immigrants, and other users, the Department of Homeland Security began delivering 'HTTPS Reports' directly to federal agencies. We open-sourced the tool we scan with, in collaboration with our colleagues at 18F.
-
Tracking the U.S. government's progress on moving to HTTPS
on January 4, 2017
The White House HTTPS policy generated significant HTTPS adoption in the U.S. government. HTTPS is now used for most web requests to executive branch .gov websites, and the government now outpaces the private sector on HTTPS.
-
What is static source analysis?
on October 4, 2016
Static source analysis is a way to quickly gauge the quality of source code and identify areas of high technical debt. But what IS static source analysis, and how is it useful?
-
Patterns for managing multi-tenant cloud environments
on August 10, 2016
When 18F started, deploying government services into a public cloud was still fairly uncommon. However, everything 18F has built has been deployed into Amazon Web Services (AWS), including cloud.gov. Over that time, our AWS account has grown in size and complexity and we needed a new approach to make sure it remains manageable.
-
cloud.gov is full steam ahead on its FedRAMP assessment process
on July 18, 2016
Here at 18F on the cloud.gov team, we’re working toward getting cloud.gov assessed as FedRAMP compliant, with lots of interesting progress — so here’s an update, including our FedRAMP Ready status!
-
Building a modern shared authentication platform
on May 10, 2016
18F is working iteratively with a team of technologists from across the government to build a platform for users who need to log in to government services. Every consumer-facing service the government offers will benefit from this platform, enhancing the privacy and security of online interactions for the public and for agencies.
-
What is an API?
on April 22, 2016
An API is like a grocery store, helping you get bananas without having to plant a banana tree.
-
How we share a visual style across multiple sites
on March 30, 2016
In developing a redesign for cloud.gov, we needed a technical solution to coding the visual style that would scale to multiple sites with separate codebases without requiring us to copy code. Our solution is our “shared style library”, a library of CSS, JavaScript, images, and fonts that can be distributed to multiple codebases to create a shared visual style.
-
New U.S. Digital Registry authenticates official public service accounts
on February 1, 2016
We’d like to introduce to you a new API-generating repository for official third-party sites, social media platforms, and mobile apps in the United States federal government that can help you do that and remove bureaucratic and technological barriers between users and digital public services.
-
Choose design over architecture
on November 17, 2015
Conventional wisdom often encourages engineers to start with a big architectural overview, but this kind of a grand plan usually leads to technical-debt. Instead of using an architecture-first plan, you should focus on user experience design and software design to help your project avoid technical debt.
-
Answering common questions about cloud.gov
on November 13, 2015
Four weeks ago, we announced cloud.gov, a new platform that will enable small federal teams to rapidly develop and deploy web services with best-practice, production-level security and scalability. Currently, we’re running a small pilot program to prepare to open up cloud.gov to all federal agencies. In the meantime, we’d like to lay out some more details about the project and answer some common questions.
-
Complexity is the adversary
on November 4, 2015
What if we told you that most catastrophic digital security vulnerabilities had one common denominator? One overriding contributor to root causes? Would you believe that one factor is also the biggest impediment to great design and software? That one thing? Complexity.
-
Preventing technical debt
on October 22, 2015
In the final part of our series on technical debt, we talk about ways to minimize accumulating bad or unnecessary technical debt in the first place.
-
To always be shipping, you need a shipyard
on October 9, 2015
We’ve developed cloud.gov, a Platform-as-a-Service (PaaS), to tackle core infrastructure issues and enable our small development teams to improve the delivery of 18F products.
-
This is how we start a new project from scratch at 18F
on October 6, 2015
We built the first iteration of Federalist in a matter of months. Today, we’re lifting the curtain and looking at what went into building the platform, so you can get a sense of what it looks like when 18F starts a project from scratch.
-
Managing technical debt
on October 5, 2015
In the last post in this series, we talked about the potential consequences of having a lot of technical debt. Now, we’ll give you concrete steps to identify and then manage that technical debt so it doesn’t get out of hand.
-
New Federalist platform lets agencies quickly launch websites
on September 15, 2015
18F’s new Federalist platform is a suite of tools designed to make it faster for government agencies to build websites that are secure, responsive, and accessible.
-
Behind the scenes: Building a new College Scorecard with students
on September 14, 2015
How we worked with the Department of Education on new steps to help students, parents and advisers make better college choices, including a new College Scorecard, comprehensive and updated data on higher education institutions, and customized tools using this new data.
-
What is technical debt?
on September 4, 2015
In part two of our series on technical debt, we define what technical debt is and how it can negatively impact your organization or project.
-
Don’t underestimate the danger of technical debt
on August 7, 2015
Technical debt is a financial metaphor that software developers use to talk to managers about the “hidden” costs associated with a system’s architecture and codebase. Over a series of upcoming posts, we’re going to explain what technical debt is, how to manage it, and some ways to prevent accumulating it.
-
Communicart tool will streamline purchase card process
on August 6, 2015
Our hope is that our new Communicart tool will streamline the purchase card approval process so government employees can spend more time performing their essential work and less time on the paperwork required to buy a new chair.
-
An introduction to HTTPS, by 18F and DigitalGov University
on July 16, 2015
18F uses HTTPS for everything we make, and the U.S. government is in the process of transitioning to HTTPS everywhere. As part of this effort, we've recently partnered with DigitalGov University to produce a two-video series introducing the why's and how's of HTTPS.
-
67 million more Federal Election Commission records at your fingertips
on July 15, 2015
The OpenFEC API added a filings endpoint as well as itemized receipt and disbursement data. This is the first major update to the API: The records we’re adding today are the meat and potatoes of campaign finance. You can see in detail where a campaign’s money comes from and where they spend their money.
-
The U.S. government is moving to HTTPS everywhere
on June 8, 2015
Today, the White House's Office of Management and Budget (OMB) finalized an HTTPS-Only Standard for all publicly accessible federal websites and web services. This standard is designed to ensure a new, strong baseline of user privacy and security across U.S. government websites and APIs.
-
Taking the pulse of the federal government's web presence
on June 2, 2015
The U.S. federal government is launching a new project to monitor how it's doing at best practices on the web. A sort of health monitor for the U.S. government's websites, it's called Pulse, and you can find it at pulse.cio.gov.
-
Layering innovation
on May 8, 2015
At 18F, we're changing the way government thinks about software, all the way to provisioning and deployment. To do that, we implemented an open source platform as a service for our developers. Here’s a look at how we created it.
-
The dat team talks data Streams
on April 23, 2015
Max Ogden and Mathias Buus Madsen are visiting 18F today to talk about dat, an open source project for versioning and sharing datasets. This new piece of software is part of their effort to build “automated, reproducible data pipelines that sync.
-
ACT-IAC event on DevOps in the government
on April 20, 2015
Themed 'Achieve Agile Nirvana Through DevOps,' the education and training event will be held from 8:00 a.m. to 11:00 a.m. on Friday, May 1 at the General Services Administration, 1800 F Street NW, in Washington, D.C.
-
One year in and looking forward
on March 20, 2015
One year ago we said, 'Hello, World' and launched not only a new team, but also the promise of a new way of working with and for the Federal Government. Here's what we've accomplished so far.
-
For public comment: the HTTPS-only standard
on March 17, 2015
Today, the White House's Office of Management and Budget is releasing a draft proposal for public comment: The HTTPS-Only Standard, at https.cio.gov. This proposal would require all new and existing publicly accessible federal websites and web services to enforce a secure, private connection with HTTPS Feedback and suggestions during this public comment period are encouraged, and can be provided on GitHub or by email.
-
The first .gov domains hardcoded into your browser as all-HTTPS
on February 9, 2015
Every .gov website, no matter how small, should give its visitors a secure, private connection. Ordinary HTTP (http://) connections are neither secure nor private, and can be easily intercepted and impersonated. In today's web browsers, the best and easiest way to fix that is to use HTTPS (https://).
-
Going to .Gov college
on December 15, 2014
Last week, a number of teammates coordinated to put on three DigitalGov University courses that covered a range of topics, from culture change and open source to the latest in API trends.
-
Why we use HTTPS for every .gov we make
on November 13, 2014
18F uses HTTPS in every .gov website we make, so that our users have a fast, secure, private connection.
-
The encasement strategy: on legacy systems and the importance of APIs
on September 8, 2014
In 1986 a nuclear reactor known as Chernobyl released harmful radioactivity which spread over much of the western USSR and Europe. The core of this reactor remains a glowing, ineradicable mass of deadly radioactive lava in the middle of a large Exclusion Zone unfit for human habitation.
-
Take a gander at our /Developer page
on July 23, 2014
A growing trend both inside government and outside is to have a simple welcoming page for outside developers who may be interested in your team’s efforts. This material is often located at website.gov/developer and points visitors to technical material that developers may be interested in, especially APIs. Collecting technical documentation in one place facilitates the developer experience, ensuring that they can find and begin using APIs with as little friction as possible.
-
Midas: a marketplace for innovation in government
on July 16, 2014
Midas is an online platform that brings to life the vision of an Innovation Toolkit for government. It's a marketplace of skill building opportunities which matches people to projects that they're passionate about. You can think of it as “Kickstarter for people's time.”
-
Hot off the press: 18F's API standards
on July 15, 2014
We recently released the first version of our API Standards — a set of recommendations and guidelines for API production. It is our intention that every 18F API meet these standards, to help us ensure a baseline quality and consistency across all APIs we offer now and in the future.
-
Intro to APIs: Working with URLs, JSON, APIs, and Open Data — without writing any code
on June 25, 2014
June 27, 2014, from 9:30 a.m. to 11:30 a.m. Register now. GSA’s digital teams are offering a user-friendly intro course to APIs. Regardless of your skill level, you will walk away from this lesson understanding what APIs are and how developers use them.
-
Announcing the /Developer Program: a new hub for federal API creators
on May 29, 2014
We recently launched our /Developer Program (pronounced "slash developer") to help federal agencies develop useful, robust APIs. The Program is a collection of educational resources, opportunities to engage the community for help and feedback, and tools that can help you build APIs — essentially an ever-growing knowledge base curated by 18F.
-
Packaging up API usability testing for agency reuse
on May 19, 2014
Over the past year, a GSA collaboration has seen a project that offers API usability testing to federal agencies go from the pilot stage to a regular, robust series. Already, 13 agencies and programs have participated, and several more participate with every monthly session that passes. The best examples from across the government have made clear that one of the most important tasks of API producers is to regularly engage their developer community and listen to what they have to say. But just encouraging agencies to do this only goes so far.
-
Slides from the inaugural 18F Demo Day
on May 16, 2014
The presentations given at the inaugural 18F Demo Day on May 9, 2014 are online and available at Speaker Deck. If you would like more information on any topic, please feel free to contact the individual speaker.
-
With FBOpen API, 18F shows what's possible in government
on May 11, 2014
There has been some great coverage of the new group of tech specialists out of the GSA, dubbed 18F.
-
Make government APIs better with user experience
on May 10, 2014
An API is a product just like a car, a website or a ballpoint pen. It’s designed to help someone do something. Products are either designed well—they meet expectations and deliver value—or they are designed poorly and create frustration and confusion. Inevitably, bad products are abandoned without a thought, like an old T-shirt with holes in it.
-
How a pepperoni pizza inspires open government
on April 12, 2014
Easy access to detailed tracking of processes has become more and more popular. Whether using Amazon.com, UPS, Uber or United Airlines, people expect instant feedback. They want to immediately see the status of a process upon which they depend.
-
Open source and terms of service = a better developer experience
on April 11, 2014
One of the important changes occurring across the federal government is the role of open source for non-code projects - using an open, iterative model of collaboration inherited from the coding community for all kinds of new purposes. Want to see a great example of this in action? In recent years, as more and more agencies offer public APIs, some have included a developer terms of service (TOS).
-
Announcing FBOpen: Government opportunities made easier
on March 31, 2014
Today we're announcing our first product launch: FBOpen, a set of open-source tools to help small businesses search for opportunities to work with the U.S. government.
Back to
18F Blog