Intro to TTS Tech Portfolio
This page provides an overview of the TTS Tech Portfolio team (formally known as the “Infrastructure” team).
- TTS Tech Portfolio is not just for engineers; it fundamentally shapes how we work.
- If you’re an engineer of any kind, the most important part of your job in the government is security. Start here.
- If you’re not sure you can do something, please ask first as a Generic Request in the TTS Tech Portfolio General Request Form. We promise to get you an answer quickly.
What you’ll learn
- How to make sure you’re not breaking the law
- How to secure your laptop
- What it means to work in the public
About TTS Tech Portfolio
Obeying the law
Rule #1 is if you don’t see us doing something already, and you can’t find express authorization to do it, please ask first as a Generic Request in the TTS Tech Portfolio General Request Form. We promise to get you an answer quickly. For example, if there is software or hardware that chapters need to accomplish their mission or don’t know how to get, hop into #infrastructure and ask.
You’ve probably heard about the Office of Personnel Management (OPM) data breach, and you probably know about the NSA. Everyone at TTS is responsible for our organization’s security and ensuring that the private data of the public is safe.
Take care when connecting applications to each other. While such connections can provide workflow conveniences, they also open us up to security violations. Often times this is an OAuth integration. Before connecting applications together, for example enabling a Slack-to-Google Docs plugin, please use the TTS Tech Portfolio General Request Form to submit a 3rd Party Integration Approval (Slack/Github) request.
The public interest
As a federal employee, you yourself have practically no right to privacy in connection with your work. Anything you say or do - in an email, a phone call, a private GitHub repo, a Slack direct message, etc - can be monitored, recorded, and turned into a Federal record. If you don’t want the government to know something, use a personal device or service. If you’re using TTS, GSA, or Gov-wide provided anything (software, tools, devices, etc), you are actively consenting to being monitored.
This is an easy place to make mistakes, but it’s also another great place to introduce another rule of thumb. Rule #2 is: Either everyone in the public can participate, or no one can. You alone cannot decide why Person A has access to something but not Person B. You alone, for example, can’t decide if a friend of yours, especially a friend outside of government, can help on a project (this includes things like contributing code and reviewing a Google Doc) if that project itself is not already contributable by the public at large. There are multiple laws and regs that interact with each other around this space, but the bottom line is that a democratic government cannot make capricious decisions around who gets in.
That isn’t to say that TTS can’t solicit public input. We absolutely can. We can also limit access through a process, but we need a process that is both (1) initially open to everyone and (2) is clearly documented. This also applies to acquisitions or procurement, and the very complex laws around government finance.
This brings us to Rule #3: You cannot spend a single penny, or create the expectation for a single penny to be spent, without prior authorization. Anything involving money must trace back to approvals. You can find out all about purchase approvals on the Purchase Requests page.
TTS Tech Portfolio rules
There are some things that you might have been used to doing outside of government that you cannot do now.
If you’re an engineer of any kind, the most important part of your job in the government at the moment is security. If you’re building anything, a good place to start is 18F’s security standards.
The three rules of Infrastructure are:
- If you don’t see us doing it already and you can’t find express authorization to do something, please ask first.
- Either everyone in the public can participate, or no one can.
- You cannot spend a single penny, or or create the expectation for a single penny to be spent, without prior approval.
I create a Chrome profile on my work laptop that is my personal account, and so far have only used it to: (1) use my Google Play Music account (2) check email one time to get my GitHub 18F invitation (3) access my LastPass account for my GitHub password. How much of my personal information has been made available to you (or anyone else who can see my account stuff) by doing this?
Consider maintaining two separate Chrome profiles (18F and Personal) and segregate sessions, extensions, data, etc that way. In general, most HTTPS connections ensure that no one in the Gov, including the network owners, has access to those packets. At GSA, that’s true, at least for TTS-issued laptops. That is not true for employees on all Gov networks. Those agencies give their employees work computers specially configured to allow intercepting and MITM of all internet activity, whether it’s HTTP or HTTPS.
Am I violating federal records law if I delete a project from my personal computer?
If that’s the canonical and only source of that information, yes. If that information is stored elsewhere (like GitHub or Google Drive), no.
What do I ask TTS Ops vs TTS Tech Portfolio?
TTS Ops focuses on what would normally be considered the “back office” financial matters, procurement, and space operations. Infrastructure focuses on our digital infrastructure and development methodologies. All operations teams work very closely together and there many areas we have joint ownership. Don’t worry about the specifics; we’re always happy to direct you in the right direction.
Ask in Slack: #infrastructure