Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Intro to TTS Tech Portfolio

This page is out of date

This page provides an overview of the TTS Tech Portfolio team (formally known as the “Infrastructure” team).

Our team helps other TTS teams with security, compliance, and technology best practices. As a part of TTS Classes, you will review this document and then complete this confirmation survey.


What you’ll learn

  1. How to make sure you’re not breaking the law
  2. How to secure your laptop
  3. What it means to work in the public

About TTS Tech Portfolio

Obeying the law

Rule #1 is if you don’t see us doing something already, and you can’t find express authorization to do it, please ask first as a Generic Request in the TTS Tech Portfolio General Request Form. We promise to get you an answer quickly. For example, if there is software or hardware that chapters need to accomplish their mission or don’t know how to get, hop into #infrastructure and ask.


You’ve probably heard about the Office of Personnel Management (OPM) data breach, and you probably know about the NSA. Everyone at TTS is responsible for our organization’s security and ensuring that the private data of the public is safe.

The most important part of your job is security. 18F has its own security standards around the software we develop. Be sure to secure your Macbook and be sure FileVault is turned on.

Take care when connecting applications to each other. While such connections can provide workflow conveniences, they also open us up to security violations. Often times this is an OAuth integration. Before connecting applications together, for example enabling a Slack-to-Google Docs plugin, please use the TTS Tech Portfolio General Request Form to submit a 3rd Party Integration Approval (Slack/Github) request.

The public interest

As a federal employee, you yourself have practically no right to privacy in connection with your work. Anything you say or do - in an email, a phone call, a private GitHub repo, a Slack direct message, etc - can be monitored, recorded, and turned into a Federal record. If you don’t want the government to know something, use a personal device or service. If you’re using TTS, GSA, or Gov-wide provided anything (software, tools, devices, etc), you are actively consenting to being monitored.

This is an easy place to make mistakes, but it’s also another great place to introduce another rule of thumb. Rule #2 is: Either everyone in the public can participate, or no one can. You alone cannot decide why Person A has access to something but not Person B. You alone, for example, can’t decide if a friend of yours, especially a friend outside of government, can help on a project (this includes things like contributing code and reviewing a Google Doc) if that project itself is not already contributable by the public at large. There are multiple laws and regs that interact with each other around this space, but the bottom line is that a democratic government cannot make capricious decisions around who gets in.

That isn’t to say that TTS can’t solicit public input. We absolutely can. We can also limit access through a process, but we need a process that is both (1) initially open to everyone and (2) is clearly documented. This also applies to acquisitions or procurement, and the very complex laws around government finance.

This brings us to Rule #3: You cannot spend a single penny, or create the expectation for a single penny to be spent, without prior authorization. Anything involving money must trace back to approvals. You can find out all about purchase approvals on the Purchase Requests page.

TTS Tech Portfolio rules

There are some things that you might have been used to doing outside of government that you cannot do now.

You cannot use or deploy to whatever third party tool you want without asking in #infrastructure or by submitting a Google App Script Approval Form .

If you’re an engineer of any kind, the most important part of your job in the government at the moment is security. If you’re building anything, a good place to start is 18F’s security standards.

The three rules of Infrastructure are:

  1. If you don’t see us doing it already and you can’t find express authorization to do something, please ask first.
  2. Either everyone in the public can participate, or no one can.
  3. You cannot spend a single penny, or or create the expectation for a single penny to be spent, without prior approval.


I create a Chrome profile on my work laptop that is my personal account, and so far have only used it to: (1) use my Google Play Music account (2) check email one time to get my GitHub 18F invitation (3) access my LastPass account for my GitHub password. How much of my personal information has been made available to you (or anyone else who can see my account stuff) by doing this?

Consider maintaining two separate Chrome profiles (18F and Personal) and segregate sessions, extensions, data, etc that way. In general, most HTTPS connections ensure that no one in the Gov, including the network owners, has access to those packets. At GSA, that’s true, at least for TTS-issued laptops. That is not true for employees on all Gov networks. Those agencies give their employees work computers specially configured to allow intercepting and MITM of all internet activity, whether it’s HTTP or HTTPS.

Am I violating federal records law if I delete a project from my personal computer?

If that’s the canonical and only source of that information, yes. If that information is stored elsewhere (like GitHub or Google Drive), no.

What do I ask TTS Ops vs TTS Tech Portfolio?

TTS Ops focuses on what would normally be considered the “back office” financial matters, procurement, and space operations. Infrastructure focuses on our digital infrastructure and development methodologies. All operations teams work very closely together and there many areas we have joint ownership. Don’t worry about the specifics; we’re always happy to direct you in the right direction.

Ask in Slack: #infrastructure