LaunchDarkly Announces FedRAMP Authorization

Today, LaunchDarkly proudly introduced the first feature management solution to become FedRAMP authorized: LaunchDarkly Federal.

FedRAMP, the Federal Risk and Authorization Management Program, is a government-wide body that provides a standardized security framework for cloud products and services.

Companies like LaunchDarkly that want to deliver cloud-based software to the public sector must be authorized by the FedRAMP program management office. LaunchDarkly Federal is authorized at the "moderate" impact level with sponsorship from the Centers for Medicare and Medicaid Services (CMS).

Our FedRAMP authorization exemplifies our ongoing commitment to the public sector and strengthens our ability to effectively support U.S. government agencies, system integrators, and commercial partners of the U.S. government.

For years, LaunchDarkly has delivered enterprise-class feature management to the public sector communities, enabling government organizations and their contractors to accelerate digital transformation and mitigate risk in software delivery.

LaunchDarkly Federal’s FedRAMP Moderate authorization builds upon stringent privacy and security measures that have long been foundational to the LaunchDarkly platforms. Our security posture is part of why we’ve been trusted by a wide array of public sector organizations such as CMS and Recreation.gov.

With this FedRAMP authorization, we are able to better support the missions of government agencies with the scale, performance, and ease of use that comes from a premier, secure, cloud solution for feature management.

Any organization needing a FedRAMP-authorized feature management platform can now use LaunchDarkly Federal. It is available for general release today.

LaunchDarkly Federal

While LaunchDarkly Federal uses the same components as our commercial offering, it is a separate product and instance. But like the commercial platform, it delivers incredible scale and uptime.

LaunchDarkly Federal runs in the AWS public cloud US-East region. See our FedRAMP marketplace listing. From that marketplace listing, you can request our FedRAMP documentation package from the General Services Administration (GSA) for your internal security review processes.

While LaunchDarkly Federal is oriented to government agencies, it can also be used by those who need feature management as part of their execution on a government contract. Please contact your LaunchDarkly representative or the LaunchDarkly team at Carahsoft to learn if you qualify.

The future of feature management in the public sector

We see a huge opportunity to help U.S. government agencies drive their digital transformation initiatives through enterprise-class feature management.

With the release of LaunchDarkly Federal, and its FedRAMP authorization, we can more effectively enable the public sector to standardize fast yet low-risk releases. The results will help agencies reduce developer cognitive load, move to zero-trust architectures with more confidence, more effectively practice continuous integration and continuous delivery (CI/CD), and modernize their DevSecOps initiatives.

As the provider of the first FedRAMP-authorized feature management platform on the market, we are more than ready to support this and future administrations’ technology initiatives.

A few FAQs

How can I enable LaunchDarkly Federal in my application?

To enable LaunchDarkly’s FedRAMP-authorized instance in your application, you must make two simple changes related to SDK keys and endpoints. Our customers often abstract away the initialization of LaunchDarkly with an SDK wrapper. That initialization component (or anywhere you initialize LaunchDarkly) would need to be updated to use the new Federal environment keys.

Additionally, Federal users will need to redirect the SDK from using its built-in LaunchDarkly endpoint URLs (“.com”) to the Federal URLs (“.us”). That is done using the initialization options settings which can be found in the generated API reference for each SDK. Depending on the SDK, there will be two or three service endpoints required to be configured in the initialization options: base/polling endpoint, streaming endpoint, and an events endpoint. Note the option key value pair names may differ between SDKs as we respect each language's URI/URL naming conventions and supported services. So, it is critical to reference the documentation for each specific SDK. Some examples can be found on our Federal documentation page.

How can I keep my commercial use of LaunchDarkly in sync with my Federal projects/environments/flags?

LaunchDarkly Support and LaunchDarkly’s Account Executive team can work with you on a case-by-case basis depending on your needs and available tooling in your environment. Applications such as Terraform may help with project, environment, and flag configuration parity. Modifying features using web services sent to both LaunchDarkly instances may also help environments stay in sync. Additionally, you may also use the LaunchDarkly Relay Proxy Enterprise as a solution. If you’d like to pursue the latter approach, contact us at usgovernment@launchdarkly.com.

What if I need FedRAMP High or something else?

LaunchDarkly is fully committed to supporting the mission of our government customers, and we have existing ways to support our government customers in highly-secure environments, including ones requiring disconnected operations. Please contact us at usgovernment@launchdarkly.com for more information.

If you have high security requirements, one approach you can take is to control communication between your applications and LaunchDarkly’s commercial platform instance with our Relay Proxy Enterprise service. If you’re in a low-bandwidth environment or have disconnected operations, you can use the Relay Proxy and our commercial instance to operate in an offline mode. Yes, there are cruise ships floating around in the middle of the ocean with no connectivity using LaunchDarkly!

Can I use LaunchDarkly’s Relay Proxy Enterprise with the Federal environment?

Yes! However, our builds of the Relay Proxy don’t use Federal Information Processing Standards (FIPS) modules out of the box. You can check out how to build a custom version of Relay Proxy here. If you need FIPS-compliant modules, we suggest using goboring.

Can I swap my existing licenses for LaunchDarkly Federal licenses?

Because the commercial enterprise licenses and Federal enterprise licenses have different SKUs and pricing, we do not offer a 1-for-1 swap. However, if you would like to migrate to the Federal instance before your next renewal, our Account Executives will be happy to work with you to find a solution. At this time, existing MSA/Terms and Conditions for commercial license agreements apply to LaunchDarkly Federal and should not need to be renegotiated.

How can I migrate my account to LaunchDarkly Federal?

Contact your Account Executive at LaunchDarkly to get our assistance with account migrations. For more information on migrating your accounts, go here.