Code Repository that's NIST 800-53 compliant

For code repositories, I've been a user of first, CVS, and then SVN for the past 6 years.  Because it's open source, my company needs to replace it with a code repository that is NIST 800-53 compliant.  Does anyone have any suggestions?  I know anything from Microsoft meets NIST standards but I'm not a fan of using Microsoft for everything.


Molly FaganApplications Team SupervisorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You might check Perforce ( or Mercurial (  Neither website mentions NIST compliance, however.
Molly FaganApplications Team SupervisorAuthor Commented:
Thanks for the response.  Mecurial isn't considered NIST compliant because of it being open source.  In doing research, I hadn't stumbled across Perforce--do you use it?
I have used Perforce, but only a little.  One of my clients used it for their SCM. It appeared to be a good quality package. I've talked with Perforce reps at trade shows and they seem knowledgeable.  It does use a different terminology than I am used to, so there was a bit of a learning curve.

I'm not familiar with NIST 800-53 (and Wikipedia is not very enlightening).  I would be disappointed to hear that open source programs are, by definition, not compliant.  Proprietary does not equate to better quality or more secure.  

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Molly FaganApplications Team SupervisorAuthor Commented:
My company is still learning all of the NIST rules.  I probably should have worded my question differently and asked what federal contractors are using.

I'm disappointed that open source programs aren't compliant either but from what I understand, it's because of going through the code review per NIST, etc.  I'm not 100% that's the reason but that's what I've been able to gather.  I love using Subversion, would prefer to move to GIT, but those aren't options.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.