My company must adhere to ITAR restrictions due to the nature of our products. This means things like source code and issue tracking data repositories just be maintained within U.S. boarders. Obviously if we use a server-based installation of Jira with can achieve ITAR compliance. I'm interested in hearing if there are options for setting up Jira Software (Cloud) in an ITAR-compliant manner.
@Petter Gonçalvesor Atlassian Team
Has there been any additional updates on Atlassian's stance on offering ITAR compliant cloud hosting?
My company is in a similar situation to Michael and Josh, we chose self-hosting over cloud solely because of ITAR restrictions.
With Server being deprecated in 2024, if there isn't an ITAR cloud compliant variant, we'll have to start the transition to another platform sooner rather than later
Yes, I agree with this; if Atlassian does not provide some direction or options, any Aerospace and Defence business working within the US Defence Industrial Base will have to look at options on other platforms.
Any Technical Data within Jira and Confluence must be protected to be ITAR compliant, but also remember there is CMMC to be concerned about as well. Most business in the DIB would be looking for a solution that hosted on the FedRAMP to reduce the cost of meeting the DFARS requirements for CUI.
For reference, Atlassian does have a Jira Ticket open as a Suggestion for ITAR Compliance for Jira Cloud [CLOUD-10916] ITAR Compliance - Create and track feature requests for Atlassian products.
According to this:
The Atlassian replacement for the server offering - Data Center - does support self-hosting (see "Deployment options" at the bottom). It's a shame that the solution set costs so much (particularly at entry-level), and that the Atlassian staff don't seem to have a good understanding of how this works. My guess is they're going to be losing a lot of customers due to obsolescence of the popular server offering.
Good morning John, As a Platinum partner of Atlassian, we are the only partner in the ecosystem that is FedRamp certified. We can host your applications in our FedRamp Data Center which would address any ITAR concerns. Atlassian also has some discounts in place to make the transition from server to DC, more economical for the customer. Let me know if I can further help.
Hello @Michael Hoffman
Welcome to the Atlassian Community!
I can confirm that Jira Cloud application is not ITAR compliant, due to the fact that Atlassian has not specifically designed, modified, developed, configured, or adapted any item or technology for a military purpose.
That being said, Atlassian applications are currently not subject to the ITAR and its products and services are not subject to any ITAR licensing requirement.
If you want to specifically check what Atlassian policies are compliant or not with ITAR, you can find more information about Atlassian Security Policies on the following documentation:
Let us know if you have any questions.
The software doesn't need to be "...specifically designed, modified, developed, configured, or adapted any item or technology for a military purpose." The cloud service software needs to be hosted in ITAR complaint GOV space. With the announcement this morning that Atlassian will no longer have on-prem products this is a concern if Atlassian is not ITAR complaint and providing their software in ITAR GOV space. My company requires we operate in ITAR compliance. If Atlassian is not going to be providing cloud solutions for all their software products in ITAR compliant GOV cloud space through either AWS or Azure then it is time to begin looking for replacement products.
@Josh Welch you exactly articulated thoughts that were in my mind when I read Atlassian's announcement the other day about Jira Server's obsolescence. Our company also requires ITAR complaint solutions, which was THE primary reason for going with Jira Server over Jira Cloud. When we researched alternatives earlier this year, one cloud-based solution that had ITAR compliant storage options was Azure Dev-Ops. But we greatly prefer Jira as a more capable/flexible tool for our needs, so we willing took on the responsibility of hosting it internally. Unfortunately, it looks like we too are now going to have to abandon Jira due to Atlassian's decision to not support solutions for customers that have ITAR storage requirements. Very disappointing.
Hello Community! I hope you've been enjoying the 🍂Apptoberfestivities🍂 (I know I have!) The event is heating up next week with a series of virtual events that we're calling the 🍻🍂Partner App ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events