My company must adhere to ITAR restrictions due to the nature of our products. This means things like source code and issue tracking data repositories just be maintained within U.S. boarders. Obviously if we use a server-based installation of Jira with can achieve ITAR compliance. I'm interested in hearing if there are options for setting up Jira Software (Cloud) in an ITAR-compliant manner.
@Petter Gonçalvesor Atlassian Team
Has there been any additional updates on Atlassian's stance on offering ITAR compliant cloud hosting?
My company is in a similar situation to Michael and Josh, we chose self-hosting over cloud solely because of ITAR restrictions.
With Server being deprecated in 2024, if there isn't an ITAR cloud compliant variant, we'll have to start the transition to another platform sooner rather than later
Yes, I agree with this; if Atlassian does not provide some direction or options, any Aerospace and Defence business working within the US Defence Industrial Base will have to look at options on other platforms.
Any Technical Data within Jira and Confluence must be protected to be ITAR compliant, but also remember there is CMMC to be concerned about as well. Most business in the DIB would be looking for a solution that hosted on the FedRAMP to reduce the cost of meeting the DFARS requirements for CUI.
For reference, Atlassian does have a Jira Ticket open as a Suggestion for ITAR Compliance for Jira Cloud [CLOUD-10916] ITAR Compliance - Create and track feature requests for Atlassian products.
Hello @Michael Hoffman
Welcome to the Atlassian Community!
I can confirm that Jira Cloud application is not ITAR compliant, due to the fact that Atlassian has not specifically designed, modified, developed, configured, or adapted any item or technology for a military purpose.
That being said, Atlassian applications are currently not subject to the ITAR and its products and services are not subject to any ITAR licensing requirement.
If you want to specifically check what Atlassian policies are compliant or not with ITAR, you can find more information about Atlassian Security Policies on the following documentation:
Let us know if you have any questions.
The software doesn't need to be "...specifically designed, modified, developed, configured, or adapted any item or technology for a military purpose." The cloud service software needs to be hosted in ITAR complaint GOV space. With the announcement this morning that Atlassian will no longer have on-prem products this is a concern if Atlassian is not ITAR complaint and providing their software in ITAR GOV space. My company requires we operate in ITAR compliance. If Atlassian is not going to be providing cloud solutions for all their software products in ITAR compliant GOV cloud space through either AWS or Azure then it is time to begin looking for replacement products.
@Josh Welch you exactly articulated thoughts that were in my mind when I read Atlassian's announcement the other day about Jira Server's obsolescence. Our company also requires ITAR complaint solutions, which was THE primary reason for going with Jira Server over Jira Cloud. When we researched alternatives earlier this year, one cloud-based solution that had ITAR compliant storage options was Azure Dev-Ops. But we greatly prefer Jira as a more capable/flexible tool for our needs, so we willing took on the responsibility of hosting it internally. Unfortunately, it looks like we too are now going to have to abandon Jira due to Atlassian's decision to not support solutions for customers that have ITAR storage requirements. Very disappointing.
Hey there Cloud Community members! We’re excited to give you the first glimpse of the new home for business teams on Jira — Jira Work Management. Jira Work Management is the next generation of J...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event