Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Is Jira Software (Cloud) ITAR complaint?

My company must adhere to ITAR restrictions due to the nature of our products.  This means things like source code and issue tracking data repositories just be maintained within U.S. boarders.  Obviously if we use a server-based installation of Jira with can achieve ITAR compliance.  I'm interested in hearing if there are options for setting up Jira Software (Cloud) in an ITAR-compliant manner.

Thanks.

-m

3 answers

@Petter Gonçalvesor Atlassian Team
Has there been any additional updates on Atlassian's stance on offering ITAR compliant cloud hosting?

My company is in a similar situation to Michael and Josh, we chose self-hosting over cloud solely because of ITAR restrictions.

With Server being deprecated in 2024, if there isn't an ITAR cloud compliant variant, we'll have to start the transition to another platform sooner rather than later

Same exact situation for us.

If Atlassian doesn't come up with a solution they are going to alienate their aerospace user base.

Like Alex Sharp likes this

Yes, I agree with this; if Atlassian does not provide some direction or options, any Aerospace and Defence business working within the US Defence Industrial Base will have to look at options on other platforms.

Any Technical Data within Jira and Confluence must be protected to be ITAR compliant, but also remember there is CMMC to be concerned about as well. Most business in the DIB would be looking for a solution that hosted on the FedRAMP to reduce the cost of meeting the DFARS requirements for CUI.

For reference, Atlassian does have a Jira Ticket open as a Suggestion for ITAR Compliance for Jira Cloud  [CLOUD-10916] ITAR Compliance - Create and track feature requests for Atlassian products.

0 votes

Hello @Michael Hoffman

Welcome to the Atlassian Community!

I can confirm that Jira Cloud application is not ITAR compliant, due to the fact that Atlassian has not specifically designed, modified, developed, configured, or adapted any item or technology for a military purpose.

That being said, Atlassian applications are currently not subject to the ITAR and its products and services are not subject to any ITAR licensing requirement.

If you want to specifically check what Atlassian policies are compliant or not with ITAR, you can find more information about Atlassian Security Policies on the following documentation:

Let us know if you have any questions.

The software doesn't need to be "...specifically designed, modified, developed, configured, or adapted any item or technology for a military purpose."  The cloud service software needs to be hosted in ITAR complaint GOV space.  With the announcement this morning that Atlassian will no longer have on-prem products this is a concern if Atlassian is not ITAR complaint and providing their software in ITAR GOV space.  My company requires we operate in ITAR compliance.  If Atlassian is not going to be providing cloud solutions for all their software products in ITAR compliant GOV cloud space through either AWS or Azure then it is time to begin looking for replacement products.

Like # people like this

@Josh Welch you exactly articulated thoughts that were in my mind when I read Atlassian's announcement the other day about Jira Server's obsolescence.  Our company also requires ITAR complaint solutions, which was THE primary reason for going with Jira Server over Jira Cloud.  When we researched alternatives earlier this year, one cloud-based solution that had ITAR compliant storage options was Azure Dev-Ops.  But we greatly prefer Jira as a more capable/flexible tool for our needs, so we willing took on the responsibility of hosting it internally.  Unfortunately, it looks like we too are now going to have to abandon Jira due to Atlassian's decision to not support solutions for customers that have ITAR storage requirements.  Very disappointing.

Like Eric Desjardins likes this

We also have the same problem with military projects.  It's too bad Atlassian's response indicated no understanding of the ITAR concerns or what it means.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Site Admin
TAGS
Community showcase
Published in Jira

Announcing the waitlist for Jira Work Management

Hey there Cloud Community members! We’re excited to give you the first glimpse of the new home for business teams on Jira — Jira Work Management. Jira Work Management is the next generation of J...

637 views 10 16
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you