Is JIRA FIPS 140-2 compliant on premises?

AD January 30, 2017

Gov't regulation required FIPS 140-2 mode to be enable on the server. JIRA and Confluence are FIPS 140-2 compliant, means if installation of these tools on premises servers will not be a showstopper with FIPS 140-2 enabled on the server.

Please advise ASAP.

 

Thank you,

 

1 answer

1 vote
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 30, 2017

That's a function of the operating system and security layers, not the application.

When it comes to compliance with assorted arbitrary rule sets, see https://www.atlassian.com/trust/faq on the subject.

Matt Riley April 2, 2020

Sorry to revive a dead thread, but this is the top Google result.

 

This is not completely correct, if your app does not do encryption itself but depends on the operating system, then it is true.

However, if any code doing encryption is included in the app or is linked with a library that is not compliant, then it is incorrect.

There is no way to tell without a formal answer or inspecting all the code.

 

It would help if we had a formal answer from Atlassian.

Christopher D Holcombe Sr_ October 13, 2020

I would also like an answer to this question...

Suggest an answer

Log in or Sign up to answer