Is Jira FedRamp compliant?

Eddie Bibisi
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 20, 2024

Website seems to say yes, but it does not call out Jira by name - just one other product.

5 answers

1 vote
Jim Knepley - ReleaseTEAM
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
June 20, 2024

I can't speak to Jira Cloud.

I believe that Jira Data Center can be configured (particularly in AWS) so that it doesn't violate FedRAMP, but there's more to it.

Jira Data Center itself doesn't cover the entire scope of FedRAMP compliance at any impact level. Much of FedRAMP is around operational procedures like account management, authentication, log monitoring, incident response, and maintenance procedures.

0 votes
Michael Sedovic
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 27, 2024

Yes and No. For an ELI5, FedRAMP is certification around Cloud applications.

Jira (Datacenter), the product, does not need to be FedRAMP compliant. If hosted on a cloud service (i.e. AWS, Azure, etc..) that service and all the processes and procedures around it need to be complaint.

Contegix, an Atlassian Partner, has FedRAMP compliant infrastructure and can host the DataCenter versions of the applications on it thus meeting compliance requirements. 

Jira (Cloud) is a Cloud based product so it needs to be FedRAMP compliant for certain organizations. 

Only Trello currently is FedRAMP compliant.

Jira should have Moderate Authorization to Operate by Q1 2025. See https://community.atlassian.com/t5/Trust-Security-articles/It-s-official-FedRAMP-Moderate-has-a-new-date-in-cloud/ba-p/2488663.

Full Disclosure, I work for Isos Federal (part of Isos Technology) which is also an Atlassian Partner like Contegix.

0 votes
Joe Pitt
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 20, 2024

I've worked on multiple government agencies projects and they all had either the server or data center version. Some of the issues @Jim Knepley - ReleaseTEAM mentions are covered in overall security and operational documents outlining how they do the functions. I don't know about the cloud service. 

0 votes
Jovin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 20, 2024

Searching FedRamp (https://marketplace.fedramp.gov/products) I can see only Trello is, if you search Atlassian it'll show you all products authorized by them. Jira is not in this list.#

You can email Atlassian's contact to find out more: fedramp@atlassian.com

0 votes
Rudy Holtkamp
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 20, 2024

Hi @Eddie Bibisi and welcome to the community,

It is not, take a look at the Atlassian pages about compliancy: https://www.atlassian.com/trust/compliance/resources

Cheers

Suggest an answer

Log in or Sign up to answer