Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

More granularity on our FedRAMP Moderate timing

August 20, 2024

Hi all,

In case you missed it, we recently hit a major milestone on our journey to FedRAMP Moderate and we were listed on the FedRAMP marketplace as “In Process.“ With our FedRAMP Moderate Authority to Operate (ATO) approaching, we would like to provide more granularity on the remaining steps, dependencies, and timeline so you can plan accordingly.

As many of you may be aware, there are several steps involved in achieving ATO through the agency authorization process - many of which require close collaboration with our sponsor, GSA, our Third Party Assessment Organization (3PAO), Schellman, and the FedRAMP Program Management Office (PMO).

As of today, we have completed the deployment and testing of our FedRAMP environment and services and we have implemented all of the necessary security controls. Additionally, we have already begun working with our 3PAO on the security assessment.

To reflect the remaining milestones and dependencies, we have updated our roadmap with the following two items:

Milestone

Description

Estimated delivery date and status

FedRAMP Moderate security assessment and agency review

As is required, we will complete a full security assessment of our offering with an accredited Third Party Assessment Organization (Schellman) and share the results of that security assessment with our sponsoring agency (GSA) for review and approval. Once approved, our sponsor will issue an Agency ATO to be reviewed by the FedRAMP PMO.

With this milestone, we will have a feature-complete, customer-ready FedRAMP Moderate environment. Atlassian will have completed all the requirements to move into the PMO review phase, and it will be in the hands of the FedRAMP PMO to review our package.

Q4 2024-Q1 2025

As of today, we are on track to hit this milestone in late Q4 2024; however, we are providing a conservative range that includes early Q1 2025 to account for external dependencies that may be outside of our control.

FedRAMP Moderate Authority to Operate (ATO)

After the previous step is completed, the FedRAMP PMO then reviews the package. Once their review is complete, we will receive an “Authorized” FedRAMP Marketplace Designation.

Q2-Q3 2025

While we are targeting the end of Q2 2025 for receiving ATO, we have been notified that it may take the FedRAMP PMO up to 6 months to begin their review after receiving our submission. With that in mind, we have provided a range in case their review extends into early Q3 2025.

We will continue to work closely with our sponsor and the PMO to identify opportunities to accelerate this process.

We remain committed to meeting the needs of our public sector customers and, as you may have seen, we’ve expanded our investments in this space. In particular, we are working towards providing FedRAMP High as well as US DoD Impact Level 5 (IL5) compliance.

As always, we will continue to share updates during this process and keep you informed of any major developments. You can also sign up for news about Atlassian Government Cloud, our FedRAMP Moderate offering, on our website. Thank you for your ongoing support as we work towards this exciting achievement.

-Joe

Comment
Watch
Like # people like this
1665 views

2 comments

Comment

Log in or Sign up to comment
Morgan Watts
Morgan Watts
Contributor
August 20, 2024

Thanks for the update! 

Like
Michael Corvin
Michael Corvin
Contributor
August 21, 2024

Kudos for your progress in moving towards FedRAMP ATO!  We work in this space and I understand the challenges in meeting current and coming requirements.   Unfortunately your cloud products, specifically, Confluence, now lack some essential functionality that we've relied on in previous, self-hosted Confluence sites for over a decade (e.g., nested tables and macros).   Consequently, while we expect to continue to use cloud Confluence for some things, we are moving to other solutions for most applications.

Like
Joe Elgabalawi

Joe Elgabalawi

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

6 total posts

View profile
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events