Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

We’ve achieved “In Process” status on the FedRAMP Marketplace!

July 16, 2024

Hi all,

I’m incredibly proud to share that Atlassian is now "In process" to become FedRAMP Moderate authorized on the FedRAMP Marketplace. This milestone signifies a big step as we get closer to achieving our FedRAMP Moderate Authority to Operate (ATO). Our new offering, Atlassian Government Cloud, will initially include Jira, Confluence, and Jira Service Management. We anticipate completing our 3rd Party Assessment Organization (3PAO) assessment and reviews with our sponsoring agency in Q4 of CY 2024, after which, it will go to the FedRAMP Program Management Office (PMO) for review.

Our sponsor in this process is the US General Services Administration (GSA) - a strong advocate for cloud adoption within the U.S. government - and we’re excited to be partnering with them on this journey.

I know many of you have been eagerly waiting for more information on our progress in this space, and I’m thrilled to share this update as well as details about the expansion of our investments in the public sector. In addition to FedRAMP Moderate, we are also working towards providing FedRAMP High as well as US DoD Impact Level 5 (IL5) compliance in order to meet the needs of the Department of Defense. These developments reflect Atlassian’s commitment to cloud security and addressing the specific requirements of the public sector.

We’re excited to be able to share Atlassian Government Cloud with government teams and organizations that support them soon, so you can leverage innovative cloud capabilities like automation and analytics for improved productivity and data-driven decisions. Over 80% of surveyed customers who migrated to Atlassian Cloud said they realized benefits from cloud-only capabilities like these within 6 months. FedRAMP Moderate authorization will also give you the assurance you need to confidently adopt Atlassian Government Cloud while safeguarding your mission-critical data and sensitive information.

Visit our website to sign up for updates as we approach ATO and follow along on our roadmap!

Comment
Watch
Like # people like this
14211 views

14 comments

Comment

Log in or Sign up to comment
Geoff Mether _Togetha Group_
Geoff Mether _Togetha Group_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 17, 2024

Wonderful news, congratulations!

Like
Austin Songer
Austin Songer
Contributor
July 17, 2024

I feel like Atlassian would be a perfect solution to submit for a JAB Authorization. Why not JAB?

 

Like
Yuri Lapin _Release Management_
Yuri Lapin _Release Management_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 17, 2024

Thanks @Joe Elgabalawi ! Great news, we are all looking forward to it.  Can you share any initial ideas what this mean for Atlassian Marketplace Apps - what will be the process for Marketplace Apps vendors to get to Atlassian Government Cloud? Because the full power of platform and offering could only be achieved together with Marketplace & Solutions Partners.

Like
James Lester
James Lester July 17, 2024

Amazing news! Couple of quick questions:

  1. Will there be a path to migrate our organization from commercial to government? 
  2. Will government maintain feature parity with commercial?

Thank you and congratulations!

Like
Austin Songer
Austin Songer
Contributor
July 17, 2024

@Yuri Lapin _Release Management_ 

Only apps from the Atlassian Marketplace that operate entirely within the Atlassian moderate environment will inherit the Moderate status. Apps that require an external connection will not inherit the same authorization unless the external platform is also listed on the FedRAMP marketplace with the same impact level.

 

Because any PaaS or SaaS must have their third-party apps documented and given the okay by the FedRAMP PMO, so the marketplace for the Government Cloud will be small compared the commercial product.

 

Like Brian Hill likes this
Sam Nadarajan
Sam Nadarajan
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 17, 2024

This is amazing! I know it has been quite the journey to get here, but kudos to the teams involved for not giving up and plowing forward :)

Like
Craig Castle-Mead
Craig Castle-Mead
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 18, 2024

Hey @Joe Elgabalawi 

Congrats on the big step, but wanted to check if the same types of "In-scope product data" caveats apply as listed on https://support.atlassian.com/security-and-access-policies/docs/understand-data-residency/ - while Marketplace was touched on in a comment by @Austin Songer which is good to know, other major concerns are around:

  • PII - when Atlassian Access is not listed. And if there's going to be a FedRamp specific Access product to ensure residency of PII, how does that work when orgs will have significant overlap between domains/users/etc in FedRamp and non-FedRamp Access orgs
  • Analytics and the like

Also, where does Bitbucket sit on the roadmap for FedRamp support? We're hamstrung on a number of fronts moving environments to Cloud through Bitbucket (DC) usage, as there's no data residency, and a hybrid model is far from a compelling solution due to the shared authorisation options.

CCM

Like Brian Hill likes this
Austin Songer
Austin Songer
Contributor
July 19, 2024

CSP will list "authorized" services If you view AWS, then you will understand.

https://marketplace.fedramp.gov/products/AGENCYAMAZONEW

And managing PII within FedRAMP-authorized environments involves stringent controls to ensure data security and residency. Organizations must implement specific controls as outlined in the FedRAMP Security Control Baselines. These include:

  • Access Control (AC): Controls to ensure that only authorized individuals have access to PII​​​​​​.
  • Audit and Accountability (AU): Maintaining thorough audit logs to track access and modifications to PII​​​​.
  • Data Protection (DP): Mechanisms to protect PII at rest and in transit​​​​.

If there will be a FedRAMP-specific Access product to ensure PII residency, it would likely involve additional controls to manage and segregate data across different domains and users, both within FedRAMP and non-FedRAMP environments.

Analytics data must also comply with FedRAMP requirements. This includes ensuring that data collected, processed, and stored for analytics purposes adhere to the same stringent controls as other sensitive data. Ensuring data residency means that data must be stored within designated regions that comply with FedRAMP regulations.

SCR-20240719-jmiw.png

 

 

 

Like # people like this
Austin Songer
Austin Songer
Contributor
July 19, 2024

Looks like they are not doing Bitbucket right now. And that makes sense, completing against Github and Gitlab for source code ROI probably just didn't make sense.

 

SCR-20240719-jnjl.png

 

Like
David Hunter
David Hunter
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 3, 2024

Since we plan to migrate from DataCenter to Cloud at next year's renewal, once you have FedRAMP, how soon can we see pricing, assuming it will increase for FedRAMP users?

Like
Dawn Fama
Dawn Fama
Contributor
December 11, 2024

This is excellent news!  Perhaps this will open the door for Microsoft 365 for Jira.  Perhaps Fed agencies could implement public facing helpdesk portals for Fed apps as well as any submission requiring an approval process.  

Like
Matt Mason
Matt Mason January 3, 2025

Since 2024 Q4 has passed, when do you expect Interim Authority to Operate?

 

Like Kevin Shea likes this
Kevin Shea
Kevin Shea January 13, 2025

Hi @Joe Elgabalawi , can you share an update on the 3PAO assessment - did it complete successfully in 4Q24?

Like
James Lester
James Lester January 23, 2025

@Kevin Shea  and @Matt MasonNew article posted here: FedRAMP Update: One step closer to FedRAMP Moderat... - Atlassian Community

I knew this because I follow the trust & security group: Trust & Security - Atlassian Community

Like
Joe Elgabalawi

Joe Elgabalawi

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

6 total posts

View profile
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events