Secure configuration guide for Atlassian Government Cloud

As a FedRAMP service provider, we’re required to publicly provide a set of secure configurations. This page outlines the configurations and where to find the required documentation for each.

Recommended secure configuration

SCG ID: SCG-CSO-RSC

Providers MUST create, maintain, and make available recommendations for securely configuring their cloud services (the Secure Configuration Guide) that includes at least the following information:

Required: Instructions on how to securely access, configure, operate, and decommission top-level administrative accounts that control enterprise access to the entire cloud service offering.

Required: Explanations of security-related settings that can be operated only by top-level administrative accounts and their security implications.

Recommended: Explanations of security-related settings that can be operated only by privileged accounts and their security implications.

The required guidance:

• Access - Get access to the Atlassian Government environment

• Configure - Give users admin permissions

• Operate

  • Auth policy

    • 組織の認証ポリシー設定

    • 認証設定とメンバーを編集します

  • Logging - What activities does the audit log include?

• Decommission - Remove admin role from a user

Use instructions in authorization package

SCG ID: SCG-CSO-AUP

Providers MUST include instructions in the FedRAMP authorization package that explain how to obtain and use the Secure Configuration Guide.

The required instructions: to get access to Atlassian’s Authorization package, send a request to info@fedramp.gov.

Publish guidance availability

SCG ID: SCG-CSO-PUB

Providers SHOULD make the Secure Configuration Guide available publicly.

This guide publicly is available under Get started with Atlassian Government Cloud.

Secure defaults

SCG ID: SCG-CSO-SDF

Providers SHOULD set all settings to their recommended secure defaults for top-level administrative accounts and privileged accounts when initially provisioned.

The required guidance: What are the different types of admin roles?

API capability

SCG ID: SCG-ENH-API

Providers SHOULD offer the capability to view and adjust security settings via an API or similar capability.

The required guidance:

• 管理 API を使用して組織を管理する

• The Control REST API REST API

• The Organizations REST API REST API