How do changes release to the Atlassian Government environment?

Products in an Atlassian Government Cloud environment receive different types of changes at a different cadence.

Changes applied when available

Small changes roll out to products as soon as they’re available. These changes may include bug fixes, performance improvements, and security updates.

These types of changes ensure that we meet existing service-level agreements (SLAs). This is a FedRAMP requirement that specifies that it's Atlassian’s responsibility to treat security patches as high priority and continuous.

Changes bundled as a group

We roll out most visible changes as a group. These changes are typically things that may cause users to adjust how they are working, without causing significant impact to the organization. Some examples include:

• moving a button

• a new task the user needs to complete

• a new setting

• a new step in a Jira workflow

Grouped changes roll out on the second Tuesday of each month, starting at 14:00 PST and 17:00 EST.

Significant changes

FedRAMP requires that a Third-Party Assessment Organization (3PAO) reviews changes that may impact the security posture of the environment. If a change is identified as significant, the 3PAO reviews the change before we roll it out to the Atlassian Government environment.

3PAO reviews for significant changes happen quarterly. These changes roll out after they are approved.

The types of changes that are considered significant are those that affect our compliance & security posture. Examples of significant changes include:

• new features that we consider major

• new security controls

• the removal of a security controls

• new or major database upgrades

• a new or updated boundary protection mechanism