Secure configuration guide for Atlassian Government Cloud

As a FedRAMP service provider, we’re required to publicly provide a set of secure configurations. This page outlines the configurations and where to find the required documentation for each.

Recommended secure configuration

SCG ID: SCG-CSO-RSC

Providers MUST create, maintain, and make available recommendations for securely configuring their cloud services (the Secure Configuration Guide) that includes at least the following information:

Required: Instructions on how to securely access, configure, operate, and decommission top-level administrative accounts that control enterprise access to the entire cloud service offering.

Required: Explanations of security-related settings that can be operated only by top-level administrative accounts and their security implications.

Recommended: Explanations of security-related settings that can be operated only by privileged accounts and their security implications.

The required guidance:

Access - Get access to the Atlassian Government environment
Configure - Give users admin permissions
Operate
- Auth policy
  - Authentication policy settings for your organizations
  - Edit authentication settings and members
- Logging - What activities does the audit log include?
Decommission - Remove admin role from a user

Use instructions in authorization package

SCG ID: SCG-CSO-AUP

Providers MUST include instructions in the FedRAMP authorization package that explain how to obtain and use the Secure Configuration Guide.

The required instructions: to get access to Atlassian’s Authorization package, send a request to info@fedramp.gov.

Publish guidance availability

SCG ID: SCG-CSO-PUB

Providers SHOULD make the Secure Configuration Guide available publicly.

This guide publicly is available under Get started with Atlassian Government Cloud.

Secure defaults

SCG ID: SCG-CSO-SDF

Providers SHOULD set all settings to their recommended secure defaults for top-level administrative accounts and privileged accounts when initially provisioned.

The required guidance: What are the different types of admin roles?

API capability

SCG ID: SCG-ENH-API

Providers SHOULD offer the capability to view and adjust security settings via an API or similar capability.

The required guidance:

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Still need help?

The Atlassian Community is here for you.

Ask the Community