Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-21984

Make Bamboo FIPS 140-2 compliant

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Security
    • None
    • 0

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      At the moment, Atlassian products do not implement any FIPS 140-2 compliant cryptographic modules on self-hosted instances, which is a requirement for multiple companies to keep using our tools.

      Suggested Solution

      Implement the required cryptographic modules on Atlassian products to ensure they are FIPS 140-2 compliant.

      Workaround

      It appears to be possible to achieve that on self-hosted products at a JVM and/or OS level by bypassing the FIPS check.

      To bypass the FIPS check, please follow the instructions below:

      1. Stop Bamboo
      2. Add -Djava.security.disableSystemPropertiesFile=true to Bamboo system properties
      3. Start Bamboo

            Unassigned Unassigned
            kmiranda Karel Miranda
            Votes:
            3 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: