Make Bamboo FIPS 140-2 compliant

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: Security
    • None
    • 2
    • 7

      Problem Definition

      At the moment, Atlassian products do not implement any FIPS 140-2 compliant cryptographic modules on self-hosted instances, which is a requirement for multiple companies to keep using our tools.

      Suggested Solution

      Implement the required cryptographic modules on Atlassian products to ensure they are FIPS 140-2 compliant.

      Workaround

      It appears to be possible to achieve that on self-hosted products at a JVM and/or OS level by bypassing the FIPS check.

      To bypass the FIPS check, please follow the instructions below:

      1. Stop Bamboo
      2. Add -Djava.security.disableSystemPropertiesFile=true to Bamboo system properties
      3. Start Bamboo

            Assignee:
            Unassigned
            Reporter:
            Karel Miranda
            Votes:
            5 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: