
FedRAMP Moderate authorization makes Atlassian Government Cloud a compliant home for U.S. government work classified as Controlled Unclassified Information (CUI), covering Jira, Jira Service Management, and Confluence in a separate, government-only environment for civilian agencies and defense-adjacent contractors. It does not yet cover workloads that require FedRAMP High or DoD Impact Level 5, which remain on Atlassian’s roadmap but aren’t available today. Agencies whose data requires only Moderate can migrate now; those that need High or IL5 should plan and stage their move ahead of Atlassian Data Center’s end of life on March 28, 2029.
FedRAMP Moderate authorization made Atlassian’s cloud a compliant home for a large share of government work. Whether it covers yours comes down to what your data requires. That’s the question the headline never answered, and it’s the one that decides whether you migrate now, migrate in part, or wait.
What FedRAMP Moderate actually authorizes
FedRAMP Moderate is the authorization level for Controlled Unclassified Information, or CUI. That covers a wide range of government work: civilian agency programs, and the defense-adjacent contractor work that handles sensitive but unclassified data. If your workload lives in that range, Atlassian Government Cloud is now a compliant home for it.
Before March 2025, running Jira, Jira Service Management, or Confluence in Atlassian’s cloud wasn’t an option for these teams. They stayed on self-managed Data Center because they had to. Now they have a managed, authorized alternative.
What’s inside the government environment
Atlassian Government Cloud isn’t commercial cloud with a government label on it. It’s a separate environment, built to keep government data inside a hard boundary:
- A cross-partition gateway that isolates the government environment from Atlassian’s commercial cloud.
- A dedicated government login, separate from standard Atlassian accounts.
- Network firewalls that block data from leaving unless it’s been explicitly approved.
- AWS hosting in FedRAMP-authorized regions, primarily us-east-1, with us-west-2 for resilience.
At launch, it covered the core three products: Jira, Jira Service Management, and Confluence. It has continued to evolve to meet the needs of customers who require more secured systems. Atlassian has added Assets and Analytics and brought more than 60 Marketplace apps into the environment, with more arriving through 2026: data classification, threat detection, backup and restore, and sandboxes, as the platform moves toward parity with commercial cloud.
What it doesn’t cover yet
FedRAMP Moderate is not FedRAMP High, and it’s not DoD Impact Level 5. If your mission handles workloads that require High or IL5, such as Department of Defense data or law enforcement data, Atlassian Government Cloud can’t carry them today. Both remain on Atlassian’s roadmap. Atlassian has said publicly it is targeting FedRAMP High before Data Center reaches end of life; IL5 has no public date.
A few capabilities also aren’t in the government environment yet. Atlassian Intelligence and Rovo, the mobile apps, and some external-facing Jira Service Management features like customer portals and virtual agents all live in commercial cloud and haven’t crossed into the government boundary yet. For most internal government workflows, none of that is a blocker. For a public-facing service desk, it might be. We recommend checking your requirements before committing to the move.
So which group are you in?
If your requirement is FedRAMP Moderate, you can move now. The authorization is real, the environment is production-ready.
If your requirement is High or IL5, you can’t move the sensitive workloads yet. But you can get everything else ready. Map your environment, separate what can migrate now from what has to wait, and stage the rest so you’re ready the day the authorization lands.
Either way, there’s a deadline underneath the decision. Atlassian Data Center reaches end of life on March 28, 2029.
We start with your reality, not the roadmap
Most agencies don’t need more cloud marketing. They need someone to tell them, specifically, what they can move, what they can’t move yet, and what the path looks like for their environment. That’s where Oxalis starts. As an Atlassian Platinum Solutions Partner specialized in Cloud Migrations, and Atlassian’s 2026 Partner of the Year for Services Delivery in the Americas, Oxalis runs secure, FedRAMP-aware migrations for public sector teams who can’t afford to get compliance wrong.
There’s one more layer of proof worth naming, especially for defense-adjacent contractors. Oxalis holds CMMC Level 2 certification, assessed independently by an accredited third-party assessor (a C3PAO). That certification validates how Oxalis itself protects Controlled Unclassified Information, measured against the 110 security controls in NIST SP 800-171.
Keep the two straight, because they do different jobs. FedRAMP Moderate authorizes the AGC platform to hold your CUI. CMMC Level 2 certifies that Oxalis, the partner moving your data into it, meets the same CUI-protection standard your defense contracts now require. For most civilian and SLED teams, that’s a trust signal. For contractors in the Defense Industrial Base, it’s the bar you’re being held to as well.
Start with an Atlassian Government Cloud Migration Readiness Assessment. Oxalis will review your environment, your compliance requirement, and the path that fits, so your next move is grounded in your reality, not a press release. Request your Migration Readiness Assessment.