ENISA: European Network & Information Security Agency
The European Union Agency for Cybersecurity (ENISA) is an EU organisation dedicated to promoting a high level of cybersecurity standards across Europe. It collaborates closely with EU member states and the private sector to offer guidance and recommendations on effective cybersecurity practices. ENISA also assists in the development and implementation of EU policies and laws related to national information security.
The ENISA Cloud Computing Information Assurance Framework (IAF) is comprised of a set of criteria that organizations can use to assess the security measures provided by cloud service providers (CSPs) for their customer data. The IAF aims to evaluate the risks associated with adopting cloud services while minimizing the assurance burden on CSPs.
To comply with the IAF, Atlassian follows the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM), which aligns the domains and controls of the CCM with the IAF assurance criteria. Atlassian maintains the following assurances based on the CCM:
CSA CCM v3.0.1 provides control mapping to ENISA IAF. It is expected that the new CCM v4 will be updated to include this mapping as well.
The CSA CCM v3.0.1 facilitates the mapping of controls to the ENISA IAF. It is expected that the upcoming CCM v4 will also include this mapping.
The CSA Security, Trust, Assurance, and Risk (STAR) registry is a publicly accessible platform where CSPs can publish their CSA STAR assessments. These questions allow customers or cloud auditors to evaluate CSP compliance with CSA best practices. By making self-assessment reports publicly available, the registry enables users to gain insight into the security practices of different CSPs and make comparisons based on a common baseline.
Our ENISA Outsourcing guidance white paper offers specific mappings to each requirement and how Atlassian Cloud Enterprise assists you in meeting your obligations, including Atlassian’s compliance offerings, the right to issue instructions, data security, termination, and chain outsourcing. To learn more about our commitment to safeguard customer data, visit our Security Practices page.
For more information, contact us.
Relevant products
Project and issue tracking
Jira
enterprise agile planning
Jira Align
high-velocity itsm
Jira Service Management
document collaboration
Confluence Cloud
Git code management
Bitbucket Cloud
VISUAL COLLABORATION
Trello
Our team is here to help
Have more questions about our compliance program?
Do you have cloud certifications? Can you complete my security & risk questionnaire? Where can I download more information?
Trust & security community
Join the Trust & Security group on the Atlassian Community to hear directly from our Security team and share information, tips, and best practices for using Atlassian products in a secure and reliable way.
Atlassian support
Reach out to one of our highly-trained support engineers to get answers to your questions.