Government Cloud FedRAMP Moderate (Agency ATO) Terms

1. Overview

1.1. Atlassian Government Cloud (AGC) Products. These Terms apply to Customer’s use of Cloud Products that are hosted in the Atlassian FedRAMP environment, as described here (“AGC Products”).

1.2. Government Amendment. The Government Amendment applies to United States federal, state, and local government customers (each, a “U.S. Government Entity”).

1.3. Agency ATO. Currently, AGC Products have received an Agency Authorization to Operate (“ATO”) at the FedRAMP Moderate level from the General Services Administration. When Atlassian receives full ATO from the FedRAMP Program
Management Office at the FedRAMP Moderate level, any reference to “Agency” regarding Atlassian’s ATO will automatically delete.

2. Limited Usage

2.1. Government Use. AGC Products may only be used by (a) a U.S. Government Entity, or (b) a government contractor using AGC for the fulfillment of a U.S. government contract (federal, state, or local) (a “U.S. Government Contractor”).

2.2. Termination for Prohibited Usage. Any use of AGC Products in breach of this Section 2 (Limited Usage) will be deemed a breach of the Agreement and Atlassian may terminate Customer’s Subscription Term for such AGC Products. Atlassian may also terminate this Agreement upon notice for any breach of this Section 2 (Limited Usage). Customer will not be entitled to any refunds as a result of such termination, and any unpaid amounts for the applicable Subscription Terms and any related service periods will become due and payable immediately upon such termination.

3. Atlassian Obligations

3.1. Maintaining ATO status. During the Subscription Term for AGC Products, Atlassian will use commercially reasonable efforts to: (a) Maintain its FedRAMP Moderate Agency ATO at the current or higher authorization level; and (b) Maintain an information security program designed to provide at least the same level of protection as required by its FedRAMP Moderate Agency ATO.

3.2. Lapse or Revocation. If Atlassian’s FedRAMP Moderate Agency ATO lapses or is revoked, Atlassian will provide prompt notice to Customer of such lapse or revocation.

4. Customer Obligations

4.1. Compliance with AGC Documentation.
(a) Customer must use AGC Products, and only upload Customer Data to AGC Products, in accordance with the Documentation. “Documentation” means Atlassian’s usage guidelines and standard technical documentation for the applicable AGC Product, available at Atlassian Support, further supplemented by any documents attached to the Order. (b) If Customer uploads data to AGC Products that is prohibited by the Documentation, then Customer will be solely responsible for sanitization costs incurred by Atlassian and its agents, without application of any limitation of liability or damages caps in the Agreement.

4.2. Customer Indemnification. If Customer is a U.S. Government Contractor, Customer must (a) defend Atlassian from and against any third-party claim to the extent resulting from (i) violation of Section 4.1, or (ii) any compromise of the security of AGC Products or ATO resulting from Customer’s usage of AGC Products, and (b) indemnify and hold harmless Atlassian against any damages or costs awarded against Atlassian (including reasonable attorneys’ fees) or agreed in settlement by Customer resulting from the claim.