Default security settings in Jira Service Management
This page gathers links to documentation describing default system settings for Jira Service Management as a response to the Secure Software Development Framework (SSDF) requirements.
We provide pre-configured solutions with the most secure settings as default. Our mission is to unleash the potential of every team, prioritizing security every step of the way. Jira Service Management comes with a set of default settings that provide administrators with the assurance that the product is secured immediately after installation, without requiring any additional steps.
All our Data Center products offer exceptional flexibility in terms of configuration. Many settings can be adjusted during the installation or pre-configuration process. In our commitment to strengthen security measures, we've implemented a range of default settings to mitigate the most common threats and vulnerabilities, thus reducing the risk of unintentionally exposing critical systems due to misconfiguration.
The following settings list with corresponding documentation will assist you in elevating the security level of your Jira Service Management instances. Some of the documents below contain child pages. Refer to them as well to enhance the security of your instance.
1. Deployment
This documentation covers the process of deployment and includes: supported platforms, requirements, end-of-life policies, network setup, security protocols, infrastructure configurations, and the installation and configuration of software components such as Java, Tomcat, and databases.
- Supported platforms
- End of support announcements
- Important directories and files
- Bundled Tomcat and Java versions
- Setting properties and options on startup
- Running Jira applications over SSL or HTTPS
- Integrating Jira with Apache
- Securing Jira applications with Apache HTTP Server
2. Setup
This documentation focuses on configuring Jira Service Management after deployment. It includes guides on setting up environments, configuring connection settings, managing data storage, and ensuring that all components support the instance.
- Connecting Jira applications to a database
- Securing a database password
- Configuring user directories
- Backing up data
- Using robots.txt to hide from search engines
- Enabling and disabling data collection in Jira
- Advanced Jira configuration
- Connecting to SSL service
- Jira Service Management specific:
3. Authentication, authorization, user management, and security
This documentation relates to securing applications and managing user access. It covers authentication and authorization mechanisms, user management, permissions, and security best practices.
- Managing permissions
- Security overview and advisories
- Cluster authentication
- Single Sign-On documentation for Data Center products
- SAML SSO for Jira Data Center applications
- Managing users
- Managing groups of users
- Configuring issue-level security
- Enabling public signup and CAPTCHA
- Configuring permissions
- Controlling anonymous user access
- Moderating user group activity with Safeguards
- Configuring secure administrator sessions
- Managing project permissions
- Administering Jira Software
- User management limitations and recommendations
- Configuring the user default settings
- Configuring global settings
- Configuring advanced settings
- Jira Service Management specific:
4. Runtime, performance monitoring, and troubleshooting
This documentation focuses on monitoring and maintaining instances after setup. It includes guides on performance monitoring, handling runtime issues, and troubleshooting common problems.
- Storing search indexes
- Cache replication
- System logging and profiling
- Jira Access Log Analyzer
- Monitoring Jira
- Generating a thread dump
- Auditing in Jira
- Running Jira on a Kubernetes cluster
- Jira monitoring
- Cluster monitoring
- Server optimization
- Disaster recovery guide
5. Integrations and third-party apps
This documentation covers integrating Jira Service Management with other Atlassian products and creating and integrating third-party apps with Jira Service Management.