App Authorization Template

This section is designed to be copied directly by Information System Security Officers (ISSOs) or compliance teams for their Risk Registers or Authority to Operate (ATO) documentation.

External Service / System Name

PACT – Contract Management for Jira

System Description/Overview

PACT is an Atlassian Jira Cloud application that transforms Jira into a Contract Lifecycle Management (CLM) system. It disintegrates complex contracts into a hierarchy of Jira issues (Contract → Requirements → Negotiations) to provide granular traceability and control. The app tracks financial data (Budget vs. Actuals), visualizes contract performance via dashboards (Burndown, Status charts), and manages renewal deadlines. It is primarily used for contract administration, risk management, obligation tracking, and audit/compliance reporting within the Jira environment.

External Service Type

SaaS app running entirely on Atlassian’s Forge platform within the Atlassian Government Cloud environment (Runs on Atlassian model). No Optimizory-hosted runtime is in the data path for AGC customers.

Data Ingress / Egress (relative to AGC boundary) Classification: None

Runtime processing of Contract and Jira data happens entirely inside Atlassian Government Cloud using Forge with the Runs on Atlassian model (only Atlassian‑hosted compute and storage; no external runtime egress of in‑scope end‑user data). No Jira issue content, financial data, or contract terms are sent to Optimizory-hosted infrastructure; the app does not store any customer data independently and stores data within Jira. (AGC customers can use this field to document “None” explicitly in their risk register.)

Authentication & Authorization

  • Authentication: End-users authenticate to AGC with Atlassian accounts and the organization’s chosen SSO/MFA configuration (e.g., CAC/PIV). PACT does not introduce a separate login or credential store.

  • Authorization:

    • Access to Contract data is governed by Jira permissions; the app allows users to view contract details and financial data only if they have permission to view the underlying Jira issues. PACT respects the existing Jira permission schemes configured by the customer.

    • The app itself authenticates to Jira using Forge‑managed app credentials within Atlassian’s platform; there is no API key or token that connects AGC to an external Optimizory service.

  • API Key Scenarios (inbound/outbound/sync)

    • Not applicable – there is no direct connectivity inbound to AGC from an external Optimizory service and no outbound calls from AGC to vendor infrastructure for runtime Contract data.

Multi-Factor Authentication (MFA)

  • Service connection MFA: Not applicable – there is no separate external connection between AGC and an Optimizory‑hosted runtime.

  • User access MFA: Enforced centrally by the customer’s AGC identity setup (SSO/MFA for Atlassian accounts). Any MFA vendor/OTP mode is determined by the customer’s IdP and Atlassian Guard configuration, not by PACT.

Role Policy (for Inbound / Bi-Directional Connections Only)

Not applicable – PACT’s AGC runtime does not maintain inbound or bi-directional connections across the AGC boundary to an external Optimizory service. There are no external accounts or keys used to access AGC resources.

Key / Account Policies (for Inbound / Bi-Directional Connections Only)

Not applicable – no external keys or accounts are used to access AGC from Optimizory systems for runtime data.

Role-based Access Control

Yes. RBAC is provided by Jira permissions and roles in AGC. PACT runs under the Jira app permission model and only accesses issues/projects that the current user can access; it does not create separate “integration accounts” with broader privileges.

Data Description

  • Primary Data: Jira issue data representing Contracts, Requirements, and Negotiations that exists in the customer’s AGC Jira site.

  • Sensitive Data: Financial values (Cost, Budget), Vendor Names, Contract Terms, Dates (Expiry, Renewal), and Issue Links (e.g., "blocks", "relates to").

  • Configuration Data: Saved dashboard configurations and preference settings, stored within Atlassian’s app storage or Jira properties – not in an external Optimizory database.

  • Vendor Commercial Data: Licensing and support contact details (admin names/emails, company, etc.) via Atlassian Marketplace. This does not include Contract content.

Data Categorization (Moderate only)

PACT processes whatever Jira data the customer has already categorized within their AGC Jira environment (e.g., CUI). The app does not change the classification of that data and does not introduce new data types beyond Jira issue metadata and minimal configuration. Customers should reference their existing Jira/AGC data categorization in this field.

Connectivity Method

  • Web-based application embedded in Jira Cloud on AGC.

  • Users access PACT through Jira’s UI (Apps menu, issue view, dashboards).

  • Backend logic runs as Forge functions inside Atlassian’s cloud and talks to Jira via Atlassian-managed APIs. No direct network connection is established from AGC to Optimizory infrastructure for runtime data.

Connection Transport Security and Encryption

  • All client-to-AGC connections use HTTPS/TLS (TLS 1.2+), as per Atlassian Cloud security protocols.

  • Internal communication between Jira and Forge within AGC is handled by Atlassian and covered under AGC’s FedRAMP Moderate controls for encryption in transit.

Encryption in Storage

  • Jira data and Forge app storage in AGC are encrypted at rest under Atlassian’s FedRAMP Moderate-aligned controls (AES-256); AGC is built as a FedRAMP Moderate authorized environment.

  • PACT does not maintain its own independent database of Contract data; there is no additional vendor-managed encryption layer for application data.

Audit Logs Available

  • AGC administrators can use Atlassian’s organization/audit logs to track app installation, configuration changes, and other admin-level events for Marketplace apps.

  • PACT operations (creating contracts, linking requirements) are recorded as standard Jira issue updates and are visible in the native Jira issue history and audit logs.

Level of Vendor Dependency

Low to Moderate.

Jira remains the system of record; if PACT is removed or disabled, the underlying Jira issues representing Contracts and Requirements remain intact.

Dependency on Optimizory is primarily for:

  • Visual dashboard rendering (Burndown charts, Status charts).

  • Specific hierarchy logic (Contract Breakdown visualization).

  • Ongoing maintenance and support of the app. From a risk perspective, discontinuing the app affects visualization and convenience, not data custody or data availability.

Alternative Exists

Yes.

Customers can:

  • Use native Jira issue linking and JQL-based reports to track contract obligations.

  • Use standard Jira Dashboards for basic status reporting. PACT is an option for specialized CLM visualization and hierarchy management, not the only possible solution for storing contract data in Jira.

Traffic Source Role or DNS

Not applicable for external service connectivity: There is no network path from AGC to an Optimizory-hosted runtime for Contract data. User traffic is between browsers and AGC (*.atlassian-us-gov-mod.com / related Atlassian government domains) over HTTPS.

Traffic Destinations Role or DNS

Not applicable for external service connectivity: Runtime traffic for PACT is contained within Atlassian’s AGC environment (Jira ⇄ Forge). No separate DNS endpoints for Optimizory are required for the AGC runtime.

Inbound Ports & Protocols (to AGC from external service)

Not applicable – there is no inbound connectivity from Optimizory infrastructure into AGC for PACT’s runtime.

Outbound Ports & Protocols (from AGC to external service)

Not applicable – the AGC version of PACT does not call out to Optimizory-hosted endpoints for Contract data.

Any networking is internal to Atlassian’s AGC environment (Jira + Forge) using HTTPS/TLS, which is already covered by Atlassian’s FedRAMP documentation.