arcwatch

ArcGIS Security Update May Require Immediate Action

Esri will require TLS 1.2 connections for ArcGIS Online services as of April 16, 2019. Immediate action may be needed for any clients or systems that connect to ArcGIS Online.

Esri strives to implement the highest security standards across its entire suite of products by using the most robust, widely accepted security protocols, including Transport Layer Security (TLS) for privacy and data integrity. The ArcGIS platform uses the TLS protocol as a key component of its security for web and service API connections, including connections between other Esri software products.

ArcGIS Online currently supports connections using TLS versions 1.0, 1.1, and 1.2. To continue providing strong security, Esri will require TLS 1.2 connections for ArcGIS Online services as of April 16, 2019. Action may be required prior to this change to ensure continued access to ArcGIS Online services.

Impact on the ArcGIS Platform

Esri has released patches and instructions on how to update existing software to support these connections. Some Esri software, such as ArcGIS Pro, is already TLS 1.2 enabled, while other Esri technology, such as ArcGIS Desktop, requires a patch or a configuration change to support TLS 1.2 connections. Take a look at the list of affected products, which also has information on actions you may need to take.

Who Is Affected?

If any of the following use cases apply to you or your organization, you may need to enable TLS 1.2 connections by April 16, 2019.

Next Steps

Use these resources to help determine whether you need to take any action to update your software or operating system configurations to support TLS 1.2 with the ArcGIS family of products. If your apps are affected, you must take action to ensure continued access.

To stay up-to-date on security, privacy, and compliance-related announcements for the ArcGIS platform, subscribe to the RSS feed in the ArcGIS Trust Center.