Statement concerning the widely announced CVE-2020-0601 Microsoft OS cryptographic vulnerability and Esri products.
Esri Mobile Security Whitepaper, ArcGIS Online Cloud Security Alliance answers, and ArcGIS Online Security Advisor extensively updated.
Customers that have configured the SAML options "Enabled Signed Requests" or "Encrypt Assertion" must update their ArcGIS Online metadata file.
ArcGIS Online will enforce HTTPS Only for all organizations September 2020 - Organizations with HTTP (Clear-text) links should prepare now.
2019 Update 1 Security patches for ArcGIS Server and Portal for ArcGIS 10.4.1, 10.5.1, and 10.6.1 have been released.
On April 16th ArcGIS Online will be shutting down access to TLS 1.0 and 1.1 so only TLS 1.2 can be utilized going forwards.
Portal for ArcGIS Critical Security Patch Released for Elevation of Privilege Vulnerability - Please apply ASAP
Significant transport security improvements in 2019 could result in disruption of operations if customer validation is not performed beforehand.
Esri's Software Security & Privacy document provides an overview of key aspects of our Secure Development Lifecycle (SDLC).