Esri transparently advanced ArcGIS Online security on June 10, 2022 when Domain Name System Security Extensions (DNSSec) was enabled for the ArcGIS.com domain. DNSSec is just one of many security advancements being put in place for ArcGIS Online as we expand from FedRAMP Tailored Low to FedRAMP Moderate security controls this year.
DNSSec benefits include:
- Helps protect our customers, the Internet, end users, companies, organizations, and governments
- Decreases vulnerability to attacks, by providing cryptographic authentication to prevent redirection to rogue websites
- Fosters innovation by verifying and protecting DNS data, which enables data to be trusted in applications beyond DNS
No service disruptions were experienced as part of the DNSSec transition, and no changes are required for customer ArcGIS Online workflows. If it’s transparent, how can you easily tell if DNSSec is working? Organizations like Verisign Labs make DNSSec validation tools, which can instantly check the ArcGIS.com domain here: https://dnssec-analyzer.verisignlabs.com/arcgis.com If you want to better understand the basics of what DNSSec is, CSO Online has an overview here.
FedRAMP Moderate Coming
As ArcGIS Online advances it’s security posture to FedRAMP Moderate (almost triple the security controls of today’s Tailored Low authorization), your organization may want to consider utilizing it for a broader set of geospatial use-cases that your security team is comfortable with. For planning purposes, we expect the FedRAMP Moderate 3rd party assessment to be complete by the end of 2022, and final authorization in 2023.
- Esri Software Security & Privacy