We have some great announcements concerning recent security, privacy and compliance advancements.
As of June 28th, 2018, ArcGIS Online is FedRAMP Tailored Low Agency authorized (Li-SaaS)! This is a significant milestone as the initial FISMA authorization achieved in 2014 focused on capabilities hosted within Amazon Web Services (AWS), and now the FedRAMP authorization assures incorporating security controls containing guidance specifically for cloud based deployments and it spans both AWS and MS Azure.
Esri continues to also advance our level of compliance with GDPR (concerning privacy), which is even more relevant to our US-based customers as the State of California recently passed legislation to enforce new privacy requirements (much of which is similar to GDPR) in 2020. See the 2018 ArcGIS Online Security & Privacy presentation on the Trust site Documents tab.
New AGO Security Advisor Tool
We announced the Preview release of a free ArcGIS Online (AGO) Security Advisor tool at the conference – Not only can you check your organization for alignment with best practices, but you can also see application logs at both the organization and user levels. The tool is now readily available @ https://arcg.is/ago-advisor .
AGO Transport Security Roadmap
We will also be discussing our transport security roadmap for deprecating TLS 1.0 & 1.1 (December 2018 release) and subsequently shifting to HTTPS only (September 2019 release) for all ArcGIS Online organizations. These security improvements may significantly affect your current operations and welcome discussion.
By the way, we even have a new team name to reflect the increasing importance of both Privacy & Security in our products and services.
– Esri Software Security & Privacy (SoftwareSecurity@Esri.com)