It’s been a busy year for advancing our security and privacy commitments. As the annual User Conference approaches, it is worthwhile to reflect on significant changes that can potentially expand how customers use Esri’s products.
- Agency-based FedRAMP Moderate Authorization issued May 2023 for ArcGIS Online
- Moderate Authorization package available via FedRAMP Secure Repository now
- Agencies/customers can begin their FedRAMP Moderate authorization efforts
- FedRAMP.gov Marketplace Designation expected Q4 2023
Cloud Security Alliance (CSA) CAIQ
- We performed a major update of our CAIQ answers using the latest framework from CSA
- This is a 25+ page list of the most common security & privacy questions concerning ArcGIS Online in an industry standard structure
- Available within the ArcGIS Trust Center documents are now and will be posted to the CSA Star registry
International Organization for Standardization (ISO)
- During the first quarter this year we completed a self-assessment of ISO 20243 for ArcGIS Online
- Ensuring a strong cyber supply chain is critical for products today (focus of ISO 20243)
- We have begun ISO 27001 gap analysis efforts for the ArcGIS Online EU Region
- We expect to achieve ISO 27001 certification for the region in 2024
We will have numerous Software Security & Privacy team members at the upcoming User Conference in San Diego both presenting and discussing customer challenges on the Expo floor. We look forward to seeing you there! We may consider helping facilitate a Special Interest Group (SIG) on Security & Privacy for next year’s UC based on your input to foster communications further – If you think such a SIG would be helpful, and/or would like to help facilitate such an effort (present or otherwise), reach out to us at: SoftwareSecurity@Esri.com .