We have recently implemented new measures to help ensure our customers meet rapidly evolving privacy regulations as well as address cybersecurity threats most effectively and are outlined below:
- ArcGIS Enterprise Hardening Guide
This has been in the works for several years, incorporating input from customers and security experts around the globe. If you have a production ArcGIS Enterprise deployment in place or upcoming, you should ensure these best practices are in place as soon as possible. This guide was released this week and can be found within the ArcGIS Trust Center documents here.
- EU-US Data Privacy Framework (EU-US DPF)
Esri’s certification against this new framework was completed last week, demonstrating our commitment to upholding data protection standards required by the European Union. Esri still maintains the Standard Contractual Clauses (SCCs) as part of our Data Processing Addendum, providing EU customers stable privacy assurance despite evolving US regulations. For more information, check out the new ArcGIS Trust Center DPF page.
- FedRAMP Moderate Rev 5
ArcGIS Online has now been operating and validated by a third party to be in alignment with FedRAMP Moderate controls for over a year now. Some customers have given up waiting for the FedRAMP PMO to post the authorization to their website and have moved forwards with their own Agency FedRAMP authorizations. Based on recent discussions with the PMO, the moderate authorization should be listed in the 2024 Q1/Q2 timeframe. In the meantime, we’ve been shifting to newer Revision 5 controls which includes stronger supply chain validation and plan to completing the 2024 3PAO assessment by the end of Q2.
- ISO 27001
We continue to move forward alignment of our EU Region systems and operations with this certification which will cover specific ArcGIS Online and Platform capabilities. We aim to have this in place before the end of 2024, with more details to come over the next several months within the ArcGIS Trust Center ISO compliance page.
It’s been exciting to move these initiatives forwards and we welcome your input at any time.
- Esri’s Software Security and Privacy team – SoftwareSecurity@esri.com