Esri has recently implemented new measures to help ensure its customers meet rapidly evolving privacy regulations as well as address cybersecurity threats most effectively.
ArcGIS Enterprise Hardening Guide
This guide was developed over several years and incorporates input from users and security experts from around the globe. Users with a production ArcGIS Enterprise deployment in place or in process should ensure that these best practices are in place as soon as possible. Download the ArcGIS Enterprise Hardening Guide.
EU-US Data Privacy Framework (EU-US DPF)
Esri’s certification by the Data Privacy Framework Program was completed in January 2024. This demonstrates Esri’s commitment to upholding the data protection standards required by the European Union (EU). Esri still maintains the Standard Contractual Clauses (SCCs) as part of its Data Processing Addendum, which provides European Union (EU) customers stable privacy assurance despite evolving US regulations. For more information, look at out the ArcGIS Trust Center DPF page.
FedRAMP Moderate Controls, Revision 5
ArcGIS Online has been operating and validated by a third party to be in alignment with the Federal Risk and Authorization Management Program (FedRAMP) Moderate controls for more than a year. Some users have moved forward with their own agency FedRAMP authorizations. Based on recent discussions with the PMO, the moderate authorization should be listed in the 2024 Q2 timeframe. In the meantime, Esri has been shifting to newer Revision 5 controls, which include stronger supply chain validation. Esri plans to complete the 2024 Accredited FedRAMP Third Party Assessment Organization (3PAO) assessment by the end of Q2.
ISO 27001
Esri continues to move forward the alignment of its EU Region systems and operations with this ISO 27001 certification, which will cover specific ArcGIS Online and Platform capabilities. Esri aims to have this in place before the end of 2024. Visit the ArcGIS Trust Center ISO compliance page at links.esri.com/compliance for details as they become available.
Contact Esri’s software security and privacy team at SoftwareSecurity@esri.com.
