ArcGIS Blog

Feb 02, 2015

Esri Managed Cloud Services (EMCS) achieves FedRAMP Moderate compliance

By Matt Lorrain

On January 29th, 2015, the Esri Managed Cloud Services (EMCS) achieved FedRAMP Moderate compliance. This milestone provides assurance to customers that EMCS aligns with today’s latest rigorous security controls required for cloud systems at the moderate impact level (specifically FedRAMP Rev. 4 Baseline).

EMCS enables customers to quickly leverage the full ArcGIS Platform in a secure/compliant cloud environment. The GIS services within EMCS are provisioned through ArcGIS for Server and Portal for ArcGIS.

The EMCS offering can be utilized in a stand-alone capability or hybrid deployment incorporating ArcGIS Online. If ArcGIS Online FISMA Low security is considered not adequate for a given customer, or if they want to utilize specific geospatial capabilities only available in ArcGIS for Server, supplementing an ArcGIS Online implementation with EMCS is a viable option.

Beyond this, EMCS provides these key security benefits:

  • 24/7 Security Operations Center for monitoring and threat detection
  • An Intrusion Detection System (IDS) to detect malicious activity
  • Continuous security monitoring of log data through a Security Information and Event Management (SIEM) platform that is reviewed by security experts
  • A Web Application Firewall (WAF) to mitigate against common web application attacks such as cross-site scripting (XSS)
  • FIPS 140-2 compliant encryption for data-in-transit and data-at-rest
  • A hardened network and virtual machine environment utilizing advanced inbound/outbound firewall traffic rules
  • Mandatory continuous application, system and database vulnerability scans
  • Yearly vulnerability assessment, penetration testing and security control reviews by an accredited Third Party Assessment Organization (3PAO)

For more information about FedRAMP Moderate, visit the official FedRAMP site. Additionally, you may want to view the official listing of the EMCS package.  Alternatively, the press release for this milestone can also be viewed.

-The Security Standards and Architecture Team

 

References:

Esri Managed Cloud Services Achieves Federal Security Milestone (press release): http://www.esri.com/esri-news/releases/15-1qtr/esri-managed-cloud-services-achieves-federal-security-milestone

EMCS FedRAMP Moderate official listing: http://cloud.cio.gov/fedramp/esri

EMCS Security page on Trust site: http://doc.arcgis.com/en/trust/security/esri-managed-cloud-services.htm

Esri EMCS site: http://www.esri.com/services/emcs

Share this article

arcgis trust center security

Article Discussion:

Subscribe
Notify of
0 Comments
Oldest
Newest
Inline Feedbacks
View all comments