FedRAMP is a United States government-wide program that offers a standardized approach in security assessment, authorization, and continuous monitoring in cloud products for all customers. FedRAMP includes an audit of an organization's security program by a certified independent audit or across 100's of security controls and is frequently considered as the gold standard for security assurance of cloud service offerings.
All Esri customers benefit from the security and privacy of our FedRAMP authorized system including an in-depth security model that aligns with the rigorous demands of commercial, public-sector, and organizations around the world. For customers more familiar with ISO standards is available to validate assurance coverage. For customers more familiar with ISO standards, a mapping between FedRAMP and ISO 27001 is available to validate assurance coverage.
Esri in-scope Services
ArcGIS Online
ArcGIS Online was FedRAMP Tailored Low authorized in 2018, and most recently obtained FedRAMP Moderate Agency Authorization in May 2023. The FedRAMP Moderate designation in FedRAMP marketplace was issued in July 2024.
- FedRAMP Marketplace - Validate FedRAMP Status (Public)
- ArcGIS Online FedRAMP Authorized Capabilities (Customer Trust Center document)
- ArcGIS Online Customer Responsibilities (Customer Trust Center document)
- ArcGIS Online Cloud Security Detailed FAQs - CSA CAIQ (Public)
- Obtain
3rd Party annual Pentest and
Audit Materials
- Federal customer reqeust form - Package FR1811073663 (Public)
- Other customers (NDA required) - Contact your account manager
EMCS Advanced Plus
Esri Managed Cloud Services (EMCS) Advanced Plus is also a FedRAMP Moderate compliant offering, but a single tenant ArcGIS Enterprise offering through Esri Professional Services.
- FedRAMP Marketplace EMCS - Validate FedRAMP Status (Public)
- EMCS Advanced Plus Security Detailed FAQs - CSA CCM (Public)
- HIPAA to NIST 800-53 Control Mapping (Public)
- Contact for EMCS Questions - NOT ArcGIS Online - ManagedCloudServices@esri.com