Skip To Content

ArcGIS security

This section provides an overview of security capabilities available for ArcGIS components and implementation guidance for authentication, authorization, encryption, and auditing. ArcGIS allows you to leverage the required GIS capabilities with the assurance that Esri continues to follow a robust and effective security framework. Esri continually advances the security of ArcGIS, including the following:

  • CloudArcGIS Online, Esri Managed Cloud Services Advanced Plus
  • EnterpriseArcGIS Server, Portal for ArcGIS
  • Desktop— ArcGIS Pro
  • Mobile—ArcGIS mobile apps

Built-in security and privacy

In today's cybersecurity landscape, ensuring that the products and services you receive from a software company have security and privacy considerations built-in is paramount. The Secure Development Life Cycle overview provides a consolidated summary of the assurance measures Esri incorporates, including governance, standards alignment, assessments and tools, vulnerability and incident management, and guidelines used.

Security validation tools

ArcGIS Enterprise comes with Python script tools, serverScan.py and portalScan.py, that scan for common security issues. The tools check for problems based on some of the best practices for configuring a secure environment for ArcGIS Enterprise. The Esri Software Security and Privacy team also offers the ArcGIS Online Advisor tool, a free tool to help ArcGIS Online organization administrators perform a quick check on their security configuration.

ArcGIS Security Advisor

The ArcGIS Security Advisor tool was created by the Esri Software Security and Privacy team and provides a color-coded interface for ArcGIS Online administrators to review security settings and past changes to ArcGIS Online organizations at a glance.

The ArcGIS Online Advisor tool reports the current security state of your ArcGIS Online organization and provides remediation guidance for any potential findings.

Recent enhancements include the ability to check for items added to ArcGIS Online that reference resources added using plaintext HTTP layers. This is valuable for ArcGIS Online organization administrators who need to validate for the upcoming ArcGIS Online move to support only HTTPS. Other recent enhancements include the ability to check for publicly available feature layers with editing capabilities enabled and the ability to check for public surveys that have survey layers with the query capability enabled.

See the Software Security and Privacy blog on GeoNet to learn about other initiatives.

Documents and presentations

For documents and presentations to learn about security, privacy, and compliance for ArcGIS, see Documents.

FedRAMP logo GDPR logo