This section provides an overview of security capabilities available for ArcGIS components and implementation guidance for authentication, authorization, encryption, and auditing. ArcGIS allows you to leverage the required GIS capabilities with the assurance that Esri continues to follow a robust and effective security framework. Esri continually advances the security of ArcGIS, including the following:
- Cloud—ArcGIS Online, Esri Managed Cloud Services Advanced Plus
- Enterprise—ArcGIS Server, Portal for ArcGIS
- Desktop—ArcGIS Pro, ArcGIS Pro
- Mobile—ArcGIS mobile apps
Built-in security and privacy
In today's cybersecurity landscape, ensuring that the products and services you receive from a software company have security and privacy considerations built-in is paramount. The Secure Development Life Cycle overview provides a consolidated summary of the assurance measures Esri incorporates, including governance, standards alignment, assessments and tools, vulnerability and incident management, and guidelines used.
Security validation tools
ArcGIS Enterprise comes with Python script tools, serverScan.py and portalScan.py, that scan for common security issues. The tools check for problems based on some of the best practices for configuring a secure environment for ArcGIS Enterprise. The Esri Software Security and Privacy team also offers the ArcGIS Online Advisor tool, a free tool to help ArcGIS Online organization administrators perform a quick check on their security configuration.
ArcGIS Security Advisor
The ArcGIS Security Advisor tool was created by the Esri Software Security and Privacy team and provides a color-coded interface for ArcGIS Online administrators to review security settings and past changes to ArcGIS Online organizations at a glance.
The ArcGIS Online Advisor tool reports the current security state of your ArcGIS Online organization and provides remediation guidance for any potential findings.
Recent enhancements include the ability to check for items added to ArcGIS Online that reference resources added using plaintext HTTP layers. This is valuable for ArcGIS Online organization administrators who need to validate for the upcoming ArcGIS Online move to support only HTTPS. Other recent enhancements include the ability to check for publicly available feature layers with editing capabilities enabled and the ability to check for public surveys that have survey layers with the query capability enabled.
See the Software Security and Privacy blog on GeoNet to learn about other initiatives.
Documents and presentations
For documents and presentations to learn about security, privacy, and compliance for ArcGIS, see Documents.