ESRI, a provider of mission critical geographic information system (GIS) software, recognizes the security and privacy challenges faced by many of its customers. ESRI is committed to delivering GIS technology that can meet these challenges as part of a secure enterprise solution.
ESRI develops products incorporating security industry best practices that are trusted across the globe to provide geospatial services that meet the needs of individual users and entire organizations. ESRI’s security strategy has evolved as ArcGIS products have been extensively deployed across the enterprise and integrated with enterprise applications. ESRI is working to provide:
- Stronger security guidance
- Improved integrated security functions
- Support of security certifications
Stronger Security Guidance
Security best practices are continuously evolving. This Resource Center communicates ESRI security capabilities, and strategy. The site is also utilized to solicit customer feedback concerning current security issues, and upcoming security requirements to help ensure ESRI products continue to meet their security needs. The backbone behind ESRI’s stronger security guidance is GIS Security Patterns based on security industry standards such as the NIST 800 series to facilitate deployment of secure geospatial solutions.
Integrated Security Functions
Basic security functionality is available out of the box and third party security solutions can be integrated to provide even more advanced options. Improved integrated security functions for Internet deployments include:
- Role based security for services and applications
- Token service enabling authentication for REST based applications
ESRI’s security functions and deployment recommendations are based on core Security Principles such as defense in depth and the Confidentiality, Integrity and Availability (CIA) security triad.
Support of Security Certifications
ESRI recognizes that customers are being confronted with a variety of security policy compliance and certification requirements. ESRI is actively ensuring products align with security guidelines, such as the recent successful Federal Desktop Core Configuration (FDCC) security self-certification of ESRI’s desktop products. While ESRI provides security due diligence with our products and solutions resulting in stronger security, it is not a security software company. Ultimately, certifications and accreditations are based on a customer’s specific solution and security requirements. Additional details may be found in the Security Compliance section. Note that ESRI continues to evaluate the need for compliance and/or additional certifications based on customer feedback and demand.