REDLANDS, CALIF. -- All US federal agencies must ensure data integrity and prevent unauthorized access to protect US residents. Compliance with laws like the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act is crucial. To support secure data mapping using cloud-hosted services, Esri, the global leader in location intelligence, is now authorized to provide ArcGIS Online services at the FedRAMP Moderate level.

With this enhancement, Esri advances security for all ArcGIS Online users and continues to demonstrate the company’s commitment to cybersecurity and support for defense and federal agencies. They and all other industry sector customers can now accelerate their adoption of ArcGIS Online software’s scalable and collaborative web mapping capabilities to include a broader variety of geospatial data and workflows.

Established in 2011, FedRAMP is the system that ensures a standard security baseline for cloud products and services used for collaboration between federal agencies and private-sector stakeholders. FedRAMP Moderate is appropriate for cloud solutions that handle moderate-risk data, including financial, health, and personally identifiable information.

“We’re excited to have earned this recognition of the strength and resilience of ArcGIS Online software’s security infrastructure,” said Patty Mims, director of business development, global national government, Esri. “This authorization reinforces our commitment to safeguarding sensitive data while bringing cutting-edge mapping and analytics tools to federal agencies that need them.”

To secure FedRAMP Moderate authorization, the security infrastructure and processes of ArcGIS Online were critically evaluated and approved by an independent third party through a rigorous review. FedRAMP Moderate authorization also requires continuous monitoring obligations, including annual penetration testing and third-party validation. This level of authorization is only granted to cloud products and services that are confirmed to be secure enough for government agencies to store and process moderate-risk data.