Redlands, California—February 9, 2015—Esri Managed Cloud Services (EMCS) has achieved Federal Risk and Authorization Management Program (FedRAMP) compliance at the moderate level, it was announced today by Esri president Jack Dangermond during the Esri Federal GIS Conference at Walter E. Washington Convention Center in Washington, DC.
It is the first program tailored specifically for a geographic information system (GIS) to offer a cloud environment that is compliant at the FedRAMP moderate level, meaning it satisfies the stringent security requirements that federal agencies must meet before operating in a cloud computing environment.
“We look forward to continue working with vendors like Esri who have demonstrated FedRAMP compliance through the CSP Supplied path” said Matt Goodrich, FedRAMP director. “This approach facilitates federal agency security authorization demands as the complete security package for Esri Managed Cloud Services is available in the FedRAMP repository today”.
Esri Managed Cloud Services provides ready-to-use instances of ArcGIS, Esri's industry-leading GIS platform, in the cloud. Customers can adapt it to best suit their needs, either as an alternative in their own infrastructure or in conjunction with their own servers. The scalable, secure environment is supported by experienced GIS professionals to ensure GIS data and services are available whenever needed.
FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Being FedRAMP compliant means a cloud computing system has established and documented a highly secure environment that has withstood comprehensive, rigorous review before federal agencies are authorized to engage the system. Currently, compliance can be met at either the low or moderate level.
Esri Managed Cloud Services is the first geospatial cloud-service provider reviewed under the latest FedRAMP and NIST 800-53 Revision 4 security controls. This expanded set of security controls represents the most comprehensive update to the government security controls catalog since its inception in 2005 to better address the increased frequency and persistence of today’s cyber-attacks.
With Esri Managed Cloud Services, customers can use ArcGIS Online, Esri's online GIS platform, as their primary discovery mechanism and easily supplement it with Esri's FedRAMP-compliant GIS hosting tools, ArcGIS for Server and Portal for ArcGIS, to meet more advanced security needs. The program provides a standardized, demanding security protocol that customers can review themselves and that federal agencies can use for the government assessment and authorization process to expedite compliance.
The Esri Managed Cloud Services also supports federal agencies seeking to comply with the White House Cloud Computing Strategy. Adopted in 2011 to save money, the Cloud First policy requires federal agencies to evaluate safe, secure cloud computing options before making any new investments.
Because Esri Managed Cloud Services was designed from the ground up to meet the needs of federal customers, it can also meet the robust security demands of users from other sectors such as law enforcement, health care, and retail.
GIS users are moving to the cloud in large part to take advantage of the flexibility and potential cost savings it provides. Using Esri Managed Cloud Services helps users reduce risk, speed deployment, improve performance, and reduce operational costs in a secure environment.
To learn more about FedRAMP, visit https://cloud.cio.gov/action/secure-your-cloud.
For a complete description of the Esri Managed Cloud Services FedRAMP–compliant system, visit esri.com/services/emcs/security.