ArcGIS Online FedRAMP Moderate Customer Responsibility Matrix

This document is a technical report detailing the specific responsibilities of customers and agencies regarding the management and security of their ArcGIS Online (AGO) applications in accordance with FedRAMP Moderate standards. It outlines various control identifiers (AC, IA, CP, etc.) and the associated responsibilities that customers must adhere to, such as managing access to their organization, providing a SAML 2.0 Identity Provider, and ensuring compliance with organizational policies. The report emphasizes the importance of training personnel, conducting backups, and managing authenticators to maintain the confidentiality, integrity, and availability of customer data. It also specifies the need for government customers to implement certain security measures, such as using FIPS 201-approved technology for Personal Identity Verification and ensuring that client software is configured to comply with FIPS 140-2 protocols. Overall, the document serves as a comprehensive guide for customers to understand their obligations in securing their AGO applications.