Assured Workloads는 Google Cloud 사용자에게 규제, 리전 또는 주권 요구사항을 지원하기 위해 폴더에 제어를 적용할 수 있는 기능을 제공합니다. 이 페이지에서는 주요 구성요소에 대한 정보를 제공합니다.
Assured Workloads 폴더
Assured Workloads 폴더는 워크로드에 대한 최상위 수준의 규제 경계입니다. 각 Assured Workloads 폴더는 선택한 제어 패키지의 규제 요건을 충족하는 제어로 구성되고 적극적으로 적용합니다. 또한 Assured Workloads 폴더는 워크로드가 포함된 프로젝트와 같이 해당 요건을 준수해야 하는 리소스의 컨테이너이기도 합니다. Assured Workloads 폴더와 리소스는 규정 준수 요건을 준수하는지 지속적으로 모니터링됩니다.
예를 들어 영향 수준 4(IL4)의 규제 요건을 충족해야 하는 경우 IL4의 Assured Workloads 폴더를 만든 다음 프로젝트 및 리소스를 해당 Assured Workloads 폴더에 만들거나 마이그레이션하면 됩니다. 폴더 내에서 이러한 프로젝트는 IL4의 규제 요구사항을 적용하도록 구성되며 리소스가 규정 준수를 위반하면 알림을 받게 됩니다.
조직의 모든 리소스가 특정 제어 패키지를 준수하도록 하려면 Assured Workloads 폴더를 다른 모든 폴더, 프로젝트, 리소스의 상위 요소로 만들면 됩니다. 최상위 폴더를 Assured Workloads 폴더로 만들면 Google Cloud 리소스 계층 구조의 모든 하위 리소스에 해당 제어가 상속됩니다.
자세한 내용은 조직의 규정 준수 제어 설정 방법을 참고하세요. Google Cloud
Assured Workloads 키 관리 프로젝트
선택한 제어 패키지에 따라 Assured Workloads에서 Assured Workloads 폴더 내에 키 관리 프로젝트를 만들어 CMEK 암호화 키를 저장할 수도 있습니다. 키와 리소스에 사용할 프로젝트를 각각 만들면 보안 관리자와 개발자 간의 업무 분장을 수립할 수 있습니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-04(UTC)"],[[["\u003cp\u003eAssured Workloads enables Google Cloud users to apply controls to folders, helping meet regulatory, regional, or sovereign requirements.\u003c/p\u003e\n"],["\u003cp\u003eAn Assured Workloads folder serves as the primary regulatory boundary, enforcing controls from a chosen control package and housing compliant resources.\u003c/p\u003e\n"],["\u003cp\u003eAssured Workloads folders and their resources are continuously monitored to ensure adherence to the specified compliance requirements.\u003c/p\u003e\n"],["\u003cp\u003eBy creating an Assured Workloads folder as the top-level parent, its controls are inherited by all child resources in the Google Cloud hierarchy.\u003c/p\u003e\n"],["\u003cp\u003eAssured Workloads can generate a separate key management project within the folder to store CMEK encryption keys, ensuring separation of duties between security administrators and developers.\u003c/p\u003e\n"]]],[],null,["# Key concepts\n============\n\nAssured Workloads provides Google Cloud users with the ability to\n[apply controls](/assured-workloads/docs/control-packages) to a folder in\nsupport of regulatory, regional, or sovereign requirements. This\npage provides information about its key components.\n\nAssured Workloads folders\n-------------------------\n\nAn Assured Workloads folder is the top-level regulatory boundary for\nyour workloads. Each Assured Workloads folder is configured with (and\nactively enforces) controls that meet the selected\n[control package's](/assured-workloads/docs/control-packages) regulatory\nrequirements. Assured Workloads folders are also the container for your\nresources that must adhere to those requirements, such as projects that contain\nyour workloads. Assured Workloads folders and their resources are\nconstantly [monitored](/assured-workloads/docs/monitor-folder) for adherence to\ncompliance requirements.\n\nFor example, if you need to meet the regulatory requirements for Impact Level 4\n(IL4), you would\n[create an Assured Workloads folder](/assured-workloads/docs/create-folder)\nfor IL4, and then create or [migrate](/assured-workloads/docs/migrate-workload)\nprojects and resources to that Assured Workloads folder. Inside the\nfolder, those projects will be configured to enforce IL4's regulatory\nrequirements, and you will be notified if any resources fall out of compliance.\n\nTo ensure that all of your organization's resources are compliant with a\nspecific control package, you can create an Assured Workloads folder\nas the parent for all of your other folders, projects, and resources. By making\nthe top-level folder an Assured Workloads folder, its controls will\nbe inherited by all child resources in the\n[Google Cloud resource hierarchy](/resource-manager/docs/cloud-platform-resource-hierarchy).\nFor more information, see\n[How to set compliance controls for your Google Cloud organization](/blog/products/identity-security/how-to-set-compliance-controls-for-your-google-cloud-organization).\n| **Note:** Any Assured Workloads environment created before the introduction of Assured Workloads folders continues to be supported. Although it is not required, we recommend that you migrate to Assured Workloads folders if it is possible to do so.\n\nAssured Workloads key management project\n----------------------------------------\n\nDepending on the control package you select, Assured Workloads can\nalso create a **key management project** inside the Assured Workloads\nfolder to store your CMEK encryption keys. Having one project for keys and\nanother for resources establishes\n[separation of duties](/kms/docs/separation-of-duties) between security\nadministrators and developers.\n\nWhat's next\n-----------\n\n- Learn how to [create an Assured Workloads folder](/assured-workloads/docs/create-folder).\n- Learn which [products are supported](/assured-workloads/docs/supported-products) for each control package.\n- Learn how to [migrate a workload](/assured-workloads/docs/migrate-workload)."]]
