Assured Workloads release notes

This page documents production updates to Assured Workloads. Check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

November 15, 2024

v1

The CJIS control package now supports the following products. See Supported products by control package for more information:

  • Access Context Manager
  • Apigee
  • Cloud Build
  • Cloud EKM
  • Cloud Interconnect
  • Cloud NAT
  • Cloud Router
  • Cloud Service Mesh
  • Cloud VPN
  • Resource Manager
  • Firestore
  • Identity-Aware Proxy (IAP)
  • Memorystore for Redis
  • Sensitive Data Protection

October 21, 2024

v1

The IRS Publication 1075 control package is now generally available. Additionally, it now supports the following products:

  • Binary Authorization
  • Cloud Logging

See the supported products page for a complete list.

October 09, 2024

v1beta1

You can now view and apply workload updates to ensure that your workloads are using the most recent control package configuration. This feature is available in the Preview stage.

October 03, 2024

v1

The following products are now supported by the following control packages. See supported products for more information:

  • Access Context Manager, Eventarc, GKE Hub, and Speech-to-Text
    • Australia Regions
    • Australia Regions with Assured Support
    • Brazil Regions
    • Canada Regions
    • Canada Regions and Support
    • Chile Regions
    • EU Regions
    • EU Regions and Support
    • India Regions
    • Indonesia Regions
    • Israel Regions
    • Israel Regions and Support
    • Japan Regions
    • Singapore Regions
    • South Korea Regions
    • Switzerland Regions
    • Taiwan Regions
    • UK Regions
    • US Regions
    • US Regions and Support
  • Secret Manager
    • EU Regions and Support
    • Israel Regions and Support
    • US Regions and Support

Cloud Run and Filestore are now supported by the following control packages. See supported products for more information:

September 27, 2024

v1

The IRS Publication 1075 control package is now available in Preview.

August 30, 2024

v1

Two new control packages are available in the GA stage:

  • Healthcare and Life Sciences Controls
  • Healthcare and Life Sciences Controls with US Support

These control packages replace the HIPAA and HITRUST Previews with a more robust set of controls for customers in the Healthcare and Life Sciences industries. For more information about these new controls, see Restrictions and Limitations for Healthcare and Life Sciences Controls.

June 20, 2024

v1

During the Regional Controls Public Preview, the ComplianceRegime enum value has changed from FREE_REGIONS to REGIONAL_CONTROLS. When using the REST API, Terraform, or gcloud, ensure that you use the new REGIONAL_CONTROLS value. This change does not impact existing Assured Workloads folders that were created using the old value. However, areas with potential impact include the following:

April 01, 2024

v1

You can now create Assured Workloads folders from Resource Manager's Manage resources page in the Google Cloud console. See Creating and managing folders for more information.

March 28, 2024

v1

The following compliance programs now support the following products. See supported products for more information:

  • Australia Regions with Assured Support:
    • Access Transparency
  • Canada Regions and Support:
    • Access Transparency
  • EU Regions and Support:
    • Access Approval
    • Certificate Authority Service
    • Cloud Monitoring
    • Cloud Run
    • Firestore
    • Sensitive Data Protection
  • FedRAMP Moderate:
    • Artifact Registry
    • Cloud Workstations
  • Israel Regions and Support:
    • Dataflow
    • Memorystore for Redis
  • Japan Regions:
    • Access Approval
    • Access Transparency
  • US Regions and Support:
    • Access Transparency

November 16, 2023

v1

The IL4 compliance program now supports the following products. See Supported products for more information:

  • Cloud DNS
  • Cloud Interconnect
  • Cloud Monitoring
  • Cloud Router
  • Cloud SQL
  • Cloud VPN
  • Pub/Sub

October 27, 2023

v1

The Japan Regions compliance program is now generally available. For a list of Google Cloud products compliant with Japan Regions, see the Supported products page.

September 28, 2023

v1

The IL2 compliance program is now generally available. For a list of IL2-compliant Google Cloud products, see the Supported products page.

September 22, 2023

v1

The CJIS compliance program now supports the following products. See Supported products for more information:

  • Cloud Run
  • Cloud Identity
  • Google Workspace Admin Console

September 15, 2023

v1

The ability to analyze a project for compliance before migrating it to an Assured Workloads folder is now generally available. See the Migrate a workload page for more information.

The CJIS compliance program now supports the following products. See Supported products for more information:

  • Cloud Composer
  • Cloud Dataflow
  • Cloud DNS
  • Cloud HSM
  • Cloud Logging
  • Cloud NAT
  • Cloud Router
  • Cloud SQL
  • Network Connectivity Center

The IL5 compliance program now supports the following products. See Supported products for more information:

  • Cloud Logging
  • Dataflow
  • Google Kubernetes Engine

September 01, 2023

v1

The Japan Regions compliance program is now in Preview.

August 04, 2023

v1

The EU Regions and Support with Sovereignty Controls compliance program now supports the following products. See Supported products for more information:

  • Cloud Bigtable
  • Dataflow
  • Cloud Spanner

July 10, 2023

v1

The following compliance programs now support the list of products below:

The following products are now supported. See supported products for more information:

  • Cloud Data Loss Prevention
  • Certificate Authority Service
  • Cloud Composer

June 30, 2023

v1

The EU Regions and Support with Sovereignty Controls compliance program now supports the following products. See Supported products for more information:

  • Artifact Registry
  • BigQuery
  • Cloud Composer
  • Dataproc

The IL5 compliance program is now generally available.

June 29, 2023

v1

The ITAR compliance program now supports BigQuery. See Supported products for more information.

April 20, 2023

v1

The FedRAMP Moderate compliance regime now supports the following products. See Supported products for more information:

  • Access Approval
  • Cloud Asset Inventory
  • GKE Hub
  • Traffic Director

The following compliance regimes now support the list of products below:

The following products are now supported. See supported products for more information:

  • Artifact Registry
  • Cloud Bigtable
  • Cloud DNS
  • Cloud HSM
  • Cloud Interconnect
  • Cloud Key Management Service (KMS)
  • Cloud Load Balancing
  • Cloud Monitoring
  • Cloud NAT
  • Cloud Router
  • Cloud Run
  • Cloud VPN
  • Firestore
  • Identity and Access Management (IAM)
  • Identity-Aware Proxy (IAP)
  • Network Connectivity Center
  • Pub/Sub
  • Virtual Private Cloud
  • VPC Service Controls

April 06, 2023

v1

The EU Regions and Support compliance regime now supports the following products. See Supported products for more information:

  • Cloud DNS
  • Cloud Interconnect
  • Cloud Load Balancing
  • Cloud NAT
  • Cloud Router
  • Cloud VPN
  • Identity-Aware Proxy
  • Network Connectivity Center
  • Virtual Private Cloud
  • VPC Service Controls

The EU Regions and Support with Sovereignty Controls compliance regime now supports the following products. See Supported products for more information:

  • Cloud DNS
  • Cloud Interconnect
  • Cloud Load Balancing
  • Cloud NAT
  • Cloud Router
  • Cloud VPN
  • Identity-Aware Proxy
  • Network Connectivity Center
  • Virtual Private Cloud
  • VPC Service Controls

March 30, 2023

v1

The Australia Regions with Assured Support compliance regime is now generally available.

January 31, 2023

v1

The Israel Regions and Support compliance regime is now generally available.

December 22, 2022

v1

The EU Regions and Support with Sovereignty Controls compliance regime is now generally available.

December 16, 2022

v1

The ITAR compliance regime is now generally available.

November 17, 2022

v1

The Impact Level 4 (IL4) compliance regime is now generally available.

November 14, 2022

v1

The Israel Regions and Support compliance regime is now in Preview.

October 20, 2022

v1

The Australia Regions with Assured Support compliance regime is now in Preview.

October 17, 2022

v1

The Canada Regions and Support compliance regime is now generally available.

October 05, 2022

v1

If you create a public cluster on Google Kubernetes Engine (GKE) version 1.23 or newer in any existing Assured Workloads compliance regime folder, it might fail with the following error:

ManagedResourceService.AddServiceBundle, PERMISSION_DENIED'/> APPLICATION_ERROR;google.cloud.servicedirectory.v1beta1/ManagedResourceService.AddServiceBundle;Request is disallowed by organization's constraints/gcp.restrictServiceUsage constraint for 'projects/<projectID> attempting to use service 'servicedirectory.googleapis.com'

To fix this issue, the Service Directory API (servicedirectory.googleapis.com) must be added as an allowed service on the resource usage restriction organization policy for the folder. See Setting the organization policy for more information.

This issue only applies to existing Assured Workloads folders. New folders created after September 30th are not affected, as the Service Directory API is automatically enabled for them.

Note: Due to current compliance restrictions, Google Cloud has only allowed the Service Directory API to be used by Google-managed service accounts that are linked to specific services (such as GKE) in your Assured Workloads folder. Do not use the Service Directory API directly -- such as via the Cloud Console, CLI, or API -- unless your organization has explicitly allowed its use through your own internal compliance review process.

September 19, 2022

v1beta1

You can now perform an analysis for hypothetically moving a workload. This Preview feature analyzes the source (a project or project-based workload) and the destination (a folder-based workload) to indicate any potential incompatibilities related to the move.

June 15, 2022

v1

April 14, 2022

v1

You can now restrict resource creation of global security configuration to comply with data residency requirements by using organization policies, which affect Google Cloud services such as Compute Engine and Identity-Aware Proxy (IAP). This capability is available as a Preview launch.

December 16, 2021

v1

The EU Regions and Support compliance regime is now generally available.

April 30, 2021

v1

Assured Workloads now provides support for CJIS and FedRAMP High, and a more streamlined provisioning experience for some compliance regimes. For more information, see the Assured Workloads documentation.

January 19, 2021

v1
  • New US Regions and Support platform control, enabling first-level US Person support and US data location.
  • Billing integration: Assured Workload Premium Subscriptions can be purchased via offline contract by both customers and resellers
  • Assured Workloads Support: Receive Premium Support from a US Person, in a US location, 24/7, to help meet compliance requirements (requires additional support services purchase).
  • Existing folder support: You can now create your Assured Workloads environment inside of an existing folder.

September 01, 2020

v1beta1

Assured Workloads for Government is now generally available for the FedRAMP Moderate compliance regime.

July 14, 2020

v1beta1

Initial private beta release of Assured Workloads for Government.