Jump to Content
Security & Identity

New capabilities for Assured Workloads for Government

September 10, 2020
Bryce Buffaloe

Senior Product Manager, CJIS Security Lead

Earlier this year, we announced Assured Workloads for Government, a first-of-its kind service that allows Google Cloud Platform (GCP) customers to quickly and easily create controlled environments where U.S. data location and personnel access controls are enforced in any of our U.S. cloud regions (private beta). Starting today, customers who require FedRAMP Moderate support will also be able to leverage Assured Workloads, which is now generally available (GA). All new projects that require FedRAMP Moderate controls can be created at no additional charge in Assured Workloads—and if you've already accepted FedRAMP Moderate terms, we'll automatically transition those projects.

Assured Workloads for Government provides customers with a guided process for building compliance-centric workloads, and in Beta, helps support compliance with Department of Defense (IL4), the FBI’s Criminal Justice Information Services Division (CJIS), and Federal Risk and Authorization Management Program (FedRAMP) High requirements. This GA release now provides improved support routing and enhanced customer controls, including customer-managed encryption keys by default. We invite customers who require compliance support to sign up to get your organization on the Assured Workload Approved List.

To help you learn more about how Google Cloud supports FedRAMP Moderate compliance, we’ve also published a new Assured Workloads FedRAMP resource page and shared a security matrix that describes which FedRAMP Moderate-specific security controls customers are responsible for, and which controls Google Cloud provides. Our professional services organization (PSO) can also provide compliance readiness support to Assured Workloads customers seeking a FedRAMP Moderate ATO (authority to operate), so you can now deploy an Assured Workloads environment with the guidance of a subject matter expert. Your PSO contact can work with you to assess, architect, and implement controls that align with your compliance requirements. Contact sales to learn more about Google Cloud’s professional services for FedRAMP and broader consulting services.

In the coming months, we plan to expand the GA of Assured Workloads to include new capabilities, like new security and compliance monitoring tools, the ability to restrict products and services by compliance regime, support for additional regulated industries (beyond public sector and financial services today), and compliance blueprints targeting specific customer use cases.

To learn more, visit our Assured Workloads product page.

Posted in