Organization Policy controls for generative AI use cases

This document includes the best practices and guidelines for Organization Policy Service when running generative AI workloads on Google Cloud. Use Organization Policy with Vertex AI to centrally manage and enforce policies across your Google Cloud environment. Organization Policy helps to ensure consistent configuration and security compliance across the projects and resources within your organization.

Required Organization Policy controls

The following controls are strongly recommended when using Organization Policy.

Configure separation of duties for organization policy administrators

Google control ID	OPS-CO-6.1
Category	Required
Description	Assign the Organization Policy Administrator (roles/orgpolicy.policyAdmin) role to groups that are accountable for the security posture of the Google Cloud organization. To avoid resource creation that violates security policy, don't assign this role to project owners.
Applicable products	IAM Organization Policy Service
Related NIST-800-53 controls	AC-2 AC-3 AC-5
Related CRI profile controls	PR.AC-1.1 PR.AC-1.2 PR.AC-1.3 PR.AC-4.1 PR.AC-4.2 PR.AC-4.3 PR.AC-6.1 PR.DS-5.1 PR.PT-3.1
Related information	Creating and managing organization resources Determine which principals have certain roles or permissions

What's next

• Review Pub/Sub controls.

• See more Google Cloud security best practices and guidelines for generative AI workloads.