Standards, regulations & certifications

To help you with compliance and reporting, we share information, best practices, and easy access to documentation. Our products regularly undergo independent verification of security, privacy, and compliance controls, achieving certifications against global standards to earn your trust. We're constantly working to expand our coverage.

This site contains information about Google's certifications and compliance standards it satisfies as well as general information about certain region or sector-specific regulations.

NIST 800-171

Security requirements for United States Federal controlled unclassified information.

National Institute of Standards and Technology Special Publication 800-171 was released in June 2015. It focuses on protecting the confidentiality of Controlled Unclassified Information (CUI) in non-federal information systems and organizations, and defines security requirements to achieve that objective. The security controls of NIST 800-171 can be mapped directly to NIST 800-53. This mapping is available on page D-2 of the publication NIST.SP.800-171.

The services below have undergone an independent third party assessment that confirmed compliance with NIST 800-53 controls in scope for FedRAMP, which includes all requisite controls described in NIST 800-171.

The list of services covered include:

G Suite Editions
G Suite Services
Google Cloud Platform services: