The National Institute of Standards and Technology (NIST), within the U.S. Department of Commerce, creates standards and guidelines pertaining to information security. NIST developed Special Publication 800-53 (NIST SP 800-53) to build on statutory responsibilities laid out in the Federal Information Security Management Act (FISMA), Public Law (P.L.) 107-347, which is a federal law that requires U.S. government agencies to create, review, and report on agency-wide practices that prioritize information security. NIST 800-53 mandates specific security and privacy controls required for federal government and critical infrastructure.
Through an independent, third-party assessment, Google Cloud has received an attestation letter confirming that a subset of our Google Cloud and Google Workspace services are operating in compliance with NIST 800-53 controls.