The National Institute of Standards and Technology (NIST),
within the U.S. Department of Commerce, creates standards
and guidelines pertaining to information security. NIST
developed Special Publication 800-53 (NIST SP 800-53) to
build on statutory responsibilities laid out in the Federal
Information Security Management Act (FISMA), Public Law
(P.L.) 107-347, which is a federal law that requires U.S.
government agencies to create, review, and report on
agency-wide practices that prioritize information security.
NIST 800-53 mandates specific security and privacy controls
required for federal government and critical infrastructure.
Through an independent, third-party assessment, Google
Cloud has received an attestation letter confirming that a
subset of our Google Cloud Platform and Google Workspace
services are operating in compliance with NIST 800-53