Hi there,
while moving our app Google API to production (that we use for modify access to Gmail), Google has requested that we obtain a CASA (Cloud Application Security Assessment) Tier 2 Certification.
Has anyone gone through the process and obtain such certification?
Below the message we got from Google requesting that we get certified.
Hello Google Developer,
Thank you for your patience while we reviewed your submission for project xxx. We need you to address the following items for us to continue your app’s verification:
You are required to complete a CASA Tier 2 security assessment for your application (project number: xxx) by the following date: 2024-10-16. This assessment is required annually; to learn more, please visit the CASA website.
CASA assessment is done on a “first-come-first-serve” basis. This can take up to 6 weeks depending on how engaged and responsive you are in the whole process.Hence we strongly suggest you get started with the assessment as soon as possible. To know how, please read the instructions below.
You have the following options to complete your assessment:
#### 1 - Tier 2 Authorized Lab Scan
For your Tier 2 CASA assessment you may contact our CASA authorized preferred partner TAC Security, with whom we have negotiated a discounted rate for Tier 2 CASA assessments. Alternatively, you may also contact any other CASA authorized lab to conduct your Tier 2 CASA Assessment.
#### 2 - Tier 3 CASA Assessment
You can also opt-in to complete a [Tier 3 assessment](Hiérarchisation CASA | App Defense Alliance, by contacting CASA authorized TAC Security, or any other CASA authorized lab.
CASA Tier 3 is a comprehensive assessment that tests the application, the application deployment infrastructure and any user data storage location.
Tier 3 assessments have the following benefits:
** Conducted and validated by the authorized labs giving your application high assurance of compliance with CASA standard*
** If your application is listed on the Google WorkSpace Marketplace you will receive an independent security verification badge*
For any questions on the Tier 2 or Tier 3 Authorized Lab Scan/Assessment, or if you need a due date extension, please reach out to your CASA authorized lab.
### Useful resources
Refer to the following documentation for more information:
** CASA Website*
** CASA Tiering*
** Other Tiers Process*
Important! Once you have addressed the issues above, reply directly to this email to confirm. You must reply to this email after fixing the highlighted issues to continue with the app verification process.
Need to make changes to your verification request?
Please make direct changes on the Cloud Console. Save and submit the changes when finished.
No longer need access to these scopes?
Please reply to this email to cancel the verification request.
Need other help?
For more information on OAuth Verification, you can read the terms or policies for the APIs or products your app uses, as well as the following resources:
** Link to OAuth Verification FAQ*
Thank you,
The Third Party Data Safety Team