Data Boundary for Impact Level 2 (IL2)

Important: Before following the guidance on this page, we recommend that youseek independent legal advice relating to your responsibilities underData Boundary for IL2. Nothing in this document is intended to provide youwith or should be used as a substitute for legal advice.

This page describes the set of controls that are applied onData Boundary for IL2 workloads in Assured Workloads. It providesdetailed information aboutdata residency,supported Google Cloud products and their API endpoints,and any applicablerestrictions or limitations onthose products. The following additional information applies toData Boundary for IL2:

• Data residency: The Data Boundary for IL2 control package sets datalocation controls to supportUS-only regions. For more information,see theGoogle Cloud-wide organization policy constraints section.
• Support: Technical support services for Data Boundary for IL2 workloadsare available with Enhanced or PremiumCloud Customer Caresubscriptions. Data Boundary for IL2 workloads support cases are routed toUS Persons located in the US. For more information, seeGetting support.
• Pricing: The Data Boundary for IL2 control package is included inAssured Workloads'Premium tier, which incurs an additional 20%charge. For more information, seeAssured Workloads pricing.

Prerequisites

To use the Data Boundary for IL2 control package, you must meet the followingprerequisites to remain compliant:

• Create a Data Boundary for IL2 folder using Assured Workloads anddeploy your IL2 workloads only in that folder.
• Only enable and usein-scope services forData Boundary for IL2 workloads.
• Don't change the default organization policy constraint values unless youunderstand and are willing to accept the data residency risks that mightoccur.
• For all services used in a Data Boundary for IL2 folder, don't storetechnical data in the following user-defined or security configurationinformation types:
  • Error messages
  • Console output
  • Attribute data
  • Service configuration data
  • Network packet headers
  • Resource identifiers
  • Data labels
• Consider adopting the general security best practices provided in theGoogle Cloud security best practices center.
• Review theU.S. Department of Defense (DoD) Provisional Authorizationpage for additional information about deploying IL2 workloads inGoogle Cloud.
• When accessing the Google Cloud console, you have the option of using theJurisdictional Google Cloud console.You are not required to use the Jurisdictional Google Cloud console forData Boundary for IL2. It can be accessed at one of the following URLs:
  • console.us.cloud.google.com
  • console.us.cloud.google for federatedidentity users

Supported products and API endpoints

Unless otherwise noted, users can access all supported products through the Google Cloud console.Restrictions or limitations that affect the features of a supported product, including those thatare enforced throughorganization policy constraint settings,are listed in the following table.

If a product is not listed, that product is unsupported and has not met the controlrequirements for Data Boundary for IL2. Unsupported products are not recommended for usewithout due diligence and a thorough understanding of your responsibilities in theshared responsibility model.Before using an unsupported product, ensure that you are aware of and are willing to accept anyassociated risks involved, such as negative impacts to data residency or data sovereignty.Additionally, review any usage of an unsupported product with your authorizing agency prior toaccepting the risk.

Unsupported products may share an API service endpoint with supported products,making them available to all users.

Supported product	API endpoints	Restrictions or limitations
Access Context Manager	accesscontextmanager.googleapis.com	None
Agent Assist	dialogflow.googleapis.com	None
AlloyDB for PostgreSQL	alloydb.googleapis.com	None
Config Management	anthosconfigmanagement.googleapis.com	None
API keys	apikeys.googleapis.com	None
Apigee	apigee.googleapis.com	None
App Engine	appengine.googleapis.com	None
Application Integration	integrations.googleapis.com	None
Artifact Analysis	containeranalysis.googleapis.com	None
Artifact Registry	artifactregistry.googleapis.com	None
Assured Open Source Software (Assured OSS)	assuredoss.googleapis.com	None
Backup for GKE	gkebackup.googleapis.com	None
BigQuery	bigquery.googleapis.com bigqueryconnection.googleapis.com bigquerydatapolicy.googleapis.com bigquerymigration.googleapis.com bigqueryreservation.googleapis.com bigquerystorage.googleapis.com	Affected features andorganization policy constraints
BigQuery Data Transfer Service	bigquerydatatransfer.googleapis.com	None
Bigtable	bigtable.googleapis.com bigtableadmin.googleapis.com	None
Binary Authorization	binaryauthorization.googleapis.com	None
Certificate Authority Service	privateca.googleapis.com	None
Certificate Manager	certificatemanager.googleapis.com	None
Google Cloud Armor	compute.googleapis.com	None
Cloud Asset Inventory	cloudasset.googleapis.com	None
Cloud Billing API	billingbudgets.googleapis.com cloudbilling.googleapis.com	None
Cloud Build	cloudbuild.googleapis.com	None
Cloud Composer	composer.googleapis.com	None
Cloud DNS	dns.googleapis.com	None
Cloud Data Fusion	datafusion.googleapis.com	None
Cloud Deploy	clouddeploy.googleapis.com	None
Cloud External Key Manager (Cloud EKM)	cloudkms.googleapis.com	None
Cloud Run functions	cloudfunctions.googleapis.com	Organization policy constraints
Cloud HSM	cloudkms.googleapis.com	None
Cloud Identity	cloudidentity.googleapis.com	None
Cloud Interconnect	compute.googleapis.com	Affected features
Cloud Intrusion Detection System	ids.googleapis.com	None
Cloud Key Management Service (Cloud KMS)	cloudkms.googleapis.com	None
Cloud Load Balancing	compute.googleapis.com	None
Cloud Logging	logging.googleapis.com	Affected features
Cloud Monitoring	monitoring.googleapis.com	Affected features
Cloud NAT	compute.googleapis.com	None
Cloud Next Generation Firewall Essentials	compute.googleapis.com networksecurity.googleapis.com	None
Cloud Next Generation Firewall Standard	compute.googleapis.com networksecurity.googleapis.com	None
Cloud Router	compute.googleapis.com	None
Cloud Run	run.googleapis.com	Affected features
Cloud SQL	sqladmin.googleapis.com	None
Cloud Service Mesh	mesh.googleapis.com meshca.googleapis.com meshconfig.googleapis.com trafficdirector.googleapis.com	None
Cloud Storage	storage.googleapis.com	None
Cloud Tasks	cloudtasks.googleapis.com	None
Cloud Translation	translation.googleapis.com	None
Cloud VPN	compute.googleapis.com	Affected features
Cloud Vision API	vision.googleapis.com	None
Cloud Workstations	workstations.googleapis.com	Affected features
Compute Engine	compute.googleapis.com	Affected features andorganization policy constraints
Connect	connectgateway.googleapis.com gkeconnect.googleapis.com	None
Dialogflow CX	dialogflow.googleapis.com	None
Customer Experience Insights	contactcenterinsights.googleapis.com	None
Dataflow	dataflow.googleapis.com datapipelines.googleapis.com	None
Dataform	dataform.googleapis.com	None
Dataplex Universal Catalog	dataplex.googleapis.com datalineage.googleapis.com	Affected features
Dataproc	dataproc-control.googleapis.com dataproc.googleapis.com	None
Document AI	documentai.googleapis.com	None
Eventarc	eventarc.googleapis.com	None
Filestore	file.googleapis.com	None
Firebase Rules	firebaserules.googleapis.com	None
Firestore	firestore.googleapis.com	None
GKE Hub	gkehub.googleapis.com	None
GKE Identity Service	anthosidentityservice.googleapis.com	None
Generative AI on Vertex AI	aiplatform.googleapis.com	None
Google Cloud Marketplace	N/A	None
Google Cloud App	N/A	None
Google Kubernetes Engine	container.googleapis.com containersecurity.googleapis.com	None
Google Security Operations SIEM	chronicle.googleapis.com chronicleservicemanager.googleapis.com	None
Google Security Operations SOAR	N/A	None
Google Admin console	N/A	None
Identity and Access Management (IAM)	iam.googleapis.com policytroubleshooter.googleapis.com	None
Identity-Aware Proxy (IAP)	iap.googleapis.com	None
Infrastructure Manager	config.googleapis.com	None
Integration Connectors	connectors.googleapis.com	None
Looker (Google Cloud core)	looker.googleapis.com	None
Memorystore	redis.googleapis.com	None
Network Connectivity Center	networkconnectivity.googleapis.com	None
Network Intelligence Center	networkmanagement.googleapis.com	None
Organization Policy Service	orgpolicy.googleapis.com	None
Persistent Disk	compute.googleapis.com	None
Pub/Sub	pubsub.googleapis.com	Organization policy constraints
Resource Manager	cloudresourcemanager.googleapis.com	None
Secret Manager	secretmanager.googleapis.com	None
Secure Source Manager	securesourcemanager.googleapis.com	None
Secure Web Proxy	networkservices.googleapis.com networksecurity.googleapis.com	None
Security Command Center	containerthreatdetection.googleapis.com securitycenter.googleapis.com securitycentermanagement.googleapis.com securityposture.googleapis.com websecurityscanner.googleapis.com	None
Sensitive Data Protection	dlp.googleapis.com	None
Serverless VPC Access	vpcaccess.googleapis.com	None
Service Directory	servicedirectory.googleapis.com	None
Spanner	spanner.googleapis.com	None
Speech-to-Text	speech.googleapis.com	None
Text-to-Speech	texttospeech.googleapis.com	None
VPC Service Controls	accesscontextmanager.googleapis.com	None
Vertex AI Model Registry	aiplatform.googleapis.com	None
Vertex AI Search	discoveryengine.googleapis.com	None
Vertex AI Vector Search	aiplatform.googleapis.com	None
Vertex AI Workbench	aiplatform.googleapis.com notebooks.googleapis.com	None
Vertex AI batch prediction	aiplatform.googleapis.com	None
Vertex ML Metadata	aiplatform.googleapis.com	None
Vertex AI Model Monitoring	aiplatform.googleapis.com	None
Vertex AI online prediction	aiplatform.googleapis.com	None
Vertex AI Pipelines	aiplatform.googleapis.com	None
Vertex AI Structured Data	aiplatform.googleapis.com	None
Vertex AI Training	aiplatform.googleapis.com	None
Video Intelligence API	videointelligence.googleapis.com	None
Virtual Private Cloud (VPC)	compute.googleapis.com	None
Web Risk	webrisk.googleapis.com	None
Workload Identity Federation	iam.googleapis.com sts.googleapis.com	None

Restrictions and limitations

The following sections describe Google Cloud-wide or product-specific restrictions or limitationsfor features, including any organization policy constraints that are set by default onData Boundary for IL2 folders. Other applicable organization policy constraints —even ifnot set by default— can provide additional defense-in-depth to further protect yourorganization's Google Cloud resources.

We strongly recommend not changing the values of the required organizationpolicy constraints listed in the following sections. Doing so may undermine data residency. Whensuch a change has been made, the effects of the change are difficult or impossible to reverse.Ensure that you understand the ramifications of changing an organization policy constraint's valuebefore proceeding, and review any such changes with your authorizing agency prior to making thechange.

Additionally, ensure that any automated mechanisms your organization usesto manage organization policies are updated to prevent these values from being changedunintentionally.

Google Cloud-wide

Google Cloud-wide organization policy constraints

The followingorganization policy constraints apply across Google Cloud.

Organization policy constraint	Description
gcp.resourceLocations	Set to the following locations in theallowedValues list: us us-central1 us-central2 us-east1 us-east4 us-east5 us-south1 us-west1 us-west2 us-west3 us-west4 This value restricts creation of new resources to the selected values. When set, no resources can be created in any other regions, multi-regions, or locations outside of the selection. SeeResource locations supported services for a list of resources that can be restricted by the Resource Locations organization policy constraint, as some resources may be out of scope and cannot be restricted. Changing this value by making it less restrictive potentially undermines data residency by allowing data to be created or stored outside of a compliant data boundary.
gcp.restrictCmekCryptoKeyProjects	Set tounder:organizations/your-organization-name, which is your Assured Workloads organization. You can further restrict this value by specifying a project or folder. Limits the scope of approved folders or projects that can provideCloud KMS keys for encrypting at-rest data using CMEK. This constraint prevents unapproved folders or projects from providing encryption keys, thus helping to guarantee data sovereignty for in-scope services' at-rest data.
gcp.restrictNonCmekServices	Set to a list of all in-scopeAPI service names, including: bigquerydatatransfer.googleapis.com Some features may be affected for each of the services listed above. Each listed service requiresCustomer-managed encryption keys (CMEK). CMEK encrypts at-rest data with a key managed by you, not Google's default encryption mechanisms. Changing this value by removing one or more in-scope services from the list may undermine data sovereignty, because new at-rest data will be automatically encrypted using Google's own keys instead of yours. Existing at-rest data will remain encrypted by the key you provided.
gcp.restrictServiceUsage	Set to allow allsupported products and API endpoints. Determines which services can be used by restricting runtime access to their resources. For more information, seeRestricting resource usage.
gcp.restrictTLSVersion	Set to deny the following TLS versions: TLS_1_0 TLS_1_1 For more information, seeRestrict TLS versions.

BigQuery

Affected BigQuery features

Feature	Description
Enabling BigQuery on a new folder	BigQuery is supported, but it isn't automatically enabled when you create a newAssured Workloads folder due to an internal configuration process. This process normallyfinishes in ten minutes, but can take much longer in some circumstances. To check whether theprocess is finished and to enable BigQuery, complete the following steps: In the Google Cloud console, go to theAssured Workloads page. Go to Assured Workloads Select your new Assured Workloads folder from the list. On theFolder Details page in theAllowed services section, clickReview Available Updates. In theAllowed services pane, review the services to be added to theResource Usage Restriction organization policy for the folder. If BigQuery services are listed, clickAllow Services to add them. If BigQuery services are not listed, wait for the internal process to complete. If the services are not listed within 12 hours of folder creation, contactCloud Customer Care. After the enablement process is completed, you can use BigQuery in your Assured Workloads folder. Gemini in BigQuery is not supported by Assured Workloads.
Unsupported features	The following BigQuery features are not supported and should not be used in the BigQuery CLI. It is your responsibility not to use them in BigQuery for Assured Workloads. Interaction with remote data sources Externally-trained BQML models are not supported. Internally-trained BQML models are supported. Dynamic data masking GDrive export Remote functions Saved queries Workflow scheduling For BigQuery Studio,notebooks are unsupported. Gemini in BigQuery is not supported.
BigQuery CLI	The BigQuery CLI is supported.
Google Cloud SDK	You must use Google Cloud SDK version 403.0.0 or newer to maintain data regionalization guarantees for technical data. To verify your current Google Cloud SDK version, rungcloud --version and thengcloud components update to update to the newest version.
Administrator controls	BigQuery will disable unsupported APIs but administrators with sufficient permissions to create an Assured Workloads folder can enable an unsupported API. If this occurs, you will be notified of potential non-compliance through theAssured Workloads monitoring dashboard.
Loading data	BigQuery Data Transfer Service connectors for Google Software as a Service (SaaS) apps, external cloud storage providers, and data warehouses are not supported. It is your responsibility not to use BigQuery Data Transfer Service connectors for Data Boundary for IL2 workloads.
Third-party transfers	BigQuery doesn't verify support for third-party transfers for the BigQuery Data Transfer Service. It is your responsibility to verify support when using any third-party transfer for the BigQuery Data Transfer Service.
Non-compliant BQML models	Externally-trained BQML models are not supported.
Query jobs	Query jobs should only be created within Assured Workloads folders.
Queries on datasets in other projects	BigQuery doesn't prevent Assured Workloads datasets from being queried from non-Assured Workloads projects. You should ensure that any query that has a read or a join on Assured Workloads data be placed in an Assured Workloads folder. You can specify afully-qualified table name for their query result usingprojectname.dataset.table in the BigQuery CLI.
Cloud Logging	BigQuery utilizes Cloud Logging for some of your log data. You should disable your_default logging buckets or restrict_default buckets to in-scope regions to maintain compliance using the following command: gcloud alpha logging settings update --organization=ORGANIZATION_ID --disable-default-sink For more information, seeRegionalize your logs.

Cloud Interconnect

Affected Cloud Interconnect features

Feature	Description
High-availability (HA) VPN	You must enable high-availability (HA) VPN functionality when using Cloud Interconnect with Cloud VPN. Additionally, you must adhere to the encryption and regionalization requirements listed in theAffected Cloud VPN features section.

Cloud Logging

Affected Cloud Logging features

To use Cloud Logging with Customer-managed encryption keys (CMEK), you must complete the steps in theEnable CMEK for an organization page in the Cloud Logging documentation.

Feature	Description
Log sinks	Filters shouldn't contain Customer Data. Log sinks include filters which are stored as configuration. Don't create filters that contain Customer Data.
Live tailing log entries	Filters shouldn't contain Customer Data. A live tailing session includes a filter which is stored as configuration. Tailing logs doesn't store any log entry data itself, but can query and transmit data across regions. Don't create filters that contain Customer Data.

Cloud Monitoring

Affected Cloud Monitoring features

Feature	Description
Synthetic Monitor	This feature is disabled.
Uptime checks	This feature is disabled.

Cloud Run

Affected Cloud Run features

Feature	Description
Unsupported features	The following Cloud Run features aren't supported: Cloud Trace integration Cloud Run functions Eventarc triggers

Cloud VPN

Affected Cloud VPN features

Feature	Description
VPN endpoints	You must use only Cloud VPN endpoints that are located in an in-scoperegion. Ensure that your VPN gateway is configured for use in an in-scope region only.

Cloud Workstations

Affected Cloud Workstations features

Feature

Description

Creating a workstation cluster

When creating a workstation cluster, it is your responsibility to configure it in the following way to ensure data residency: Select only aPrivate gateway when creating a workstation cluster. Using a private gateway provides data residency in transit. Use only aregional external Application Load Balancer when setting up acustom domain. Using a regional external Application Load Balancer provides data residency in transit.

Compute Engine

Affected Compute Engine features

Feature	Description
Suspending and resuming a VM instance	This feature is disabled. Suspending and resuming a VM instance requires persistent disk storage, and persistent disk storage used for storing the suspended VM state cannot currently be encrypted by using CMEK. See thegcp.restrictNonCmekServices organization policy constraint in the section above to understand the data sovereignty and data residency implications of enabling this feature.
Local SSDs	This feature is disabled. You will be unable to create an instance with Local SSDs because they cannot be encrypted by using CMEK. See thegcp.restrictNonCmekServices organization policy constraint in the section above to understand the data sovereignty and data residency implications of enabling this feature.
Adding an instance group to a global load balancer	You cannot add an instance group to a global load balancer. This feature is disabled by thecompute.disableGlobalLoadBalancing organization policy constraint.
Suspending and resuming a VM instance	This feature is disabled. Suspending and resuming a VM instance requires persistent disk storage, and persistent disk storage used for storing the suspended VM state cannot be encrypted using CMEK. This feature is disabled by thegcp.restrictNonCmekServices organization policy constraint.
Local SSDs	This feature is disabled. You will be unable to create an instance with Local SSDs because they cannot be encrypted using CMEK. This feature is disabled by thegcp.restrictNonCmekServices organization policy constraint.
Guest environment	It is possible for scripts, daemons, and binaries that are included with the guest environment to access unencrypted at-rest and in-use data. Depending on your VM configuration, updates to this software may be installed by default. SeeGuest environment for specific information about each package's contents, source code, and more. These components help you meet data sovereignty through internal security controls and processes. However, if you want additional control, you can also curate your own images or agents and optionally use thecompute.trustedImageProjects organization policy constraint. For more information, seeBuilding a custom image.
OS policies in VM Manager	Inline scripts and binary output files within the OS policy files are not encrypted using customer-managed encryption keys (CMEK). Don't include any sensitive information in these files. Consider storing these scripts and output files in Cloud Storage buckets. For more information, seeExample OS policies. If you want to restrict the creation or modification of OS policy resources that use inline scripts or binary output files, enable theconstraints/osconfig.restrictInlineScriptAndOutputFileUsage organization policy constraint. For more information, seeConstraints for OS Config.

Compute Engine organization policy constraints

Organization policy constraint	Description
compute.disableGlobalCloudArmorPolicy	Set toTrue. Disables the creation of new globalGoogle Cloud Armor security policies and the addition or modification of rules to existing global Google Cloud Armor security policies. This constraint doesn't restrict the removal of rules or the ability to remove or change the description and listing of global Google Cloud Armor security policies. Regional Google Cloud Armor security policies are unaffected by this constraint. All global and regional security policies that exist prior to the enforcement of this constraint remain in effect.
compute.disableGlobalLoadBalancing	Set toTrue. Disables creation of global load balancing products. Changing this value may affect your workload's data residency or data sovereignty.
compute.restrictNonConfidentialComputing	(Optional) Value is not set. Set this value to provide additional defense-in-depth. For more information, see theConfidential VM documentation.
compute.trustedImageProjects	(Optional) Value is not set. Set this value to provide additional defense-in-depth. Setting this value constrains image storage and disk instantiation to the specified list of projects. This value affects data sovereignty by preventing use of any unauthorized images or agents.

Dataplex Universal Catalog

Dataplex Universal Catalog features

Feature	Description
Attribute Store	This feature is deprecated and disabled.
Data Catalog	This feature is deprecated and disabled. You cannot search through nor manage your metadata in Data Catalog.
Lakes and Zones	This feature is disabled. You cannot manage lakes, zones and tasks.

Pub/Sub

Pub/Sub organization policy constraints

Organization policy constraint	Description
pubsub.managed.disableSubscriptionMessageTransforms	Set toTrue. Disables Pub/Sub subscriptions from being set withSingle Message Transforms (SMTs). Changing this value might affect your workload's data residency or data sovereignty.
pubsub.managed.disableTopicMessageTransforms	Set toTrue. Disables Pub/Sub topics from being set withSingle Message Transforms (SMTs). Changing this value may affect your workload's data residency or data sovereignty.

What's next

• Learn how tocreate an Assured Workloads folder
• UnderstandAssured Workloads pricing