Starting February 11, 2026, the Security Command Center Standard tier will bemigrated to a new set of capabilities. For a summary of thedifferences, seeDifferences between Standard and Standard-legacy tiers.To see the services that are available in each tier, seeService tiercomparison.

After Security Command Center Standard is migrated, some organizations andprojects that are using the Standard tier will see new features and an update tothe supporteddetection services.

In addition, Security Command Center Standard will be automatically activated insome organizations where it isn't yet activated and that don't havedata residency requirements.

The Standard tier migration and auto-activation process will occur over multiplemonths. This document provides more information and describes what to expectduring the Standard tier migration and auto-activation process.

Differences between Standard and Standard-legacy tiers

This section explains the differences in capabilities between the Standard andStandard-legacy tiers.

The following features are now available in the Standard tier:

• Compliance Manager
• Data Security Posture Management
• Vulnerability Assessment for Google Cloud
• Mandiant CVE assessments

The following Standard-legacy tier features aren't supported in theStandard tier:

• Sensitive Data Protection discovery service
• Web Security Scanner custom scans

A modified set of Security Health Analytics capabilities is available in the Standard tier.For more information, seeSecurity Health Analytics detectors migrated to Compliance Manager controls.

To view the services and features available with all tiers, seeSecurity Command Center service tiers.

Overview of the Standard tier migration and auto-activation process

You might see the new features in your Security Command Center Standard activation ifone of the following applies to your organization:

• The Security Command Center Standard tier is already activated in yourorganization and the Premium tier isn't activated on any project in theorganization.
• The Security Command Center Standard tier is already activated for any projectin the organization. You will see the new Security Command Center Standardtier capabilities in those projects.

Security Command Center Standard tier might be automatically activated atthe organization level in the global region if Security Command Center hasn't beenactivated at the organization level, and both of the following scenarios apply:

• The Premium tier isn't activated on any project within the organization.
• The organization doesn't have data residency requirements, meaning itdoesn't restrict resource locations using theresource locations constraint.

If you don't have Security Command Center activated in your organization, and the Standard tierisn't activated automatically, you can activate Security Command Center Standard manually.You get Security Command Center Standard-legacy features initially. Your organizationwill be migrated to the new Standard tier features at a later date.

After your organization or project is automatically migrated to new Standardtier features, the unsupported Standard-legacy tier services are disabled.

During manual activation, you specify the global region or one of the supportedjurisdictions. For information, seeData residency considerations after the Standard tier is auto-activated.

Organizations that aren't included in this change

If your organization has any of the following configurations, your organizationisn't automatically activated with the Security Command Center Standard tier:

• Your organization has an Enterprise tier activation.

• Your organization has a Premium tier activation at either the organization levelor project level. This type of activation includes the following:

  • Your organization has the Standard tier activated at the organization leveland the Premium tier activated on any project. These organizations continueto see Standard-legacy features.

  • Your organization doesn't have any Security Command Center tier activated at theorganization level and has the Premium tier activated on one or more projects.Security Command Center Standard isn't automatically activated in these organizations.To get Security Command Center Standard, you can activate it manually.

• Your organization doesn't have any Security Command Center tier activated at theorganization level and has data residency requirements, identified by atleast one organization policy that restricts resource locations using aresource locations constraint.Security Command Center Standard isn't automatically activated in these organizationsand must be activated manually.

For information about how to activate the Standard tier manually, seeActivate Security Command Center Standard tier for an organization.

Changes to organizations that are included in this change

The following sections describe changes and additional configuration if yourorganization is enabled with Standard tier features. This scenario includes the followingscenarios:

• You were using the Standard tier before February 11, 2026, andthe features were migrated to the new set of capabilities.

• Your organization was automatically activated with the Standard tier.

• You manually activated the Standard tier after February 11, 2026, andthen your organization was migrated to the new set of capabilities.

Changes in Google Cloud console

The first time you access Security Command Center after the organization is migrated to thenew Standard tier features, you will see theSecurity insights are now enabled at no additional cost prompt. If you clickClose this prompt doesn't reappear.

You can access the following in the Google Cloud console:

• Data dashboard on theRisk Overviewpage
• Compliance page

Some features on these pages are disabled because the service that providesdata must be manually enabled or configured.

For information about how to use Security Command Center, seeUse Security Command Center in the Google Cloud console.

There might be a delay before data appears on these pages. To learn more, seeWhen to expect findings in Security Command Center.

Services that aren't automatically enabled

The Standard tier migration and auto-activation process enables some servicesautomatically. The following services in the Standard tier might require that youenable them manually or perform additional configuration:

• Vulnerability Assessment for Google Cloud:

  • If the Standard tier is newly activated in your organization, you mustenable this service manually.

  • If your organization was migrated from the Standard-legacy tier tothe Standard tier, this service is enabled automatically.

• Model Armor: If you weren't usingModel Armor before the automatic activation, you must performadditional configuration.

Services that are automatically enabled generate findings that are based on theindividual scan frequency of each service. A delay might occur before scansstart for some services. To learn more, seeWhen to expect findings in Security Command Center.

Data residency considerations after the Standard tier is auto-activated

After Security Command Center Standard is automatically activated in your organization,we recommend that you enable Vulnerability Assessment for Google Cloud.

If Security Command Center Standard was automatically activated in your organization,and then you enable anorganization policy that restricts resource location,Security Command Center might be automatically deactivated within seven days after the policyis deployed.

Organizations aren't automatically deactivated in the following scenarios:

• You enabled Vulnerability Assessment for Google Cloud after the automatic activation and before deployingan organization policy that restricts resource location.
• You upgraded the organization to the Premium tier or Enterprise tier after theautomatic activation.

If Security Command Center is automatically deactivated, existing findings remain storedand unchanged in the global region until they are deleted as defined in theData retention for findings policy.You cannot access these findings unless you reactivate Security Command Center in the globalregion.

To continue using Security Command Center, you must re-activate Security Command Center manually. For instructions,seeActivate Security Command Center Standard tier for an organization.

When you manually activate Security Command Center, you choose the data residencyconfiguration. If you don't enable data residency, Security Command Center is activatedin the global region and you can access the previously created findings becausethey are stored in the global region.

When you enable data residency, you also configuresupported data locations.

If you enable data residency, you can't access previously created findingsbecause they are stored in the global region and you configured a specific datalocation.

During manual activation, Security Command Center doesn't restrict your dataresidency configuration when the configuration conflicts with organization policiesthat limit resource locations.

Security Health Analytics detectors are migrated to Compliance Manager controls

On the Standard tier, most Security Health Analytics detectors are migrated toCompliance Manager controls in theSecurity Essentials framework.The Compliance Manager version of these controls also generate findingsfor the equivalent security scenarios.

Security Health Analytics is enabled and all detectors continue to generate findings, butfindings created by a Security Health Analytics detector that has an equivalent Compliance Managercontrol are labeled with the field-value identifier:launch_state="LAUNCH_STATE_DEPRECATED".

A subset of Security Health Analytics detectors aren't migrated to Compliance Managercontrols. Security Health Analytics generates findings from these detectors and they don'thave thelaunch_state field set toLAUNCH_STATE_DEPRECATED.

The Security Essentials framework in Compliance Manager includesadditional controls, beyond those that were migrated from Security Health Analytics. To seeall available controls, selectCompliance>Monitor New tab,and then theSecurity Essentials framework in theFrameworks panel.

For information about which detectors are migrated to Compliance Managerand which Google Cloud console pages let you investigate findings that aregenerated by each detector, seeSecurity Health Analytics features by tier.

Status of findings created by services that are no longer supported

Findings created by Standard-legacy tier services that aren't supported inthe Standard tier are retained until they are deleted as defined in theData retention for findings policy.

Service behavior when you reach the Standard tier feature limits

Certain services might have a limit on usage. When you reach that limit, youmight be prompted to upgrade tiers. For information about the behavior when youreach the limit, see the documentation specific to that service.

Update your integrations with other applications

If you ingest findings from Security Command Center to other services using the API, youmight see the following newly available sources:

• Compliance Evaluation Service
• Vulnerability Assessment

Update your ingestion scripts to accept data from these sources.

If you use a search query in another application to view Security Health Analytics findingsingested from Security Command Center, such as in Google Security Operations, and you want toremove findings created by Security Health Analytics detectors that are migrated to Compliance Manager,update the search query to add a term that isequivalent to this Security Command Center finding query term:

AND NOT launch_state="LAUNCH_STATE_DEPRECATED"

For more information, seeSecurity Health Analytics detectors are migrated to Compliance Manager controls.

What's next

• Review the features available in theSecurity Command Center Standard tier.

• Work withSecurity Command Center Standard tier in Google Cloud console.