CASA assessment #16192
Description
You are required to complete a CASA security assessment for your application (project number: 996125414232) by the following date: 2024-06-04. This assessment is required annually; to learn more, please visit the CASA website.
CASA assessment is done on a "first-come-first-serve" basis. This can take up to 6 weeks depending on how engaged and responsive you are in the whole process. Hence we strongly suggest you get started with the assessment as soon as possible. To know how, please read the instructions below.
You have the following options to complete your assessment:
1 - Tier 2 Self Scan Using CASA Portal Built-in Scanning
Register or log-in to the CASA portal and initiate your security assessment
Follow the instruction on the portal to package your application for scanning
Fix all CWEs flagged by your scan
Fill out the CASA questionnaire on the portal
Receive the results and validation report in the CASA portal
The CASA portal will automatically share the Letter of Validation with Google
2 - Tier 2 Self Scan Using Open Source Tool
Register or log-in to the CASA portal and initiate your security assessment
Follow the CASA Tier 2 procedures to self scan your application
Fix all CWEs flagged by your scan
Submit your scan results and fill out the CASA questionnaire on the portal
Receive the results and validation report in the CASA portal
The CASA portal will automatically share the Letter of Validation with Google
3 - Tier 2 Self Scan Using Commercial Tools
Follow the CASA Tier 2 procedures to self scan your application using commercial pre-approved tools
Fix any high severity CWEs flagged by your scan
Register or log-in to the CASA portal and initiate your security assessment
Submit your scan results and fill out the CASA questionnaire on the portal
Receive the results and validation report in the CASA portal
The CASA portal will automatically share the Letter of Validation with Google.
You can use any CWE-compatible app scanning tool(s) that meet the CASA scan requirements.
4 - Tier 2 Authorized Lab Scan
Alternatively, we worked with the CASA authorized labs to provide a low cost Tier 2 alternative for developers who want to work with a lab to conduct the assessment. Contact any CASA authorized lab to conduct your Assessment.
NOTE: If you opt to complete a Tier 2 assessment with a CASA authorized lab, you are not required to initiate an assessment on the CASA portal and fill out the questionnaire.
5 - Tier 3 CASA Assessment
You can also opt-in to complete a [Tier 3 assessment](https://appdefensealliance.dev/casa/casa-tiering#:~:text=Tier%203%20(Lab,Authorized%20Lab%20Verified) by contacting one of the CASA authorized labs. CASA Tier 3 is a comprehensive assessment that tests the application, the application deployment infrastructure and any user data storage location.
Tier 3 assessments have the following benefits:
Conducted and validated by the authorized labs giving your application high assurance of compliance with CASA standard
If your application is listed on the Google WorkSpace Marketplace you will receive an independent security verification badge
NOTE: If you opt to complete a Tier 2 or Tier 3 assessment with a CASA authorized lab, you are not required to initiate an assessment on the CASA portal and fill out the questionnaire.
6 - CASA Support and Extension Requests
If you have any questions on the Tier 2 Self Scan assessment or need a due date extension, please register or log-in to the CASA portal and use the portal messaging feature to contact the assessor for support.
For any questions on the Tier 2 or Tier 3 Authorized Lab Scan/Assessment, or if you need a due date extension, please reach out to your CASA authorized lab.
Useful resources
Refer to the following documentation for more information:
CASA Website
CASA Tiering
Tier 2 Process
Other Tiers Process