Mantieni tutto organizzato con le raccolte
Salva e classifica i contenuti in base alle tue preferenze.
Concetti fondamentali
Assured Workloads offre agli Google Cloud utenti la possibilità di
applicare controlli a una cartella per supportare i requisiti normativi, regionali o di sovranità. Questa pagina fornisce informazioni sui componenti chiave.
Cartelle Assured Workloads
Una cartella Assured Workloads è il limite normativo di livello più alto per i tuoi carichi di lavoro. Ogni cartella Assured Workloads è configurata con controlli (applicati attivamente) che soddisfano i requisiti normativi del pacchetto di controllo selezionato. Le cartelle Assured Workloads sono anche il contenitore per le tue risorse che devono ottemperare a questi requisiti, come i progetti che contengono i tuoi carichi di lavoro. Le cartelle Assured Workloads e le relative risorse sono
monitorate costantemente per verificarne l'ottemperanza ai requisiti di conformità.
Ad esempio, se devi soddisfare i requisiti normativi per il livello di impatto 4
(IL4), devi
creare una cartella Assured Workloads
per IL4, quindi creare o eseguire la migrazione
di progetti e risorse nella cartella Assured Workloads. All'interno della
cartella, questi progetti verranno configurati per applicare i requisiti
normativi di IL4 e riceverai una notifica se le risorse non sono conformi.
Per assicurarti che tutte le risorse della tua organizzazione siano conformi a un pacchetto di controllo specifico, puoi creare una cartella Assured Workloads come principale per tutte le altre cartelle, i progetti e le risorse. Se la cartella di primo livello è una cartella Assured Workloads, i relativi controlli verranno ereditati da tutte le risorse figlio nella Google Cloud gerarchia delle risorse.
Per saperne di più, consulta
Come impostare i controlli di conformità per la tua Google Cloud organizzazione.
Progetto di gestione delle chiavi Assured Workloads
A seconda del pacchetto di controllo selezionato, Assured Workloads può anche creare un progetto di gestione delle chiavi all'interno della cartella Assured Workloads per archiviare le chiavi di crittografia CMEK. Avere un progetto per le chiavi e un altro per le risorse consente di stabilire la separazione dei compiti tra gli amministratori della sicurezza e gli sviluppatori.
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-09-01 UTC."],[[["\u003cp\u003eAssured Workloads enables Google Cloud users to apply controls to folders, helping meet regulatory, regional, or sovereign requirements.\u003c/p\u003e\n"],["\u003cp\u003eAn Assured Workloads folder serves as the primary regulatory boundary, enforcing controls from a chosen control package and housing compliant resources.\u003c/p\u003e\n"],["\u003cp\u003eAssured Workloads folders and their resources are continuously monitored to ensure adherence to the specified compliance requirements.\u003c/p\u003e\n"],["\u003cp\u003eBy creating an Assured Workloads folder as the top-level parent, its controls are inherited by all child resources in the Google Cloud hierarchy.\u003c/p\u003e\n"],["\u003cp\u003eAssured Workloads can generate a separate key management project within the folder to store CMEK encryption keys, ensuring separation of duties between security administrators and developers.\u003c/p\u003e\n"]]],[],null,["# Key concepts\n============\n\nAssured Workloads provides Google Cloud users with the ability to\n[apply controls](/assured-workloads/docs/control-packages) to a folder in\nsupport of regulatory, regional, or sovereign requirements. This\npage provides information about its key components.\n\nAssured Workloads folders\n-------------------------\n\nAn Assured Workloads folder is the top-level regulatory boundary for\nyour workloads. Each Assured Workloads folder is configured with (and\nactively enforces) controls that meet the selected\n[control package's](/assured-workloads/docs/control-packages) regulatory\nrequirements. Assured Workloads folders are also the container for your\nresources that must adhere to those requirements, such as projects that contain\nyour workloads. Assured Workloads folders and their resources are\nconstantly [monitored](/assured-workloads/docs/monitor-folder) for adherence to\ncompliance requirements.\n\nFor example, if you need to meet the regulatory requirements for Impact Level 4\n(IL4), you would\n[create an Assured Workloads folder](/assured-workloads/docs/create-folder)\nfor IL4, and then create or [migrate](/assured-workloads/docs/migrate-workload)\nprojects and resources to that Assured Workloads folder. Inside the\nfolder, those projects will be configured to enforce IL4's regulatory\nrequirements, and you will be notified if any resources fall out of compliance.\n\nTo ensure that all of your organization's resources are compliant with a\nspecific control package, you can create an Assured Workloads folder\nas the parent for all of your other folders, projects, and resources. By making\nthe top-level folder an Assured Workloads folder, its controls will\nbe inherited by all child resources in the\n[Google Cloud resource hierarchy](/resource-manager/docs/cloud-platform-resource-hierarchy).\nFor more information, see\n[How to set compliance controls for your Google Cloud organization](/blog/products/identity-security/how-to-set-compliance-controls-for-your-google-cloud-organization).\n| **Note:** Any Assured Workloads environment created before the introduction of Assured Workloads folders continues to be supported. Although it is not required, we recommend that you migrate to Assured Workloads folders if it is possible to do so.\n\nAssured Workloads key management project\n----------------------------------------\n\nDepending on the control package you select, Assured Workloads can\nalso create a **key management project** inside the Assured Workloads\nfolder to store your CMEK encryption keys. Having one project for keys and\nanother for resources establishes\n[separation of duties](/kms/docs/separation-of-duties) between security\nadministrators and developers.\n\nWhat's next\n-----------\n\n- Learn how to [create an Assured Workloads folder](/assured-workloads/docs/create-folder).\n- Learn which [products are supported](/assured-workloads/docs/supported-products) for each control package.\n- Learn how to [migrate a workload](/assured-workloads/docs/migrate-workload)."]]
