This document includes the best practices and guidelines for Organization Policy Service when running generative AI workloads on Google Cloud. Use Organization Policy with Vertex AI to centrally manage and enforce policies across your Google Cloud environment. Organization Policy helps to ensure consistent configuration and security compliance across the projects and resources within your organization.
Required Organization Policy controls
The following controls are strongly recommended when using Organization Policy.
Configure separation of duties for organization policy administrators
Google control ID
OPS-CO-6.1
Category
Required
Description
Assign the Organization Policy Administrator (
roles/orgpolicy.policyAdmin
) role to groups that are accountable for the security posture of the Google Cloud organization. To avoid resource creation that violates security policy, don't assign this role to project owners.Applicable products
- IAM
- Organization Policy Service
Related NIST-800-53 controls
- AC-2
- AC-3
- AC-5
Related CRI profile controls
- PR.AC-1.1
- PR.AC-1.2
- PR.AC-1.3
- PR.AC-4.1
- PR.AC-4.2
- PR.AC-4.3
- PR.AC-6.1
- PR.DS-5.1
- PR.PT-3.1
