Cloud Blog: Streamline auditing: Compliance Manager is now in preview

Aug 20, 2025

—

Source URL: https://cloud.google.com/blog/products/identity-security/streamline-auditing-compliance-manager-is-now-in-preview/
Source: Cloud Blog
Title: Streamline auditing: Compliance Manager is now in preview

Feedly Summary: As organizations increase their focus on security and regulatory compliance, Google Cloud is helping our customers meet these obligations by fostering better collaboration between security and compliance teams, and the wider organization they serve.
To help simplify and enhance how organizations manage security, privacy, and compliance in the cloud, we’re thrilled to announce that Google Cloud Compliance Manager is now available in preview. Integrated into Security Command Center, this new capability provides a unified platform for configuring, monitoring, and auditing security and compliance across your infrastructure, workloads, and data.
Our AI-powered approach to supporting security and compliance obligations automates monitoring, detection, and reporting, and can help reduce manual effort while improving accuracy.
The bidirectional ability to translate regulatory controls into service level configurations or technical controls, and technical controls into policies, is essential for mitigating IT risks and streamlining operations. The ability to understand and visualize this interrelation between regulations and technical guardrails can help organizations establish a unified perspective on security and compliance risks and their remediation.

Security and Compliance are interrelated.

Reducing risk with smarter compliance
Many organizations have security and compliance obligations that need to align with government, industry, and enterprise-specific requirements. Compliance Manager allows you to configure these obligations using simple yet customizable constructs, prevent misconfigurations, monitor drifts and generate evidence of conformance within the same product experience. It supports standard security and compliance benchmarks, while allowing for customization at multiple levels.
Compliance Manager is designed to address these industry needs by unifying the entire security and compliance journey into three phases: configure, monitor, and audit.

Configure: You can express and enforce your security, privacy, and compliance intent based on your needs and risk tolerance using Compliance Manager, which provides a comprehensive library of frameworks and cloud controls, addressing global security and compliance regulations across industries and sectors. You can deploy these in preventive, detective, and evidence generation modes at different granularities, including organization, folder, and projects. You can also customize standard frameworks, and create your own to meet specific organization policies and unique needs.

Monitor: To continuously monitor and generate reports against your intended posture, Compliance Manager provides near real-time visibility into your compliance status, enabling proactive identification and remediation of potential issues. You can view findings and risks, with customizable and downloadable reports.

Audit: Audit Manager helps you generate evidence of conformance to security, privacy, and compliance that can be used for internal and external audits. It can automate and simplify the audit process, help you assess workloads for compliance, gather required evidence, and provide comprehensive audit reports. The effectiveness of this audit evidence generation has been validated through our partnership with FedRAMP for the FedRAMP 20X initiative.

aside_block
), (‘btn_text’, ”), (‘href’, ”), (‘image’, None)])]>

Core constructs: Frameworks and CloudControls
Compliance Manager introduces Frameworks and CloudControls as two new platform components to express security, privacy, and compliance intent.

Frameworks are collections of technical controls that can also be mapped to regulatory controls. A framework can represent the following:

Industry-defined security and compliance standards such as CIS, CSA-CCM, SOC2, ISO 27001, NIST-800-53, FedRAMP-High, PCI-DSS, GDPR.

Google Cloud-defined security, privacy, and compliance best practices, including for AI security, data security, and cloud security.

Customer-defined collection of technical policies and controls representing company or industry best practices.

CloudControls are platform-agnostic building blocks that encapsulate the business logic for configuration (preventative mode), checks (detective mode), and evidence collection (audit mode). These controls support settings and checks for multiple resources and attributes, and can be parameterized for deployment time customizations. Customers can also write their own custom cloud controls.

Compliance Manager comes with a library of Frameworks and Cloud Controls, and we plan to add more as customer needs evolve. You can customize these framework templates or compose your own by selecting from the library Cloud Controls. You can also create custom Cloud Controls either manually or with help from Compliance Manager’s GenAI based control authoring feature, providing quick time to value.
How to get started
Compliance Manager can be accessed directly from the Compliance navigation link, located under Security in Google Cloud Console. Go to the Compliance Overview page to start using it.

Compliance Manager overview on Google Cloud Console.

We have more updates planned for Compliance Manager as we build out its robust capabilities. We value your input, and would love to incorporate your feedback into our product roadmap. You can contact us through your Google Cloud account team, or send us your feedback at compliance-manager-preview@google.com.

AI Summary and Description: Yes

Summary: The text describes Google Cloud’s introduction of the Compliance Manager, a new tool designed to assist organizations in managing their security, privacy, and compliance obligations. By automating monitoring and reporting, this solution is poised to improve compliance management while reducing manual efforts. Notably, it facilitates the translation of regulatory requirements into practical compliance measures, thus enhancing organizational risk management and operational efficiency.

Detailed Description:
The introduction of Google Cloud Compliance Manager marks a significant advancement in how organizations can approach security and compliance management in cloud environments. This tool is integrated into the Security Command Center and provides a comprehensive platform for managing various compliance frameworks and technical controls.

Key features and insights include:

– **Unified Security and Compliance Platform**:
– The Compliance Manager serves as a single platform to configure, monitor, and audit security and compliance, which streamlines the intricate processes often involved in managing these obligations.

– **AI-Powered Solutions**:
– By leveraging AI, the Compliance Manager automates vital tasks such as monitoring, detecting discrepancies, and generating compliance reports. This not only liberates resources from manual tasks but also enhances the accuracy of compliance reporting.

– **Framework and Control Structures**:
– The platform introduces two innovative components: Frameworks and CloudControls. These allow organizations to express their compliance intent tailored to specific regulatory needs:
– *Frameworks*: Collections of technical controls aligned with industry standards like ISO 27001, SOC2, and GDPR that can be customized per organizational requirements.
– *CloudControls*: These allow for customizable configurations and checks, enabling organizations to enforce and verify compliance at various levels, from organization-wide to project-specific.

– **Three Phases of Compliance Management**:
– **Configure**: Organizations can set up their security and compliance frameworks according to their risk tolerance and requirements.
– **Monitor**: Near real-time visibility helps organizations identify compliance issues proactively, enhancing their ability to mitigate risks before they escalate.
– **Audit**: Automation in audit processes helps generate necessary documentation for internal reviews and external audits, including evidence for frameworks such as FedRAMP.

– **Future Enhancements**:
– Google Cloud plans to continue evolving Compliance Manager, including incorporating customer feedback to enhance its features and usability, thus aiming for perpetual improvement in cloud compliance management.

Overall, Google Cloud’s Compliance Manager is revealing its potential to greatly enhance compliance strategies for organizations dealing with complex regulatory landscapes. By simplifying the compliance journey and integrating advanced technology, this tool is positioned as a critical asset for security and compliance professionals looking to fortify their operations in the cloud.

01 1 2 27001 3 5 53 7 800 a access account accuracy Act ads advanced advanced technology advancement age AGI agnostic AI AI security AI-powered solutions All and and Risk app art as at ated attribute audit audit evidence Audit Manager audit mode audit processes audit reports auditing Audits Auto automation based based control benchmark benchmarks Best best practices Bi building business business logic by C C2 capabilities capability CI Cloud cloud console Cloud Controls cloud environment cloud environments cloud security CloudControls co Col collaboration command Command Center compliance compliance framework compliance frameworks compliance issues compliance journey compliance management compliance measures compliance obligations compliance professionals compliance regulations compliance reporting compliance risk compliance risks compliance standards Compliance Status compliance strategies compliance teams Compose Configuration configurations Console continuous control controls core critical cross CSA Customer customizable customization customized D data data security de DeFi deployment design detection document documentation e EDR effective effectiveness efficiency end enterprise environment ERP event exp experience External External Audit feature features Fed FedR FedRAMP feedback fine following for framework frameworks future g GDPR Gen GenAI generation Global global security Go Google Google Cloud government gs Guardrails H high HR http HTTPS identity image improving in industry industry best practices industry standards infrastructure insights intent inter intern io Iron ISO 27001 issue ite J k Key l Labor land led level Li library Link load logic low M man management measures media Misconfiguration misconfigurations ML Mode Monitor monitoring multi N NCA needs new NIST no non NPU o of on one only ons operation operational operational efficiency operations organization Organization Policies organizations ory oS oss out over parameter partners partnership per platform policies porting post potential Power powered powered solutions practices pre Preview privacy pro proactive proactive identification process processes product products professionals project projects ps Q QUIC R rag rate RCE re real real-time red Regulation regulations regulatory regulatory compliance regulatory controls regulatory landscape regulatory landscapes regulatory needs regulatory requirements remediation report reporting Requirements resource resources review reviews Risk risk management risks Ro s s Position sam sec sector security security and compliance Security Command Center service settings side Sig Sim Simple single SoC SOC2 solutions source specific SSE standard framework standards STAR start strategies structures support T Task tasks team Teams tech technical technical controls technology ted templates text the Time time visibility to tool Tor TP translation trie two UI under unified security up update updates US usability use uth V val Valid visibility Wi workload workloads x z