Restrictions and limitations for ITAR

This page describes the restrictions, limitations, and other configuration options when using the ITAR control package.

Overview

The International Traffic in Arms Regulations (ITAR) control package enables data access control and residency features for in-scope Google Cloud services. Some of these services' features are restricted or limited by Google to be compatible with ITAR. Most of these restrictions and limitations are applied when creating a new Assured Workloads folder for ITAR, however some of them can be changed later by modifying organization policies. Additionally, some restrictions and limitations require user responsibility for adherence.

It's important to understand how these restrictions modify the behavior for a given Google Cloud service or affect data access or data residency. For example, some features or capabilities may be automatically disabled to ensure that data access restrictions and data residency are maintained. Additionally, if an organization policy setting is changed, it might have the unintended consequence of copying data from one region to another.

Prerequisites

To remain compliant as a user of the ITAR control package, ensure that you satisfy and adhere to the following prerequisites:

Create an ITAR folder using Assured Workloads and deploy your ITAR workloads only in that folder.
Only enable and use in-scope ITAR services for ITAR workloads.
Don't change the default organization policy constraint values unless you understand and are willing to accept the data residency risks that may occur.
When connecting to Google Cloud service endpoints, you must use regional endpoints for services that offer them. In addition:
- When connecting to Google Cloud service endpoints from non-Google Cloud VMs —such as on-premises or other cloud providers' VMs— you must use one of the available private access options that support connections to non-Google Cloud VMs to route the non-Google Cloud traffic into Google Cloud.
- When connecting to Google Cloud service endpoints from Google Cloud VMs, you may use any of the available private access options.
- When connecting to Google Cloud VMs that have been exposed with external IP addresses, refer to Access APIs from VMs with external IP addresses.
For all services used in an ITAR folder, don't store technical data in the following user-defined or security configuration information types:
- Error messages
- Console output
- Attribute data
- Service configuration data
- Network packet headers
- Resource identifiers
- Data labels
Use only the specified regional or locational endpoints for services that offer them. See in-scope ITAR services for more information.
Consider adopting the general security best practices provided in the Google Cloud security best practices center.

In-scope services

Unless otherwise noted, users can access all in-scope services through the Google Cloud console.

The following services are compatible with ITAR:

Supported product	ITAR-compliant API endpoints	Restrictions or limitations
Artifact Registry	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: artifactregistry.googleapis.com	None
BigQuery	Regional API endpoints: bigquery.us-west1.rep.googleapis.com bigquery.us-east4.rep.googleapis.com bigquerymigration.us-west1.rep.googleapis.com bigquerymigration.us-east4.rep.googleapis.com bigqueryreservation.us-west1.rep.googleapis.com bigqueryreservation.us-east4.rep.googleapis.com bigquerystorage.us-west1.rep.googleapis.com bigquerystorage.us-east4.rep.googleapis.com bigquerydatatransfer.us-west1.rep.googleapis.com bigquerydatatransfer.us-east4.rep.googleapis.com Locational API endpoints are not supported. Global API endpoints are not supported.	Affected features
Certificate Authority Service	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: privateca.googleapis.com	None
Cloud External Key Manager (Cloud EKM)	Regional API endpoints are not supported. Locational API endpoints: us-west1-cloudkms.googleapis.com us-east4-cloudkms.googleapis.com Global API endpoints are not supported.	None
Compute Engine	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: compute.googleapis.com	Affected features and organization policy constraints
Cloud DNS	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: dns.googleapis.com	Affected features
Dataflow	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: dataflow.googleapis.com datapipelines.googleapis.com	None
Dataproc	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: dataproc-control.googleapis.com dataproc.googleapis.com	None
Filestore	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: file.googleapis.com	None
Cloud Storage	Regional API endpoints: storage.us-central1.rep.googleapis.com storage.us-central2.rep.googleapis.com storage.us-east1.rep.googleapis.com storage.us-east4.rep.googleapis.com storage.us-east5.rep.googleapis.com storage.us-east7.rep.googleapis.com storage.us-south1.rep.googleapis.com storage.us-west1.rep.googleapis.com storage.us-west2.rep.googleapis.com storage.us-west3.rep.googleapis.com storage.us-west4.rep.googleapis.com Locational API endpoints are not supported. Global API endpoints are not supported.	Affected features
Google Kubernetes Engine	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: container.googleapis.com containersecurity.googleapis.com	Affected features and organization policy constraints
Cloud HSM	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: cloudkms.googleapis.com	None
Identity and Access Management (IAM)	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: iam.googleapis.com	None
Identity-Aware Proxy (IAP)	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: iap.googleapis.com	None
Cloud Interconnect	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: networkconnectivity.googleapis.com	Affected features
Cloud Key Management Service (Cloud KMS)	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: cloudkms.googleapis.com	None
Cloud Load Balancing	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: compute.googleapis.com	Affected features
Cloud Logging	Regional API endpoints: logging.us-west1.rep.googleapis.com logging.us-east4.rep.googleapis.com Locational API endpoints are not supported. Global API endpoints are not supported.	Affected features
Cloud Monitoring	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: monitoring.googleapis.com	Affected features
Cloud NAT	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: networkconnectivity.googleapis.com	Affected features
Network Connectivity Center	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: networkconnectivity.googleapis.com	Affected features
Persistent Disk	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: compute.googleapis.com	None
Pub/Sub	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: pubsub.googleapis.com	None
Cloud Router	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: networkconnectivity.googleapis.com	Affected features
Cloud SQL	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: sqladmin.googleapis.com	Affected features
Virtual Private Cloud (VPC)	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: compute.googleapis.com	Affected features
VPC Service Controls	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: accesscontextmanager.googleapis.com	None
Cloud VPN	Regional API endpoints are not supported. Locational API endpoints are not supported. Global API endpoints: compute.googleapis.com	Affected features

Organization policies

This section describes how each service is affected by the default organization policy constraint values when folders or projects are created using ITAR. Other applicable constraints —even if not set by default— can provide additional "defense-in-depth" to further protect your organization's Google Cloud resources.

Cloud-wide organization policy constraints

The following organization policy constraints apply across any applicable Google Cloud service.

Organization Policy Constraint	Description
`gcp.resourceLocations`	Set to `in:us-locations` as the `allowedValues` list item. This value restricts creation of any new resources to the US value group only. When set, no resources can be created in any other regions, multi-regions, or locations outside of the US. See the Organization policy value groups documentation for more information. Changing this value by making it less restrictive potentially undermines data residency by allowing data to be created or stored outside the US data boundary. For example: replacing the `in:us-locations` value group with the `in:northamerica-locations` value group.
`gcp.restrictNonCmekServices`	Set to a list of all in-scope API service names, including: `compute.googleapis.com` `container.googleapis.com` `storage.googleapis.com` Some features may be affected for each of the services listed above. See the Affected Features section below. Each listed service requires Customer-managed encryption keys (CMEK). CMEK ensures that at-rest data is encrypted with a key managed by you, not Google's default encryption mechanisms. Changing this value by removing one or more in-scope services from the list may undermine data data sovereignty, as new at-rest data will be automatically encrypted using Google's own keys instead of yours. Existing at-rest data will remain encrypted by the key you provided.
`gcp.restrictCmekCryptoKeyProjects`	Set to all resources under the ITAR folder you created. Limits the scope of approved folders or projects that can provide KMS keys for encrypting at-rest data using CMEK. This constraint prevents unapproved folders or projects from providing encryption keys, thus helping to guarantee data sovereignty for in-scope services' at-rest data.
`gcp.restrictServiceUsage`	Set to allow all in-scope services. Determines which services can be enabled and used. For more information, see Restrict resource usage for workloads.

Compute Engine organization policy constraints

Organization Policy Constraint	Description
`compute.disableGlobalLoadBalancing`	Set to True. Disables creation of global load balancing products. Changing this value may affect data residency in your workload; we recommend keeping the set value.
`compute.disableGlobalSelfManagedSslCertificate`	Set to True. Disables creation of global self-managed SSL certificates. Changing this value may affect data residency in your workload; we recommend keeping the set value.
`compute.disableInstanceDataAccessApis`	Set to True. Globally disables the `instances.getSerialPortOutput()` and `instances.getScreenshot()` APIs. Enabling this organization policy prevents you from generating credentials on Windows Server VMs. If you need to manage a username and password on a Windows VM, do the following: Enable SSH for Windows VMs. Run the following command to change the VM's password: gcloud compute ssh `VM_NAME` --command "net user `USERNAME` `PASSWORD`" Replace the following: `VM_NAME`: The name of the VM you're setting the password for. `USERNAME`: The username of the user who you're setting the password for. `PASSWORD`: The new password.
`compute.disableNestedVirtualization`	Set to True. Disables hardware-accelerated nested virtualization for all Compute Engine VMs in the ITAR folder. Changing this value may affect data residency in your workload; we recommend keeping the set value.
`compute.enableComplianceMemoryProtection`	Set to True. Disables some internal diagnostic features to provide additional protection of memory contents when an infrastructure fault occurs. Changing this value may affect data residency in your workload; we recommend keeping the set value.
`compute.restrictNonConfidentialComputing`	(Optional) Value is not set. Set this value to provide additional defense-in-depth. See the Confidential VM documentation for more information.
`compute.restrictLoadBalancerCreationForTypes`	Set to allow all values except for `GLOBAL_EXTERNAL_MANAGED_HTTP_HTTPS`. See Choose a load balancer for more information.

Google Kubernetes Engine organization policy constraints

Organization Policy Constraint	Description
`container.restrictNoncompliantDiagnosticDataAccess`	Set to True. Used to disable aggregate analysis of kernel issues, which is required to maintain sovereign control of a workload. Changing this value may affect data sovereignty in your workload; we recommend keeping the set value.

Affected features

This section lists how each service's features or capabilities are affected by ITAR, including user requirements when using a feature.

BigQuery features

Feature	Description
Enabling BigQuery on a new folder	BigQuery is supported, but it isn't automatically enabled when you create a new Assured Workloads folder due to an internal configuration process. This process normally finishes in ten minutes, but can take much longer in some circumstances. To check whether the process is finished and to enable BigQuery, complete following steps: In the Google Cloud console, go to the Assured Workloads page. Go to Assured Workloads Select your new Assured Workloads folder from the list. On the Folder Details page in the Allowed services section, click Review Available Updates. In the Allowed services pane, review the services to be added to the Resource Usage Restriction organization policy for the folder. If BigQuery services are listed, click Allow Services to add them. If BigQuery services are not listed, wait for the internal process to complete. If the services are not listed within 12 hours of folder creation, contact Cloud Customer Care. After the enablement process is completed, you can use BigQuery in your Assured Workloads folder. Gemini in BigQuery is not supported by Assured Workloads.
Unsupported features	The following BigQuery features are not supported and are disabled for ITAR compliance: Externally-trained BQML models are not ITAR-compliant. Internally-trained BQML models are ITAR compliant. Federated queries Data masking and column-level access control: Policy tag taxonomies creation is disabled Analytics Hub GDrive export Remote functions Saved queries Workflow scheduling For BigQuery Studio, notebooks are unsupported. Continuous queries
Compliant BigQuery APIs	The following BigQuery APIs are ITAR-compliant: bigquery.googleapis.com bigquerydatapolicy.googleapis.com bigqueryconnection.googleapis.com bigquerymigration.googleapis.com bigquerystorage.googleapis.com bigqueryreservation.googleapis.com bigquerydatatransfer.googleapis.com The Reservations API is not enabled by default. You can enable the API using the instructions on this page.
Regions	BigQuery is ITAR-compliant for all BigQuery US regions except the US multi-region. ITAR compliance cannot be guaranteed if a dataset is created in a US multi-region, non-US region, or non-US multi-region. It is the customer's responsibility to specify an ITAR-compliant region when creating BigQuery datasets.
Loading data	BigQuery Data Transfer Service connectors for Google Software as a Service (SaaS) apps, external cloud storage providers, and data warehouses are not ITAR-compliant. Customers can only use Cloud Storage Transfer in an ITAR environment.
Connections to external data sources	Google's compliance responsibility is limited to the BigQuery Connection API capability. It is the customer's responsibility to ensure the compliance of the source products that are used with the BigQuery Connection API.
Queries on ITAR datasets from non-ITAR projects	BigQuery does not prevent ITAR datasets from being queried from non-ITAR projects. Customers should ensure that any query that has a read or a join on ITAR technical data be placed in an ITAR-compliant folder.

Compute Engine features

Feature	Description
Google Cloud console	The following Compute Engine features are not available in the Google Cloud console. Use the API or Google Cloud CLI instead: Health checks Network endpoint groups
Bare Metal Solution VMs	It is your responsibility not to use Bare Metal Solution VMs (o2 VMs) because Bare Metal Solution VMs are not compliant with ITAR.
Google Cloud VMware Engine VMs	It is your responsibility not to use Google Cloud VMware Engine VMs, as Google Cloud VMware Engine VMs are not compliant with ITAR.
Creating a C3 VM instance	This feature is disabled.
Using persistent disks or their snapshots without CMEK	You cannot use persistent disks or their snapshots unless they have been encrypted using CMEK.
Creating nested VMs or VMs that use nested virtualization	You cannot create nested VMs or VMs that use nested virtualization. This feature is disabled by the `compute.disableNestedVirtualization` organization policy constraint described in the section above.
Adding an instance group to a global load balancer	You cannot add an instance group to a global load balancer. This feature is disabled by the `compute.disableGlobalLoadBalancing` org policy constraint described in the section above.
Routing requests to a multi-region external HTTPS load balancer	You cannot route requests to a multi-region external HTTPS load balancer. This feature is disabled by the `compute.restrictLoadBalancerCreationForTypes` org policy constraint described in the section above.
Sharing an SSD persistent disk in multi-writer mode	You cannot share an SSD persistent disk in multi-writer mode between VM instances.
Suspending and resuming a VM instance	This feature is disabled. Suspending and resuming a VM instance requires persistent disk storage, and persistent disk storage used for storing the suspended VM state cannot be encrypted using CMEK. See the `gcp.restrictNonCmekServices` org policy constraint in the section above to understand the data residency implications of enabling this feature.
Local SSDs	This feature is disabled. You will be unable to create an instance with Local SSDs because they cannot be encrypted using CMEK. See the `gcp.restrictNonCmekServices` org policy constraint in the section above to understand the data residency implications of enabling this feature.
Guest environment	It is possible for scripts, daemons, and binaries that are included with the guest environment to access unencrypted at-rest and in-use data. Depending on your VM configuration, updates to this software may be installed by default. See Guest environment for specific information about each package's contents, source code, and more. These components help you meet data residency through internal security controls and processes. However, for users who want additional control, you can also curate your own images or agents and optionally use the `compute.trustedImageProjects` organization policy constraint. See the Building a custom image page for more information.
`instances.getSerialPortOutput()`	This API is disabled; you will be unable to get serial port output from the specified instance using this API. Change the `compute.disableInstanceDataAccessApis` organization policy constraint value to False to enable this API. You can also enable and use the interactive serial port.
`instances.getScreenshot()`	This API is disabled; you will be unable to get a screenshot from the specified instance using this API. Change the `compute.disableInstanceDataAccessApis` organization policy constraint value to False to enable this API. You can also enable and use the interactive serial port.

Cloud DNS features

Feature	Description
Google Cloud console	Cloud DNS features are not available in the Google Cloud console. Use the API or Google Cloud CLI instead.

Cloud Interconnect features

Feature	Description
Google Cloud console	Cloud Interconnect features are not available in the Google Cloud console. Use the API or Google Cloud CLI instead.
High-availability (HA) VPN	You must enable high-availability (HA) VPN functionality when using Cloud Interconnect with Cloud VPN. Additionally, you must adhere to the encryption and regionalization requirements listed in this section.

Cloud Load Balancing features

Feature	Description
Google Cloud console	Cloud Load Balancing features are not available in the Google Cloud console. Use the API or Google Cloud CLI instead.
Regional load balancers	You must use only regional load balancers with ITAR. See the following pages for more information about configuring regional load balancers: Internal Application Load Balancer Regional external Application Load Balancer Internal passthrough Network Load Balancer External passthrough Network Load Balancer

Cloud Logging features

To use Cloud Logging with customer-managed encryption keys (CMEK), you must complete the steps in the Enable CMEK for an organization page in the Cloud Logging documentation.

Feature	Description
Log sinks	Don't put sensitive information (customer data) in sink filters. Sink filters are treated as service data.
Live tailing log entries	Don't create filters that contain customer data. A live tailing session includes a filter which is stored as configuration. Tailing logs don't store any log entry data themselves, but can query and transmit data across regions.
Log-based alerts	This feature is disabled. You cannot create log-based alerts in the Google Cloud console.
Shortened URLs for Logs Explorer queries	This feature is disabled. You cannot create shortened URLs of queries in the Google Cloud console.
Saving queries in Logs Explorer	This feature is disabled. You cannot save any queries in the Google Cloud console.
Log Analytics using BigQuery	This feature is disabled. You cannot use the Log Analytics feature.
SQL-based alerting policies	This feature is disabled. You cannot use the SQL-based alerting policies feature.

Cloud Monitoring features

Feature	Description
Synthetic Monitor	This feature is disabled.
Uptime check	This feature is disabled.
Log panel widgets in Dashboards	This feature is disabled. You cannot add a log panel to a dashboard.
Error reporting panel widgets in Dashboards	This feature is disabled. You cannot add an error reporting panel to a dashboard.
Filter in `EventAnnotation` for Dashboards	This feature is disabled. Filter of `EventAnnotation` cannot be set in a dashboard.
`SqlCondition` in `alertPolicies`	This feature is disabled. You cannot add a `SqlCondition` to an `alertPolicy`.

Network Connectivity Center features

Feature	Description
Google Cloud console	Network Connectivity Center features are not available in the Google Cloud console. Use the API or Google Cloud CLI instead.

Cloud NAT features

Feature	Description
Google Cloud console	Cloud NAT features are not available in the Google Cloud console. Use the API or Google Cloud CLI instead.

Cloud Router features

Feature	Description
Google Cloud console	Cloud Router features are not available in the Google Cloud console. Use the API or Google Cloud CLI instead.

Cloud SQL features

Feature	Description
Exporting to CSV	Exporting to CSV is not ITAR-compliant and shouldn't be used. This feature is disabled in the Google Cloud console.
`executeSql`	The `executeSql` method of the Cloud SQL API is not ITAR-compliant and shouldn't be used.

Cloud Storage features

Feature	Description
Google Cloud console	To maintain ITAR compliance, it is your responsibility to use the Jurisdictional Google Cloud console. The Jurisdictional console prevents uploading and downloading Cloud Storage objects. To upload and download Cloud Storage objects, see the Compliant API endpoints row below.
Compliant API endpoints	You must use one of the ITAR-compliant regional endpoints with Cloud Storage. See Cloud Storage regional endpoints and Cloud Storage locations for more information.
Restrictions	You must use Cloud Storage regional endpoints to be ITAR-compliant. For more information about Cloud Storage regional endpoints for ITAR, see Cloud Storage regional endpoints. The following operations are not supported by regional endpoints. However, these operations don't carry customer data as defined in the data residency service terms. Therefore, you can use global endpoints for these operations as necessary without violating ITAR compliance: HMAC key operations IAM service account operations Pub/Sub notifications Object change notifications If a user tries to perform an unsupported operation using regional endpoints, Cloud Storage will return a 400 HTTP error code with error message: `This endpoint does not implement this operation. Please use the global endpoint.`
Copy and rewrite for objects	Copy and rewrite operations for objects are supported by regional endpoints if both the source and destination buckets are located in the region specified in the endpoint. However, you cannot use regional endpoints to copy or rewrite an object from one bucket to another if the buckets exist in different locations. It is possible to use global endpoints to copy or rewrite across locations, but we don't recommend it as it and may violate ITAR compliance.

GKE features

Feature	Description
Cluster resource restrictions	Ensure that your cluster configuration does not use resources for services that are unsupported in the ITAR compliance program. For example, the following configuration is invalid because it requires enabling or using an unsupported service: set `binaryAuthorization.evaluationMode` to `enabled`

VPC features

Feature	Description
Google Cloud console	VPC networking features are not available in the Google Cloud console. Use the API or Google Cloud CLI instead.

Cloud VPN features

Feature	Description
Google Cloud console	Cloud VPN features are not available in the Google Cloud console. Use the API or Google Cloud CLI instead.
Encryption	You must use only FIPS 140-2 compliant ciphers when creating certificates and configuring your IP security. See this page for more information about supported ciphers in Cloud VPN. For guidance about selecting a cipher that conforms to FIPS 140-2 standards, see this page. There is currently no way to change an existing cipher in Google Cloud. Ensure that you configure your cipher on your third-party appliance that's used with Cloud VPN.
VPN endpoints	You must use only Cloud VPN endpoints that are located in the US. Ensure that your VPN gateway is configured for use in a US region only.

Footnotes

2. BigQuery is supported, but it isn't automatically enabled when you create a new Assured Workloads folder due to an internal configuration process. This process normally finishes in ten minutes, but can take much longer in some circumstances. To check whether the process is finished and to enable BigQuery, complete following steps:

In the Google Cloud console, go to the Assured Workloads page.
Go to Assured Workloads
Select your new Assured Workloads folder from the list.
On the Folder Details page in the Allowed services section, click Review Available Updates.
In the Allowed services pane, review the services to be added to the Resource Usage Restriction organization policy for the folder. If BigQuery services are listed, click Allow Services to add them.

If BigQuery services are not listed, wait for the internal process to complete. If the services are not listed within 12 hours of folder creation, contact Cloud Customer Care.

After the enablement process is completed, you can use BigQuery in your Assured Workloads folder.

Gemini in BigQuery is not supported by Assured Workloads.

What's next

Learn about the ITAR control package.
Learn which products are supported for each control package.