Skip to content

CASA Tier 3 assessment for the Afi Google Workspace app

The Afi G Suite Backup application in the Google Workspace Marketplace displays Google’s Independent security verification badge. This badge indicates that the app has completed Tier 3 of the Cloud Application Security Assessment, or CASA through an independent third-party security assessment.

CASA is an application security assessment framework based on the OWASP Application Security Verification Standard, or ASVS. The assessment is performed by an authorized third-party lab and is designed to validate that the application meets applicable CASA security requirements.

To keep the badge, apps must remain compliant with CASA Tier 3 requirements and complete annual revalidation.

What CASA assesses

CASA evaluates technical security controls for cloud applications and their supporting infrastructure. The assessment covers applicable requirements across areas such as:

  • application architecture and threat modeling;
  • authentication and access control;
  • data protection and secure storage;
  • input validation and common vulnerability prevention;
  • error handling and logging;
  • deployment infrastructure and locations where user data is stored.

The CASA requirements are based on the OWASP Application Security Verification Standard, or ASVS and are mapped, where applicable, to MITRE Common Weakness Enumeration, or CWE categories.