Skip to navigation
Skip to main content
Skip to footer
NCC Group
Menu
Services
Open sub menu for Services
Incident Response
Incident Response
Incident Readiness
Cyber Incident Response Management
Incident Response Recovery
Cyber Incident Response Retainer
Technical Assurance
Technical Assurance
Penetration Testing Services
Social Engineering Prevention
Application Security
Attack Simulation
Hardware & Embedded Services
Network Infrastructure, Architecture & Container Security
Cryptography & Encryption
Cloud Security Services
Cyber Services Portal
Managed Services
Managed Services
Managed Extended Detection & Response (MXDR)
Network Detection & Response for OT
Vulnerability Scanning & Management
Bug Bounty & Vulnerability Disclosure Services
External Attack Surface Management
Unified Cyber Platform
Consulting & Implementation
Consulting & Implementation
Identity & Access Management
Operational Technology
People: Training & Awareness
Strategy, Risk & Compliance
Project & Program Management
Threat Intelligence
Threat Intelligence
Online Exposure Monitoring
Digital Footprint Review
Escode
Escode
Software Escrow
SaaS Escrow
Escrow Agreements
Escrow Verifications
Solutions
Open sub menu for Solutions
Artificial Intelligence
Cloud & Digital Transformation
Compliance & Regulations
Continuous Offensive Security
Digital Identity
Mergers & Acquisitions Due Diligence
Sectors
Open sub menu for Sectors
Financial Services Sector
Legal & Professional Services
Retail & Consumer Markets
Public Sector & Government Services
Transport Services
Technology, Media & Telecommunications Services
Energy & Utilities Services
Manufacturing Services
Health Services
Resources
Open sub menu for Resources
Newsroom
Resource Hub
Our Research
Cyber Threat Intelligence Reports
Global Cyber Policy Radar
Supply Chain Security Report
About Us
Open sub menu for About Us
About us
Celebrating 25 years and beyond
Our Values
Office Locations
Sustainability
Investor Relations
Careers
Contact Us
Search
Client login
Open sub menu for Customer Portals
Managed Services Unified Cyber Platform (UCP)
Cyber Services Portal
Managed Scanning Customer Portal
Escrow View
Escrow Connect
Enter a search term
CASA Questionnaire
Please fill out our Questionnaire to get started on your CASA journey
Work Email
*
1.) Please select the Google Cloud Application Security Assessment you are pursuing:
*
Gmail
Chat
Drive
Recommended for Google Workspace (By Google Invitation Only)
Google Fitbit
Google FIT
Google Workspace Security Badge
2.) Did you pass OAuth Security Assessment or CASA last year?
*
Yes
No, this will be our first time
3a.) Confirm: You have been directed by Google to perform a Security Assessment?
*
Yes (Required: If “Yes”, send a copy of the message from Google to 'google_casa@nccgroup.com' confirming this)
No
3b.) If YES to the previous question, what is your Tier Assignment? Recommended for Google Workspace and Google Workspace Security Badge Applications must undergo a Tier 3 Assessment.
*
Tier 2
Tier 3
4.) Indicate all Google Restricted Scopes being used by your application/integration.
*
5.) Your Company Name (full name incl. Inc, LLC, etc.)
*
6.) Your Company Mail/Postal Address 1 (This is required for the LOA issuance):
*
Address 2:
Country:
*
Afghanistan
Albania
Algeria
American Samoa
Andorra
Angola
Anguilla
Antarctica
Antigua and Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bosnia and Herzegovina
Botswana
Brazil
British Indian Ocean Territory
British Virgin Islands
Brunei
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Cayman Islands
Central African Republic
Chad
Chile
China
Christmas Island
Cocos (Keeling) Islands
Colombia
Comoros
Congo
Cook Islands
Costa Rica
Croatia
Cuba
Curaçao
Cyprus
Czech Republic
Côte d’Ivoire
Democratic Republic of the Congo
Denmark
Djibouti
Dominica
Dominican Republic
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Territories
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guernsey
Guinea
Guinea-Bissau
Guyana
Haiti
Honduras
Hong Kong S.A.R., China
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jersey
Jordan
Kazakhstan
Kenya
Kiribati
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macao S.A.R., China
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mayotte
Mexico
Micronesia
Moldova
Monaco
Mongolia
Montenegro
Montserrat
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Netherlands
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
North Korea
Northern Mariana Islands
Norway
Oman
Pakistan
Palau
Palestinian Territory
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn
Poland
Portugal
Puerto Rico
Qatar
Romania
Russia
Rwanda
Réunion
Saint Barthélemy
Saint Helena
Saint Kitts and Nevis
Saint Lucia
Saint Pierre and Miquelon
Saint Vincent and the Grenadines
Samoa
San Marino
Sao Tome and Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Korea
South Sudan
Spain
Sri Lanka
Sudan
Suriname
Svalbard and Jan Mayen
Swaziland
Sweden
Switzerland
Syria
Taiwan
Tajikistan
Tanzania
Thailand
Timor-Leste
Togo
Tokelau
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Turks and Caicos Islands
Tuvalu
U.S. Virgin Islands
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
United States Minor Outlying Islands
Uruguay
Uzbekistan
Vanuatu
Vatican
Venezuela
Viet Nam
Wallis and Futuna
Western Sahara
Yemen
Zambia
Zimbabwe
City:
State/Providence:
*
Zip Code:
*
Is the invoicing address the same as the company address provided* (If NO, please notify your NCC Group representative upon follow up)
*
Yes
No
7a.) Technical point of contact name:
*
7b.) Technical point of contact email:
*
8.) Google Project Number (NOT the Project ID or Project Name):
*
9.) Please state your app’s deadline for Security Re-Assessment as provided by Google (mm/dd/year). If not applicable, please put 00/00/0000
*
10.) Application Name:
*
11.) Publicly Available Application URL:
*
12a.) Server Application Type(s) -- please select any of the following if directly exposed to the internet:
*
Open API-compatible REST API
Other REST API
SOAP API
GraphQL API
Web Sockets App
Other API (please list below)
Other server app type (please list below)
13a.) Client Application Type(s) -- please select all that apply:
*
Web App with UI (including most/all Google functionality)
No Web App with UI (Or with no/limited Google functionality) (Please describe how your application integrates with Google and on what platforms below on '13c')
Android app
iOS app
Chrome Extension
Thick Client or Electron App
Device
Other (please list below)
13b.) If 'Other' was selected in the previous question, please list:
13c.) If 'No Web App with UI (Or with no/limited Google functionality)' was selected, please describe how your application integrates with Google and on what platforms:
14a.) If 'Android' or 'iOS App' indicated in previous question (13a), Can the OAuth flow be completed within the mobile app?
Yes
No
14b.) If 'Android' or 'iOS App' indicated in previous question (13a), can the OAuth flow be completed within the web app
Yes
No
15.) Can you give a brief description of the application, how it uses Google user data, where it’s stored, how it’s transferred, and flows through your cloud architecture?
*
16.) For web apps, approximately how many unique interactions or flows are there? (e.g. create user, update user)
*
16a.) What is the size of the full application (total endpoints, APIs + App)?
*
1 – 250
251 – 700
701 – 1200
>1201
16b.) Best numeric estimate of total endpoints?
*
17a.) Does your application make use of Multi-Factor Authentication (MFA) for application end users (not administration)?
*
Yes
No
17b.) If YES, can it be disabled to allow automated testing
Yes
No
18a.) Does your application make use of any of Application Defenses such as IPS, IDS, WAFs, stateful firewalls, etc.?
*
Yes
No
18b.) If YES, Can this be disabled or an allowlist added for specific test accounts/IPs?
Yes
No
19.) Tier 3/Recommended for Google Workspace Cloud Application Security Assessments require access to source code. Please select how this can be provided: (Tier 2, no source code required):
*
All Application Source Code
Snippets of Source Code Upon Request
No Source Code Shared
20.) This assessment is not a full and complete penetration test of the application and should not be treated as such. As a separate engagement NCC Group can perform additional security services. Are there any pentesting efforts you are interested in?
*
Network/Infrastructure Testing
Advanced Web Application Assessment
Cloud Deployment Review
Other compliance or security assessment(s)