CASA Tier 2 Process

tier 2 journey
CASA tier 2 gives the developer the flexibility to scan their own application and provide the scan results alongside other evidence to an authorized assessor for verification and receives a letter of validation without the assessor needing to access the application code or infrastructure.

Process Overview


Tier 2 assessments are initiated by an ADA partner company (e.g., Google), when your application is required to complete an assessment to access data or show compliance with policies you will receive a notification via email indicating you are in scope for Tier 2 assessment. 

Scan Your App

Once you receive your notification email you can start scanning your application. 

  1. Follow guidance provided here to scan your application
  2. Remediate any failed CWEs that are mapped to CASA requirements

  3. If you have any valid certification, see if you can submit them to accelerate your review 

Submit Results

Follow the emailed instructions to create an account (if this is your first CASA) and login. 

What you will need to submit your CASA:

  • CASA Tier 2 Notification email

  • Industry certifications, if any, (accelerating CASA)

  • AST configuration file(s)

  • AST scan result(s) in plain text (.txt) format


  • Obtain a Letter of Validation (LOV) to to continue with your application verification