CASA tier 2 gives the developer the flexibility to scan their own application and provide the scan results alongside other evidence to an authorized assessor for verification and receives a letter of validation without the assessor needing to access the application code or infrastructure.
Process Overview
Notification
Tier 2 assessments are initiated by an ADA partner company (e.g., Google), when your application is required to complete an assessment to access data or show compliance with policies you will receive a notification via email indicating you are in scope for Tier 2 assessment.
Scan Your App
Once you receive your notification email you can start scanning your application.
- Follow guidance provided here to scan your application
-
Remediate any failed CWEs that are mapped to CASA requirements
- If you have any valid certification, see if you can submit them to accelerate your review
Submit Results
Follow the emailed instructions to create an account (if this is your first CASA) and login.
What you will need to submit your CASA:
-
CASA Tier 2 Notification email
-
Industry certifications, if any, (accelerating CASA)
-
AST configuration file(s)
-
AST scan result(s) in plain text (.txt) format
Finalize
- Obtain a Letter of Validation (LOV) to to continue with your application verification