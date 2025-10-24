Availability The Gmail (FedRAMP) CASB integration requires a special entitlement on your account. To request access, contact your account team.

The Gmail (FedRAMP) integration detects a variety of data loss prevention, account misconfiguration, and user security risks in an integrated Google Workspace account that could leave you and your organization vulnerable.

Integration prerequisites

A Google Workspace account with a Business Starter, Business Standard, Business Plus or Enterprise plan

A Google Workspace user with Super Admin privileges ↗ and Owner permissions ↗ in the Google Cloud Platform (GCP) project used

Integration permissions

Refer to Google Workspace integration permissions for information on which API permissions to enable.

Security findings

The Gmail (FedRAMP) integration currently scans for the following findings, or security risks. Findings are grouped by category and then ordered by severity level.

To stay up-to-date with new CASB findings as they are added, bookmark this page or subscribe to its RSS feed.

Gmail administrator settings

Finding type FindingTypeID Severity Description Google Workspace: Domain SPF record allows any IP address f28dcc8d-1f0c-4b5a-b254-4169095c16e5 High A Google Workspace Domain SPF record allows any email to be sent from any IP address on your behalf. Google Workspace: Domain SPF record not present 2e13e5dd-88ed-4d65-8d0a-d3fdff9ee7bb Medium An SPF record does not exist for a Google Workspace Domain. Google Workspace: Domain DMARC record not present ec39eabf-3536-4005-940b-22d815c628ec Medium A DMARC record does not exist for a Google Workspace Domain. Google Workspace: Domain DMARC not enforced 8971666d-c049-436d-b4d1-6816a70650ef Medium A DMARC record for a Google Workspace Domain is not enforced. Google Workspace: Domain DMARC not enforced for subdomains fe485f42-b158-4187-85fe-79acdd92055b Medium A DMARC record for a Google Workspace Subdomain is not configured to quarantine or reject messages that fail authentication. Google Workspace: Domain DMARC only partially enforced b682c603-9bc6-485e-be8c-a6e58a989407 Medium A DMARC record for a Google Workspace Domain is not configured to quarantine or reject messages that fail authentication.

Email forwarding