Standard tier enhanced and automatically activated for some customers

Starting February 11, 2026, the Security Command Center Standard tier will be migrated to a new set of capabilities. For a summary of the differences, see Differences between Standard and Standard-legacy tiers. To see the services that are available in each tier, see Service tier comparison.

After Security Command Center Standard is migrated, some organizations and projects that are using the Standard tier will see new features and an update to the supported detection services.

In addition, Security Command Center Standard will be automatically activated in some organizations where it isn't yet activated and that don't have data residency requirements.

The Standard tier migration and auto-activation process will occur over multiple months. This document provides more information and describes what to expect during the Standard tier migration and auto-activation process.

Differences between Standard and Standard-legacy tiers

This section explains the differences in capabilities between the Standard and Standard-legacy tiers.

The following features are now available in the Standard tier:

• Compliance Manager
• Data Security Posture Management
• Vulnerability Assessment for Google Cloud
• Mandiant CVE assessments

The following Standard-legacy tier features aren't supported in the Standard tier:

• Sensitive Data Protection discovery service
• Web Security Scanner custom scans

A modified set of Security Health Analytics capabilities is available in the Standard tier. For more information, see Security Health Analytics detectors migrated to Compliance Manager controls.

To view the services and features available with all tiers, see Security Command Center service tiers.

Overview of the Standard tier migration and auto-activation process

You might see the new features in your Security Command Center Standard activation if one of the following applies to your organization:

• The Security Command Center Standard tier is already activated in your organization and the Premium tier isn't activated on any project in the organization.
• The Security Command Center Standard tier is already activated for any project in the organization. You will see the new Security Command Center Standard tier capabilities in those projects.

Security Command Center Standard tier might be automatically activated at the organization level in the global region if Security Command Center hasn't been activated at the organization level, and both of the following scenarios apply:

• The Premium tier isn't activated on any project within the organization.
• The organization doesn't have data residency requirements, meaning it doesn't restrict resource locations using the resource locations constraint.

If you don't have Security Command Center activated in your organization, and the Standard tier isn't activated automatically, you can activate Security Command Center Standard manually. You get Security Command Center Standard-legacy features initially. Your organization will be migrated to the new Standard tier features at a later date.

After your organization or project is automatically migrated to new Standard tier features, the unsupported Standard-legacy tier services are disabled.

During manual activation, you specify the global region or one of the supported jurisdictions. For information, see Data residency considerations after the Standard tier is auto-activated.

Organizations that aren't included in this change

If your organization has any of the following configurations, your organization isn't automatically activated with the Security Command Center Standard tier:

• Your organization has an Enterprise tier activation.

• Your organization has a Premium tier activation at either the organization level or project level. This type of activation includes the following:

  • Your organization has the Standard tier activated at the organization level and the Premium tier activated on any project. These organizations continue to see Standard-legacy features.

  • Your organization doesn't have any Security Command Center tier activated at the organization level and has the Premium tier activated on one or more projects. Security Command Center Standard isn't automatically activated in these organizations. To get Security Command Center Standard, you can activate it manually.

• Your organization doesn't have any Security Command Center tier activated at the organization level and has data residency requirements, identified by at least one organization policy that restricts resource locations using a resource locations constraint. Security Command Center Standard isn't automatically activated in these organizations and must be activated manually.

For information about how to activate the Standard tier manually, see Activate Security Command Center Standard tier for an organization.

Changes to organizations that are included in this change

The following sections describe changes and additional configuration if your organization is enabled with Standard tier features. This scenario includes the following scenarios:

• You were using the Standard tier before February 11, 2026, and the features were migrated to the new set of capabilities.

• Your organization was automatically activated with the Standard tier.

• You manually activated the Standard tier after February 11, 2026, and then your organization was migrated to the new set of capabilities.

Changes in Google Cloud console

The first time you access Security Command Center after the organization is migrated to the new Standard tier features, you will see the Security insights are now enabled at no additional cost prompt. If you click Close this prompt doesn't reappear.

You can access the following in the Google Cloud console:

• Data dashboard on the Risk Overview page
• Compliance page

Some features on these pages are disabled because the service that provides data must be manually enabled or configured.

For information about how to use Security Command Center, see Use Security Command Center in the Google Cloud console.

There might be a delay before data appears on these pages. To learn more, see When to expect findings in Security Command Center.

Services that aren't automatically enabled

The Standard tier migration and auto-activation process enables some services automatically. The following services in the Standard tier might require that you enable them manually or perform additional configuration:

• Vulnerability Assessment for Google Cloud:

  • If the Standard tier is newly activated in your organization, you must enable this service manually.

  • If your organization was migrated from the Standard-legacy tier to the Standard tier, this service is enabled automatically.

• Model Armor: If you weren't using Model Armor before the automatic activation, you must perform additional configuration.

Services that are automatically enabled generate findings that are based on the individual scan frequency of each service. A delay might occur before scans start for some services. To learn more, see When to expect findings in Security Command Center.

Data residency considerations after the Standard tier is auto-activated

After Security Command Center Standard is automatically activated in your organization, we recommend that you enable Vulnerability Assessment for Google Cloud.

If Security Command Center Standard was automatically activated in your organization, and then you enable an organization policy that restricts resource location, Security Command Center might be automatically deactivated within seven days after the policy is deployed.

Organizations aren't automatically deactivated in the following scenarios:

• You enabled Vulnerability Assessment for Google Cloud after the automatic activation and before deploying an organization policy that restricts resource location.
• You upgraded the organization to the Premium tier or Enterprise tier after the automatic activation.

If Security Command Center is automatically deactivated, existing findings remain stored and unchanged in the global region until they are deleted as defined in the Data retention for findings policy. You cannot access these findings unless you reactivate Security Command Center in the global region.

To continue using Security Command Center, you must re-activate Security Command Center manually. For instructions, see Activate Security Command Center Standard tier for an organization.

When you manually activate Security Command Center, you choose the data residency configuration. If you don't enable data residency, Security Command Center is activated in the global region and you can access the previously created findings because they are stored in the global region.

When you enable data residency, you also configure supported data locations.

If you enable data residency, you can't access previously created findings because they are stored in the global region and you configured a specific data location.

During manual activation, Security Command Center doesn't restrict your data residency configuration when the configuration conflicts with organization policies that limit resource locations.

Security Health Analytics detectors are migrated to Compliance Manager controls

On the Standard tier, most Security Health Analytics detectors are migrated to Compliance Manager controls in the Security Essentials framework. The Compliance Manager version of these controls also generate findings for the equivalent security scenarios.

Security Health Analytics is enabled and all detectors continue to generate findings, but findings created by a Security Health Analytics detector that has an equivalent Compliance Manager control are labeled with the field-value identifier: launch_state="LAUNCH_STATE_DEPRECATED".

A subset of Security Health Analytics detectors aren't migrated to Compliance Manager controls. Security Health Analytics generates findings from these detectors and they don't have the launch_state field set to LAUNCH_STATE_DEPRECATED.

The Security Essentials framework in Compliance Manager includes additional controls, beyond those that were migrated from Security Health Analytics. To see all available controls, select Compliance > Monitor New tab, and then the Security Essentials framework in the Frameworks panel.

For information about which detectors are migrated to Compliance Manager and which Google Cloud console pages let you investigate findings that are generated by each detector, see Security Health Analytics features by tier.

Status of findings created by services that are no longer supported

Findings created by Standard-legacy tier services that aren't supported in the Standard tier are retained until they are deleted as defined in the Data retention for findings policy.

Service behavior when you reach the Standard tier feature limits

Certain services might have a limit on usage. When you reach that limit, you might be prompted to upgrade tiers. For information about the behavior when you reach the limit, see the documentation specific to that service.

Update your integrations with other applications

If you ingest findings from Security Command Center to other services using the API, you might see the following newly available sources:

• Compliance Evaluation Service
• Vulnerability Assessment

Update your ingestion scripts to accept data from these sources.

If you use a search query in another application to view Security Health Analytics findings ingested from Security Command Center, such as in Google Security Operations, and you want to remove findings created by Security Health Analytics detectors that are migrated to Compliance Manager, update the search query to add a term that is equivalent to this Security Command Center finding query term:

AND NOT launch_state="LAUNCH_STATE_DEPRECATED"

For more information, see Security Health Analytics detectors are migrated to Compliance Manager controls.

What's next

• Review the features available in the Security Command Center Standard tier.

• Work with Security Command Center Standard tier in Google Cloud console.