{"id":"gcp-security-dual-control-plane-access-and-data","text":"GCP security governance operates through two independent, non-overlapping control planes: IAM controls who can access resources via layered deny-first evaluation with service account hardening, while CMEK controls whether data remains readable at all via key lifecycle — compromising one plane does not compromise the other, but production security requires operating both simultaneously.","truth_value":"OUT","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{"_retracted":true},"explanation":{"steps":[{"node":"gcp-security-dual-control-plane-access-and-data","truth_value":"OUT","reason":"retracted premise"}]}}