Commit 7b93d455 authored by Luka Trbojevic's avatar Luka Trbojevic Committed by Luka
Browse files

Update...

Update source/handbook/engineering/security/guidance/IAM.2.02_password_authentication.html.md, source/handbook/engineering/security/guidance/BU.1.02_resilience_testing.html.md, source/handbook/engineering/security/guidance/CFG.1.04_configuration_check_reconciliation.html.md, source/handbook/engineering/security/guidance/CM.1.01_change_management_workflow.html.md, source/handbook/engineering/security/guidance/DM.7.01_secure_disposal_of_media.html.md, source/handbook/engineering/security/guidance/IAM.1.02_logical_access_deprovisioning.html.md, source/handbook/engineering/security/guidance/IR.2.01_external_communication_of_incidents.html.md, source/handbook/engineering/security/guidance/IR.2.03_incident_external_communication.html.md, source/handbook/engineering/security/guidance/RM.2.01_internal_audits.html.md, source/handbook/engineering/security/guidance/RM.1.04_service_risk_rating_assignment.html.md, source/handbook/engineering/security/guidance/RM.1.02_continuous_monitoring.html.md, source/handbook/engineering/security/guidance/SYS.1.06_log_reconciliation_cmdb.html.md, source/handbook/engineering/security/guidance/CFG.1.01_baseline_configuration_standard.html.md, source/handbook/engineering/security/guidance/SYS.2.07_system_security_monitoring.html.md, source/handbook/engineering/security/guidance/SYS.2.01_security_monitoring_alert_criteria.html.md, source/handbook/engineering/security/guidance/RM.3.01_remediation_tracking.html.md, source/handbook/engineering/security/guidance/RM.1.01_risk_assessment.html.md files
parent c1d4bdaf
......@@ -25,7 +25,9 @@ TBD
 
## Ownership
 
TBD
* Control Owner: `Infrastructure`
* Process owner(s):
* Infrastructure: `100%`
 
## Implementation Guidance
 
......
......@@ -25,8 +25,12 @@ This control applies to all hosted systems (e.g. VM's and GCP compute services)
 
## Ownership
 
TBD
* Control Owner: `Security`
* Process owner(s):
* Security: `50%`
* IT Ops: `25%`
* Infrastructure: `25%`
## Implementation Guidance
 
For detailed implementation guidance relevant to GitLab team-members, refer to the [full guidance documentation](https://gitlab.com/gitlab-com/gl-security/compliance/compliance/blob/master/controls/guidance/CFG.1.01_baseline_configuration_standard.md).
......
......@@ -25,7 +25,9 @@ This control applies to all production systems.
 
## Ownership
 
TBD
* Control Owner: `IT Ops`
* Process owner(s):
* IT Ops: `100%`
 
## Implementation Guidance
 
......
......@@ -25,7 +25,9 @@ This control applies to the GitLab.com production environment.
 
## Ownership
 
TBD
* Control Owner: `Compliance`
* Process owner(s):
* Service Owners: `100%`
 
## Implementation Guidance
 
......
......@@ -25,7 +25,9 @@ This control applies to both electronic and physical (for example, paper printou
 
## Ownership
 
TBD
* Control Owner: `IT Ops`
* Process owner(s):
* IT Ops: `100%`
 
## Implementation Guidance
 
......
......@@ -25,7 +25,12 @@ This control applies to any system or service where user accounts can be provisi
 
## Ownership
 
TBD
* Control Owner: `Compliance`
* Process owner(s):
* Security: `25%`
* IT Ops: `25%`
* Infrastructure: `25%`
* Individual Managers: `25%`
 
## Implementation Guidance
 
......
......@@ -24,7 +24,9 @@ This control applies to any system or service where password protection is appro
 
## Ownership
 
TBD
* Control Owner: `Security`
* Process owner(s):
* Security: `100%`
 
## Implementation Guidance
 
......
......@@ -30,7 +30,10 @@ TBD
 
## Ownership
 
TBD
* Control Owner: `Security`
* Process owner(s):
* Security: `50%`
* Infrastructure: `50%`
 
## Implementation Guidance
 
......
......@@ -25,7 +25,10 @@ TBD
 
## Ownership
 
TBD
* Control Owner: `Security`
* Process owner(s):
* Security: `50%`
* Infrastructure: `50%`
 
## Implementation Guidance
 
......
......@@ -25,7 +25,11 @@ TBD
 
## Ownership
 
TBD
* Control Owner: `Compliance`
* Process owner(s):
* GitLab Service Owners: `40%`
* Compliance: `20%`
* Security: `20%`
 
## Implementation Guidance
 
......
......@@ -25,7 +25,9 @@ This control applies to all GitLab internal controls.
 
## Ownership
 
GitLab Compliance Team
* Control Owner: `Compliance`
* Process owner(s):
* Compliance: `100%`
 
## Implementation Guidance
 
......
......@@ -25,7 +25,10 @@ This control applies to all GitLab applications and services.
 
## Ownership
 
TBD
* Control Owner: `Compliance`
* Process owner(s):
* Security: `70%`
* Compliance:`30%`
 
## Implementation Guidance
 
......
......@@ -25,7 +25,9 @@ Internal audits are performed against all GitLab production systems and all proc
 
## Ownership
 
TBD
* Control Owner: `Internal Audit`
* Process owner(s):
* Internal Audit: `100%`
 
## Implementation Guidance
 
......
......@@ -25,7 +25,10 @@ This control applies to all risk assessments and their respective risk findings.
 
## Ownership
 
TBD
* Control Owner: `Compliance`
* Process owner(s):
* Security: `70%`
* Compliance:`30%`
 
## Implementation Guidance
 
......
......@@ -25,7 +25,9 @@ This control applies to all production systems in the device inventory.
 
## Ownership
 
TBD
* Control Owner: `IT Ops`
* Process owner(s):
* IT Ops: `100%`
 
## Implementation Guidance
 
......
......@@ -33,7 +33,10 @@ This control is not applicable to GitLab's SaaS product since managed hosting is
 
## Ownership
 
TBD
* Control Owner: `Security`
* Process owner(s):
* Security: `70%`
* Infrastructure: `30%`
 
## Implementation Guidance
 
......
......@@ -25,6 +25,11 @@ This control applies to all production systems critical to the delivery of the G
 
## Ownership
 
* Control Owner: `Security`
* Process owner(s):
* Security: `50%`
* Infrastructure: `50%`
## Implementation Guidance
 
For detailed implementation guidance relevant to GitLab team-members, refer to the [full guidance documentation](https://gitlab.com/gitlab-com/gl-security/compliance/compliance/blob/master/controls/guidance/SYS.2.07_system_security_monitoring.md).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment