Commit 9f51ad30 authored by Steve Truong's avatar Steve Truong 💬

Updates to Framework Mapping for controls I own

parent ebd601b0
Pipeline #147225733 failed with stages
in 5 minutes and 39 seconds
......@@ -53,11 +53,8 @@ Examples of evidence an auditor might request to satisfy this control:
## Framework Mapping
* SOC2 CC
* CC2.1
* CC3.1
* CC3.2
* CC3.3
* CC3.4
* CC5.1
* CC5.2
* PCI
* 12.2
......@@ -50,15 +50,5 @@ Examples of evidence an auditor might request to satisfy this control:
## Framework Mapping
* ISO
* A.12.7.1
* A.18.2.2
* A.18.2.3
* SOC2 CC
* CC1.2
* CC3.2
* CC3.4
* CC4.1
* CC4.2
* CC5.1
* CC5.2
......@@ -47,12 +47,4 @@ Examples of evidence an auditor might request to satisfy this control:
## Framework Mapping
* SOC2 CC
* CC1.2
* CC3.2
* CC3.4
* CC4.1
* CC4.2
* CC5.1
* CC5.2
* PCI
* 12.2
* CC2.1
......@@ -48,6 +48,4 @@ Examples of evidence an auditor might request to satisfy this control:
## Framework Mapping
* SOC2 CC
* CC4.2
* CC5.1
* CC5.2
* CC2.1
......@@ -37,38 +37,12 @@ The most common form of system documentation is network and data flow diagrams.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the [System Documentation control issue](https://gitlab.com/gitlab-com/gl-security/compliance/compliance/issues/873).
### Policy Reference
1.Design & architecture
1.Design & architecture of GitLab
* https://docs.gitlab.com/ee/development/architecture.html
* https://docs.gitlab.com/ee/user/gitlab_com/architecture.html
2.Monitoring/Performance
* https://docs.gitlab.com/ee/administration/monitoring/performance/index.html
3.Engineering
* https://about.gitlab.com/handbook/#engineering
* https://about.gitlab.com/handbook/engineering/performance/
4.Infrastructure
* https://about.gitlab.com/handbook/engineering/infrastructure/
* https://about.gitlab.com/handbook/engineering/infrastructure/production-architecture/
5.Production/Test/Development
* https://about.gitlab.com/handbook/engineering/development/
* https://about.gitlab.com/handbook/engineering/quality/
6.Back-up/recovery
* https://about.gitlab.com/handbook/engineering/infrastructure/production/#backups
* https://about.gitlab.com/handbook/engineering/infrastructure/database/#backup-and-recovery
7.Security
* https://about.gitlab.com/handbook/security/
* https://about.gitlab.com/handbook/engineering/security/#information-security-policies
8.Compliance
* https://about.gitlab.com/handbook/legal/global-compliance/
* https://about.gitlab.com/handbook/engineering/security/#compliance
* https://about.gitlab.com/handbook/engineering/infrastructure/production/architecture/
## Framework Mapping
* SOC2 CC
* CC2.3
* CC2.2
* CC7.1
......@@ -39,7 +39,7 @@ Process Owner:
## Guidance
Create process to have policies and standards reviewed and updated on a recurring, annual basis.
On an annual cadence, GitLab's Information Security Policies are reviewed and approved by the appropriate level of management.
## Additional control information and project tracking
......@@ -78,56 +78,8 @@ Non-public information relating to this security control as well as links to the
## Framework Mapping
* ISO
* A.5.1.1
* A.5.1.2
* A.12.1.1
* A.12.5.1
* A.12.6.2
* SOC2 CC
* CCC1.4
* CC2.1
* CC2.3
* CC3.1
* CC3.2
* CC5.1
* CC5.2
* CC5.3
* PCI
* 1.5
* 2.5
* 3.5
* 3.5.1
* 3.5.2
* 3.5.3
* 3.5.4
* 3.6
* 3.6.1
* 3.6.2
* 3.6.3
* 3.6.4
* 3.6.5
* 3.6.6
* 3.6.7
* 3.6.8
* 4.3
* 5.4
* 6.7
* 7.3
* 8.1
* 8.1.1
* 8.1.2
* 8.1.3
* 8.1.4
* 8.1.5
* 8.1.6
* 8.1.7
* 8.1.8
* 8.4
* 8.8
* 9.10
* 9.10
* 10.9
* 11.6
* 12.1.1
* 12.4
* SAQ-A
......@@ -35,59 +35,7 @@ Non-public information relating to this security control as well as links to the
## Framework Mapping
* ISO
* A.5.1.1
* A.6.1.1
* A.6.1.5
* A.6.2.1
* A.6.2.2
* A.9.1.1
* A.10.1.1
* A.11.2.9
* A.13.2.1
* SOC2 CC
* CC1.1
* CC1.2
* CC1.3
* CC2.2
* CC2.3
* CC3.1
* CC3.2
* CC5.1
* CC5.2
* PCI
* 1.5
* 2.5
* 3.7
* 4.3
* 5.4
* 6.7
* 7.3
* 8.1
* 8.1.1
* 8.1.2
* 8.1.3
* 8.1.4
* 8.1.5
* 8.1.6
* 8.1.7
* 8.1.8
* 8.4
* 8.8
* 9.10
* 10.8
* 10.9
* 11.6
* 12.1
* 12.3
* 12.3.1
* 12.3.10
* 12.3.2
* 12.3.3
* 12.3.4
* 12.3.5
* 12.3.6
* 12.3.7
* 12.3.8
* 12.3.9
* 12.4
* SAQ-A
......@@ -54,21 +54,8 @@ Non-public information relating to this security control as well as links to the
## Framework Mapping
* ISO
* A.6.1.1
* SOC2 CC
* CC1.1
* CC1.4
* CC1.3
* CC1.5
* CC2.2
* CC2.3
* PCI
* 1.1.5
* 12.10.1
* 12.4
* 12.5
* 12.5.1
* 12.5.2
* 12.5.3
* 12.5.4
* 12.5.5
* SAQ-A
......@@ -105,10 +105,5 @@ Examples of evidence an auditor might request to satisfy this control:
## Framework Mapping
* ISO
* A.14.1.1
* A.14.2.5
* SOC2 CC
* CC8.1
* PCI
* 6.3
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment