Commit f47609a8 authored by Melissa Farber's avatar Melissa Farber Committed by Jeff Burrows
Browse files

Added policy reference links to the Logical Access Control handbook page

parent ca084962
......@@ -25,7 +25,7 @@ This control applies to all systems within our production environment. The produ
 
## Ownership
 
* Control Owner: `Security`
* Control Owner: Security
* Process owner(s):
* System Owners
* Business Operations
......@@ -35,7 +35,7 @@ This control applies to all systems within our production environment. The produ
 
## Guidance
 
Quarterly access reviews should be established using automation to preserve the validity of the user access list. The bulk of these reviews can be automated and only the outliers will need to be manually reviewed. The process owner should use role-based authentication whenever possible to make this control easier.
Quarterly access reviews should be established, and where possible, use automation to preserve the validity of the user access list. The bulk of these reviews can be automated and only the outliers will need to be manually reviewed. The process owner should use role-based authentication whenever possible to make this control easier.
 
## Additional control information and project tracking
 
......@@ -44,7 +44,14 @@ Non-public information relating to this security control as well as links to the
Examples of evidence an auditor might request to satisfy this control:
* Quarterly Access Reviews
 
### Policy Reference
## Policy Reference
* [Access Review Policy and Procedures](https://about.gitlab.com/handbook/engineering/security/#access-reviews)
* [Timing of Quarterly Access Reviews](https://about.gitlab.com/handbook/engineering/security/#timing-of-quarterly-access-reviews)
* [User Access Listing Generation Procedures and Guidelines Runbook](https://gitlab.com/gitlab-com/gl-security/compliance/compliance/blob/master/runbooks/Access_Review_Runbook.md)
 
## Framework Mapping
 
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment