Commit f9d58fc0 authored by Nik Sarosy's avatar Nik Sarosy Committed by Jeff Burrows

GCF control hb page updates

parent e0c7095b
......@@ -23,10 +23,10 @@ Under certain conditions, like a zero-day vulnerability or out-of-band software
This control applies to all systems within our production environment. The production environment includes all endpoints and cloud assets used in hosting GitLab.com and its subdomains. This may include third-party systems that support the business of GitLab.com.
nt* Control Owners:
* Control Owners:
* Infrastructure
* Process owner(s):
* Infrastructure
* Infrastructure
## Additional control information and project tracking
......@@ -41,4 +41,4 @@ Examples of evidence an auditor might request to satisfy this control:
## Framework Mapping
* SOC2 CC
* CC8.1
\ No newline at end of file
* CC8.1
......@@ -29,7 +29,7 @@ This control applies to all systems within our production environment. The produ
* Process owner(s):
* System Owners
* Business Operations
* Security Operations
* SIRT Team
* Security Compliance
......
......@@ -26,8 +26,11 @@ This control applies to all systems within our [production environment](https://
## Ownership
Control Owner: `Security Operations`
Process Owner: `Security Operations`
* Control Owner:
* `SIRT Team`
* Process Owner:
* `SIRT Team`
## Guidance
Depending on whether we use an agent-based scanner or an agentless scanner, the approach to implementation will differ. It's important to conduct these scans on a regular basis and to record all scan history so a timeline can be built. This timeline will be the way we prove patching timelines in order to satisfy other security controls.
......
......@@ -18,6 +18,7 @@ External vulnerability scans are conducted by an approved third party vendor on
## Context
Utilization of a third party vendor to scan and validate potential vulnerability results provides checks and balances against our internally conducted scanning processes. Additionally, the third party scanning provides the view of our external network risk that can be potentially exploited to gain access to our environment.
## Scope
This control applies to externally facing systems of our production environment that are in-scope for PCI.
......@@ -34,9 +35,9 @@ graph TB
## Ownership
* Control Owners:
* Security Operations
* SIRT Team
* Process owner(s):
* Security Operations
* SIRT Team
## Additional control information and project tracking
......
......@@ -29,13 +29,13 @@ Control Owner:
* Infrastructure (.com)
* Security Operations (everything else)
* SIRT Team (everything else)
Process Owner:
* Infrastructure (.com)
* Security Operations (everything else)
* SIRT TEAM (everything else)
## Guidance
......
......@@ -27,8 +27,8 @@ This control applies to all systems within our production environment. The produ
## Ownership
* gitlab.com and live production environments
* Security Operations - responsible for maintenance and monitoring of Uptycs
* Infrastructure - responsible for addressing Uptycs findings
* SIRT - responsible for maintenance and monitoring of osquery
* Infrastructure - responsible for addressing osquery findings
* Laptops
* Security Management- responsible for enforcement of endpoint management
......
......@@ -25,7 +25,8 @@ This control applies to all GitLab source code.
## Ownership
* Control Owner: `Application Security`
* Control Owner:
* `Application Security`
* Process owner(s):
* All GitLab Teams
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment