Clarify vendor dependency DR latest guidance (!118409) · Merge requests · GitLab.com / www-gitlab-com

Corey Oas requested to merge corey-oas-master-patch-01135 into master Jan 23, 2023

Clarified information on vendor dependencies
Removed vendor dependency as a separate DR request type
Update guidance instructing teams to not submit vendor dependency Risk Adjustments pending automation

If automation does submit Risk Adjustment DRs for current open vendor dependencies, we will need to sort through the backlog of vulnerability issues and ensure we can identify them with the FedRAMP Vendor Dependency label.

Clarify vendor dependency DR latest guidance

Merge request reports