Optionally generate a tamper-proof chain of custody csv report
Problem to solve
Many organizations rely on a "data classification policy", or similar, as part of their Information Security program. An element of this policy defines the types of data that should be classified as public
, internal use
, confidential
, etc. In situations where this policy extends to evidence artifacts pulled from GitLab, such as a chain of custody export, it may be necessary to provide capabilities to encrypt or otherwise safeguard these artifacts against tampering, misuse, or unauthorized access and dissemination.
Currently, there is no way to achieve this for GitLab exportable csv documents.
Intended users
- Sidney (Systems Administrator)
- Sam (Security Analyst)
- The management stakeholders who adhere to any auditing process. To be defined in a new Compliance Persona
Further details
Proposal
Provide an optional mechanism to encrypt or otherwise protect and audit the CSV exports. This implementation likely has two components:
- Encrypt or sha-sign the csv export (is one more feasible than the other?)
- Create an entry in the
Audit Events
table:User
exportedchain of custody report
with SHAhash
ondate/time
Permissions and Security
Only admins
and group owners
should be able to access this feature.