integrate with Xacta to provide GRC data for Security Compliance processing
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
In the US Federal Government sector, all applications built have to go through a Authorization to Operate (ATO) process. In this process the compliance manager would select a set of controls that apply to the system, and then monitor the implementation. This six stage process is known as the Risk Management Framework (RMF). To facilitate this process, various tools like Xacta and RSA Archer have capabilities to automate the process. GitLab offers the ability to perform security scans and threat monitoring. Data from GitLab can be fed to Xacta to deliver extremely high value automation of collection of compliance data that assists in ATO and FedRamp processes across the sector.
Intended users
- Cameron (Compliance Manager)
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Devon (DevOps Engineer)
- Sidney (Systems Administrator)
- Sam (Security Analyst)
- Rachel (Release Manager)
- Alex (Security Operations Engineer)
- Simone (Software Engineer in Test)
User experience goal
The external system should be able to receive various types of data from GitLab, including Security Scan results and Threat monitoring logs.
Proposal
Provide a connector for Xacta to integrate with GitLab to receive the data.
Further details
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
Success would be indicative of Compliance solutions across various industries including the US Federal Sector. It can be measured in adoption of Secure and Defend stages as well as Compliance aspects of GitLab. Mission critical systems can adopt GitLab.