Share more information about the compliance control selected when mapping internal compliance controls to requirements

Background

When creating a compliance framework, users have the ability to map compliance controls to requirements. They are usually presented with this modal, where they are able to provide the Requirement name, description, and select the internal & external controls that they would like to map to said Requirement :

Screenshot 2025-04-16 at 10.35.48 am.png

The instructions before the control drop down provides a hyperlink to the docs, where more guidance/information is provided about the controls and what they do.

Problem

An issue exists where users are not able to understand/tell:

  • What control they are selecting;
  • What they do in the product;
  • Why it is important to select that control; and
  • What other compliance frameworks, standards, laws or regulations would that control be associated with.

Although they do have the docs to look at to understand the controls a little bit more, we should support controls as a first class feature within GitLab, which may necessitate providing more of this information within the UI itself, rather than outside in the docs.

Solution

One way of providing this information is to provide a hover over or separate modal/window that provides:

  • The title of the control;
  • A short description of the control, especially what it does in the product; and
  • The other frameworks that is associated with the control.

The following mockup shows an example of how this could look like. Please do not consider this mockup as final :

Screenshot 2025-04-16 at 10.45.13 am.png

This will help the user understand all the contextual information they need to make a decision about which control they need to map to the requirements that they have written down.

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Edited by 🤖 GitLab Bot 🤖