Add NIST 800-53R5 control project template

What does this MR do and why?

Adds a NIST 800-53r5 project template, based on the NIST 800-53R5-Security and Privacy Controls for Information Systems and Organizations specifications.

This template will be used to create a controls management project within GitLab as well as set up a structure to operate pipelines and update specific control outcomes that are tested by the defined pipeline created by the user.

MR acceptance checklist

Conformity

• Changelog entry
• [-] Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• [-] Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• [-] Tested in all supported browsers
  • [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• [-] Label as security and @ mention @gitlab-com/gl-security/appsec
• [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• [-] Security reports checked/validated by a reviewer from the AppSec team

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

#288296 (closed)

added backend frontend labels

	6 Warnings
	c15ecaac: The commit subject must start with a capital letter. For more information, take a look at our Commit message guidelines.
	968f5688: The commit subject may not be longer than 72 characters. For more information, take a look at our Commit message guidelines.
	968f5688: The commit subject must start with a capital letter. For more information, take a look at our Commit message guidelines.
	4fa737ef: The commit subject must start with a capital letter. For more information, take a look at our Commit message guidelines.
	featureaddition and featureenhancement merge requests normally have a documentation change. Consider adding a documentation update or confirming the documentation plan with the Technical Writer counterpart. For more information, see: The Handbook page on merge request types. The definition of done documentation.
	This merge request does not refer to an existing milestone.

	1 Message
	CHANGELOG missing: If this merge request needs a changelog entry, add the Changelog trailer to the commit message you want to add to the changelog. If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.

Reviewer roulette

Category	Reviewer	Maintainer
backend	@atevans (UTC-7)	@10io (UTC+2)
frontend	@andr3 (UTC+1)	@kushalpandya (UTC-4)
UX	@pedroms (UTC+1)	Maintainer review is optional for UX

Please check reviewer's status!

• Reviewer is available!
• Reviewer is unavailable!

Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

added pipelinetier-1 label

@skamani - please see the following guidance and update this merge request.

	1 Error
	Please add typebug typefeature, or typemaintenance label to this merge request.

Bundle size analysis [beta]

This compares changes in bundle size for entry points between the commits 0fc73b20 and c15ecaac

Special assets

Entrypoint / Name	Size before	Size after	Diff	Diff in percent
average	4.31 MB	4.31 MB	-	0.0 %
mainChunk	3.3 MB	3.3 MB	-	0.0 %

---

Note: We do not have exact data for 0fc73b20. So we have used data from: ea588cc1.
The intended commit has no webpack pipeline, so we chose the last commit with one before it.

Please look at the full report for more details

---

Read more about how this report works.

Generated by Danger

added Community contribution label

added linked-issue label

@gitlab-bot ready

Adding Community contribution as this comes from the co-creation initiative. This helps to understand the full process.

added workflowready for review label

Hi Coach @oksanakohuch-ext, this Community contribution is ready for review or needs your coaching.

• Do you have capacity and domain expertise to review this? If not, find one or more reviewers and assign to them.
• If you've reviewed it, add the workflowin dev label if these changes need more work before the next review.

This message was generated automatically. You're welcome to improve it.

requested review from @oksanakohuch-ext

assigned to @skamani

added featureaddition typefeature labels

added groupsource code label

added Category:Source Code Management devopscreate sectiondev labels

resolved all threads

requested review from @dbiryukov

requested review from @andr3 and removed review request for @oksanakohuch-ext

Hi, @skamani Thanks for contributing!

Hi @dbiryukov Could you do an initial backend review?

Hi @andr3 Could you do an initial frontend review?

approved this merge request

requested review from @kushalpandya

added pipeline:mr-approved label

added pipelinetier-2 label and removed pipelinetier-1 label

@andr3, thanks for approving this merge request.

This is the first time the merge request has been approved. To ensure we don't only run predictive pipelines, and we don't break master, a new pipeline will be started shortly.

Please wait for the pipeline to start before resolving this discussion and set auto-merge for the new pipeline. See merging a merge request for more details.

E2E Test Result Summary

allure-report-publisher generated test report!

e2e-test-on-gdk: test report for c15ecaac

expand test summary

+------------------------------------------------------------------+
|                          suites summary                          |
+-------------+--------+--------+---------+-------+-------+--------+
|             | passed | failed | skipped | flaky | total | result |
+-------------+--------+--------+---------+-------+-------+--------+
| Create      | 121    | 0      | 10      | 93    | 131   | ✅     |
| Plan        | 54     | 0      | 2       | 47    | 56    | ✅     |
| Govern      | 64     | 0      | 1       | 41    | 65    | ✅     |
| Verify      | 30     | 0      | 2       | 29    | 32    | ✅     |
| Package     | 19     | 0      | 12      | 19    | 31    | ✅     |
| Monitor     | 8      | 0      | 0       | 7     | 8     | ✅     |
| Analytics   | 1      | 0      | 1       | 0     | 2     | ✅     |
| Release     | 5      | 0      | 0       | 5     | 5     | ✅     |
| Data Stores | 31     | 0      | 0       | 22    | 31    | ✅     |
| Manage      | 0      | 0      | 1       | 0     | 1     | ➖     |
+-------------+--------+--------+---------+-------+-------+--------+
| Total       | 333    | 0      | 29      | 263   | 362   | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+

e2e-package-and-test: test report for c15ecaac

expand test summary

+------------------------------------------------------------------+
|                          suites summary                          |
+-------------+--------+--------+---------+-------+-------+--------+
|             | passed | failed | skipped | flaky | total | result |
+-------------+--------+--------+---------+-------+-------+--------+
| Create      | 463    | 0      | 51      | 5     | 514   | ✅     |
| Govern      | 26     | 0      | 0       | 0     | 26    | ✅     |
| Plan        | 44     | 0      | 4       | 0     | 48    | ✅     |
| Data Stores | 22     | 0      | 0       | 0     | 22    | ✅     |
| Package     | 6      | 0      | 8       | 0     | 14    | ✅     |
| Verify      | 8      | 0      | 2       | 0     | 10    | ✅     |
| Release     | 2      | 0      | 0       | 0     | 2     | ✅     |
| Monitor     | 8      | 0      | 0       | 0     | 8     | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+
| Total       | 579    | 0      | 65      | 5     | 644   | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+

approved this merge request

added pipelinetier-3 label and removed pipelinetier-2 label

removed review request for @kushalpandya

added UX label

added 1 commit

• 4fa737ef - renamed the tar.gz file to match the name in project_template.rb

Compare with previous version

Thanks for helping us improve the UX of GitLab. Your contribution is appreciated! We have pinged our UX team, so stay tuned for their feedback.

This message was generated automatically. You're welcome to improve it.

reset approvals from @kushalpandya by pushing to the branch

added 1 commit

• 968f5688 - changed the security and privacy to be all small letters in the description text

Compare with previous version

added pipelinetier-2 label and removed pipelinetier-3 label

approved this merge request

added 1 commit

• 98fb0aff - Added new template name to the project template test helper

Compare with previous version

added 1 commit

• c15ecaac - updated the translations file

Compare with previous version

approved this merge request

LGTM

@ahuntsman Could you please perform a backend maintainer review?

requested review from @ahuntsman and removed review request for @dbiryukov

approved this merge request

removed review request for @ahuntsman

added pipelinetier-3 label and removed pipelinetier-2 label

added pipelinetier-3 label and removed pipelinetier-2 label

resolved all threads

enabled an automatic merge when the pipeline for 78b07283 succeeds

merged

@skamani, how was your code review experience with this merge request? Please tell us how we can continue to iterate and improve:

1. React with a or a on this comment to describe your experience.
2. Create a new comment starting with @gitlab-bot feedback below, and leave any additional feedback you have for us in the comment.

Subscribe to the GitLab Community Newsletter for contributor-focused content and opportunities to level up.

Thanks for your help!

This message was generated automatically. You're welcome to improve it.

@skamani, congratulations for getting your first MR merged

If this is your first MR against a GitLab project, we'd like to invite and encourage you to self-nominate yourself for First MR Merged swag prize here.

Thank you again for contributing, what's your next contribution going to be?

This message was generated automatically. You're welcome to improve it.

mentioned in commit 92371af8

changed milestone to %17.1

added workflowstaging-canary label and removed workflowready for review label

added workflowcanary label and removed workflowstaging-canary label

added workflowstaging label and removed workflowcanary label

added workflowproduction label and removed workflowstaging label

added releasedcandidate label

added releasedpublished label and removed releasedcandidate label

mentioned in issue #288296 (closed)

Hey all, this template isn't working.

I found my way here to say the same thing.

mentioned in issue gitlab-com/www-gitlab-com#35084 (closed)