UX: Compliance Controls Dashboard Vision

** This was a planning issue and has been promoted to an epic to better keep organization. **

Statement

Can we build a tool that allows users to manage, and audit compliance across their organization, all from a single location.

Requirements

What is needed for a "dashboard" that offers compliance settings, feature growth, and reporting.

https://about.gitlab.com/handbook/engineering/security/sec-controls.html#gitlab-control-framework-gcf

Ability to audit compliance

Reporting / Analytics?

Enable compliance restrictions at appropriate levels.

Technical Background from @mattgonzales

A three phase approach to implementing the GCF as the standard framework for introducing compliance controls to projects.

Phase 1

Determine the specific control families that apply to a customer's use of GitLab.

Complete the mapping of GitLab features to the GCF based on the chosen families.

Phase 2

Create an MVC using one control from one family that customers can apply to Project. (e.g. CM.1.02 - Change Approval)

Create an MVC report for a Project compliance controls output. (e.g. a csv report showing the project has [Control1, Control2, Control3] with links to GCF)

Incorporate this data into the group-level compliance dashboard.

Phase 3

Iterate on the the control MVC to add additional control options (e.g. IAM.1.01 - Logical Access Provisioning Control Guidance and RM.3.01 - Remediation Tracking)

Edited Mar 03, 2020 by Daniel Mora