Compliance frameworks (#4082) · Epics · GitLab.org

Compliance frameworks

### Summary In `12.10` we launched [compliance framework project labels](https://docs.gitlab.com/ee/user/project/settings/#compliance-framework-premium), which was designed to help identify projects with compliance requirements and special workflows or controls in place vs unregulated projects that could operate in a much less strict manner. In the time since we released this feature, we've learned a lot and particularly how to make this feature more flexible in support of the `Compliance Management` category. This epic serves to capture the roadmap for iterating towards a more comprehensive solution that will enable organizations to: * Define their own, custom set of project labels to be used for targeting compliance control enforcement * Map the project labels to project templates to standardize project creation in a compliant manner * Associate compliance pipeline configurations with labels to selectively enforce compliance pipeline requirements only for regulated projects * Apply more strict membership workflows for regulated projects, such as requiring an approval process for membership changes in compliance labeled projects |Default options|New Framework (blank)|Form populated (regulated picked)|Custom scoped framework|Edit framework| |---|---|---|---|---| |![Settings___General](/uploads/0d0e16e7fd963eae5344067c6754a5fd/Settings___General.png)|![2](/uploads/a3ffa34b0c5c473b37b22d61acc0eaa8/2.png)|![3](/uploads/598a0ca6794b708b7abe9d3bbc0a6f37/3.png)|![Settings___General__New_label_](/uploads/dd711b80b6ddd8d7065a9baf1cd03385/Settings___General__New_label_.png)|![5](/uploads/356c8cc27cafaccc08f385f044dbc202/5.png)| ### Implementation Order There are several issues and epics that build upon or leverage the custom compliance frameworks concept. This is a list of those issues and in the order that may be the most appropriate in terms of order of implementation: - [x] https://gitlab.com/gitlab-org/gitlab/-/issues/273098 - [x] https://gitlab.com/gitlab-org/gitlab/-/issues/255340 - [x] https://gitlab.com/gitlab-org/gitlab/-/issues/254389 - [ ] https://gitlab.com/gitlab-org/gitlab/-/issues/220190 - [ ] https://gitlab.com/groups/gitlab-org/-/epics/4795 ### Related issues - [ ] https://gitlab.com/groups/gitlab-org/-/epics/3156 (removed because compliance frameworks are a part of the solution) - [ ] https://gitlab.com/groups/gitlab-org/-/epics/4367 (related but compliance frameworks are relevant primarily for enforcement and not the initial standardization and inheritance solution) - [ ] https://gitlab.com/gitlab-org/gitlab/-/issues/18488 (doesn't current show mockups using compliance frameworks, but is likely to leverage similar logic) - [ ] https://gitlab.com/gitlab-org/gitlab/-/issues/221261 (same as above; may benefit from leveraging compliance frameworks to scope enforcement)

epic