Purpose The goal of this handbook page is to document the goals and priorities for the automation in compliance within the Security Compliance team at GitLab. Automations are built and enabled through the support of GitLab’s Security Assurance Automation team for technical implementations.
Core Focuses Support the business by automating security processes, compliance controls, and finding automation efficiencies. Develop and maintain automated solutions that enhance our security posture, streamline compliance efforts, and provide continuous monitoring of our systems and infrastructure.
Control Health and Effectiveness Ratings (CHER) determine a GitLab Security Control's overall control health and effectiveness.
Governance and Field Security team charter
Field Security Team The Field Security team serves as the public representation of GitLab’s internal Security function. Our vision is to be the leading example in collaborative and transparent Customer Assurance Programs. Our mission is to empower the GitLab community with confidence and trust that their data is protected with high levels of security assurance to drive revenue growth. We partner with our fellow GitLab team members and customers to provide a pathway to yes!
Governance and Field Security Team Charter
This procedure details the creation process for observations.
This details the remediation process for observations.
The Compliance Production Readiness Assessment is a process designed to make it clear what obligations systems owners have for configuring and hardening a system/tool/service in order for GitLab to meet its compliance and regulatory obligations.
Security Compliance, Commercial Team Page
Security Compliance (Dedicated Markets) Mission Our Mission is to advance customer trust with a focus on customers operating in highly regulated industries or who otherwise have unique security and compliance requirements. We will accomplish this mission by:
Enabling GitLab Dedicated to be the most trusted DevSecOps offering in the market, demonstrated by security certifications and attestations. Achieving and maintaining industry-specific security certifications such as FedRAMP and FIPS 140-2 compliance for the U.
Security Governance Program
A glossary of common Security Terms that may be encountered in Security Assurance documentation.
This procedure details the process for determining System Risk Score.
Technical and Organizational Security Measures for GitLab Cloud Services
Technical Security Validation