Security Policies and Standards

List of policies and standards

A list of policies and standards including both internal and external ones is available on the internal handbook. Information on how to add to the list below is available there as well.

List of public policies and standards

• Access Control (AC) or Identification and Authentication (IA)
  • Policies
    • Access Management Policy
    • GitLab Teleport Access Policy
  • Standards
    • Access Requests (ARs)
    • Access Review Procedure
    • GitLab Password Standards
• Awareness and Training (AT)
  • Policies
  • Standards
    • Security Awareness Training Standard
• Audit and Accountability (AU)
  • Policies
    • GitLab Audit Logging Policy
    • GitLab Teleport Access Policy
  • Standards
    • GitLab Security Logging Standards
• Assessment, Authorization, and Monitoring (CA), Planning (PL), System and Communications Protection (SC), or System and Information Integrity (SI)
  • Policies
    • Backups of GitLab.com
    • Encryption Policy
    • GCF Security Control Lifecycle
    • GitLab Internal Acceptable Use Policy
    • GitLab Security Compliance Controls
    • Information Security and Artificial Intelligence Management System
    • Monitoring of GitLab.com
    • Penetration Testing Policy
    • Production Architecture
    • Security and Technology Policies Management
    • Software Development Lifecycle Policy
  • Standards
    • GitLab Cryptography Standard
    • GitLab Data Classification Standard
    • GitLab Token Management Standard
    • Software Development Lifecycle Standard
• Configuration Management (CM) or Maintenance (MA)
  • Policies
    • Change Management Policy
  • Standards
    • GitLab Projects Baseline Requirements
    • Records Retention & Disposal
• Contingency Planning (CP) or Incident Response (IR)
  • Policies
    • Business Continuity Plan
  • Standards
    • Security Incident Response Guide
• Media Protection (MP)
  • Policies
  • Standards
• Physical and Environmental Protection (PE)
  • Policies
  • Standards
    • Physical Security Standard for Company Assets
• Personnel Security (PS)
  • Policies
    • People Policies
  • Standards
    • GitLab Offboarding Standards
• Risk Assessment (RA)
  • Policies
  • Standards
    • Security and Technology Operational Risk Management (STORM) Program & Procedures
    • Vulnerability Management
• System and Services Acquisition (SA) or Supply Chain Risk Management (SR)
  • Policies
  • Standards
    • Security Third Party Risk Management

View page source - Edit this page - please contribute.