https://handbook.gitlab.com/tags/security_policy_au/ Recent content in Security_policy_au on The GitLab Handbook Hugo en-US https://handbook.gitlab.com/handbook/security/security-and-technology-policies/audit-logging-policy/ Mon, 01 Jan 0001 00:00:00 +0000 https://handbook.gitlab.com/handbook/security/security-and-technology-policies/audit-logging-policy/ <span class="gl-label gl-label-text-light" style=" --label-background-color: #E24329; --label-inset-border: inset 0 0 0 2px #E24329; " > <span class="gl-link gl-label-link"> <span class="gl-label-text"> Visibility: Audit </span> </span> </span> <h2 id="purpose">Purpose<a class="td-heading-self-link" href="#purpose" aria-label="Heading self-link"></a></h2> <p>To ensure the proper operation and security of GitLab.com, GitLab logs critical information system activity.</p> <h2 id="scope">Scope<a class="td-heading-self-link" href="#scope" aria-label="Heading self-link"></a></h2> <p>The audit logging policy applies to all systems within our production environment. The production environment includes all endpoints and cloud assets used in hosting GitLab.com and its subdomains. This may include third-party systems that support the business of GitLab.com.</p> https://handbook.gitlab.com/handbook/engineering/gitlab-com/policies/teleport/ Mon, 01 Jan 0001 00:00:00 +0000 https://handbook.gitlab.com/handbook/engineering/gitlab-com/policies/teleport/ <h2 id="purpose">Purpose<a class="td-heading-self-link" href="#purpose" aria-label="Heading self-link"></a></h2> <p>To ensure an audited access to our terminal/CLI tools like <a href="https://gitlab.com/gitlab-com/runbooks/-/blob/master/docs/teleport/Connect_to_Database_Console_via_Teleport.md">Database Access</a> and <a href="https://gitlab.com/gitlab-com/runbooks/-/blob/master/docs/teleport/Connect_to_Rails_Console_via_Teleport.md">Rails Console</a>, GitLab uses Teleport.</p> <h2 id="scope">Scope<a class="td-heading-self-link" href="#scope" aria-label="Heading self-link"></a></h2> <p>The Teleport Access policy applies to all systems within our production environment that require a terminal or CLI access.</p> <h2 id="roles--responsibilities">Roles &amp; Responsibilities<a class="td-heading-self-link" href="#roles--responsibilities" aria-label="Heading self-link"></a></h2> <table> <thead> <tr> <th>Role</th> <th>Responsibility</th> </tr> </thead> <tbody> <tr> <td>GitLab Team Members</td> <td>Responsible for following the requirements in this policy</td> </tr> <tr> <td>System Owners</td> <td>Alignment to this policy</td> </tr> <tr> <td>Code Owners</td> <td>Responsible for approving changes and exceptions to this policy</td> </tr> </tbody> </table> <h2 id="procedure">Procedure<a class="td-heading-self-link" href="#procedure" aria-label="Heading self-link"></a></h2> <ul> <li>Teleport access is managed through <a href="https://handbook.gitlab.com/handbook/security/corporate/end-user-services/okta/">Okta</a> and is provided as part of a role&rsquo;s baseline group assignment or through an <a href="https://handbook.gitlab.com/handbook/security/corporate/services/access-requests/">access request</a> with appropriate approval</li> <li>Access reviews are performed on a quarterly basis to ensure that all users are appropriate and have appropriate access levels.</li> <li>Teleport Audit Logs must be retained for a defined period of 1 year</li> <li>Teleport Audit Logs must not be modified and or deleted before the defined time of 1 year</li> <li>Access to Teleport Audit log data must be limited based on the principle of least privilege</li> </ul> <h2 id="exceptions">Exceptions<a class="td-heading-self-link" href="#exceptions" aria-label="Heading self-link"></a></h2> <p>Exceptions to this policy will be tracked as per the <a href="https://handbook.gitlab.com/handbook/security/#information-security-policy-exception-management-process">Information Security Policy Exception Management Process</a></p>