Vendor-supplied default passwords are changed according to GitLab standards prior to device installation on the GitLab network or immediately after software or operating system installation.
Changing the default password will strengthen the baseline configuration and reduce the ability for the system/device to become compromised.
This control applies to all hosted systems (e.g. VM's and GCP compute services) as well as end user workstations (e.g. GitLab team-members' MacBooks) and all third-party applications utilized by GitLab.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.