Logical access provisioning to information systems requires approval from appropriate personnel.
The purpose of this control is to ensure there is a process in place to review and authorize new user account requests. Ensuring only people who require access to a system or service receive access helps improve GitLab's overall security posture by limiting the number of accounts with access and reducing the overall likelihood of an account being compromised.
This control applies to any system or service where user accounts can be provisioned.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.