Gitlab hero border pattern left svg Gitlab hero border pattern right svg

IAM.1.04 - Logical Access Review Control Guidance

On this page

IAM.1.04 - Logical Access Review

Control Statement

GitLab performs account and access reviews quarterly; corrective action is taken where applicable.

Context

Access review is often viewed as a pain, but it's among the easiest ways to secure an environment. Many other security controls depend on the assumption that only authorized individuals have access to production systems. This control is meant to capture any deficiencies in our access provisioning and de-provisioning processes.

Scope

This control applies to all individuals and groups with access to the GitLab production environment. This can include access to any systems which in turn have any interaction with GitLab's production environment.

Ownership

TBD

Implementation Guidance

For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.

For all reference links relevant to this control, refer to the full guidance documentation.

Examples of evidence an auditor might request to satisfy this control

For examples of evidence an auditor might request, refer to the full guidance documentation.

Framework Mapping