User and device authentication to information systems is protected by passwords that meet GitLab's password complexity requirements. GitLab requires system users to change passwords quarterly.
By ensuring passwords are implemented when and where appropriate, sensitive and valuable data is protected from unauthorized access and use. Enforcing GitLab's password complexity requirements further protects that data by reducing the risk of brute force and dictionary attacks that aim to guess user passwords.
This control applies to any system or service where password protection is appropriate.
For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.
For all reference links relevant to this control, refer to the full guidance documentation.
For examples of evidence an auditor might request, refer to the full guidance documentation.