Gitlab hero border pattern left svg Gitlab hero border pattern right svg

IAM.2.02 - Password Authentication Control Guidance

On this page

IAM.2.02 - Password Authentication


User and device authentication to information systems is protected by passwords that meet GitLab's password complexity requirements. GitLab requires system users to change passwords quarterly.


By ensuring passwords are implemented when and where appropriate, sensitive and valuable data is protected from unauthorized access and use. Enforcing GitLab's password complexity requirements further protects that data by reducing the risk of brute force and dictionary attacks that aim to guess user passwords.


This control applies to any system or service where password protection is appropriate.



Implementation Guidance

For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.

For all reference links relevant to this control, refer to the full guidance documentation.

Examples of evidence an auditor might request to satisfy this control

For examples of evidence an auditor might request, refer to the full guidance documentation.

Framework Mapping