Gitlab hero border pattern left svg Gitlab hero border pattern right svg

IAM.4.03 - Remote Maintenance: Authentication Sessions

On this page

IAM.4.03 - Remote Maintenance: Authentication Sessions

Control Statement

Vendor accounts used for remote access are enabled only during the time period needed, disabled when not in use, and monitored while in use.

Context

Limiting the ability for vendor accounts to access GitLab data directly reduces the attack surface of the organization.

Scope

This control applies to:

Ownership

TBD

Guidance

TBD

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Remote Maintenance: Authentication Sessions issue .

Policy Reference

TBD

Framework Mapping

TBD