Gitlab hero border pattern left svg Gitlab hero border pattern right svg

NO.1.01 - Network Policy Enforcement Points Control Guidance

On this page

NO.1.01 - Network Policy Enforcement Points

Control Statement

Network traffic to and from untrusted networks passes through a policy enforcement point; firewall rules are established in accordance to identified security requirements and business justifications.


Effective network traffic policies help minimize the risk of network-based attacks, including denial of service attacks and malicious data exfiltration. By requiring ingress and egress rules be mapped to security requirements and business justifications, we can limit the number of unnecessarily open ports to protect customer, GitLab team-member teammember, and partner data.


This control applies to all systems within our production environment. The production environment includes all endpoints and cloud assets used in hosting and its subdomains. This may include third-party systems that support the business of


Control Owner:

Process Owner:


Control should be designed to ensure we don't default to "allow all" traffic and instead put in place reasonable barriers for access to our production network.

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Network Policy Enforcement Points control issue.

Policy Reference

Framework Mapping