Quarterly, reviews shall be performed with approved documented specification to confirm personnel are following security policies and operational procedures pertaining to:
Reviews ensure that the process we've designed are operating as intended. The above list represents the common ways attackers can exploit systems to steal, delete, or alter information.
This control has been found to be not applicable (N/A) to GitLab. The underlying control mappings apply only to PCI Service Providers. GitLab is not a PCI Service Provider, so this control is not applicable.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Self-Assessments issue .