Gitlab hero border pattern left svg Gitlab hero border pattern right svg

RM.1.04 - Service Risk Rating Assignment Control Guidance

On this page

RM.1.04 - Service Risk Rating Assignment

Control Statement

Quarterly, GitLab prioritizes the frequency of vulnerability discovery activities based on an assigned service risk rating.

Context

The purpose of this control is to prioritize security resources and efforts to the services that benefit the most from them. By prioritizing services based on risk rating, we can allocate time and resource to the places that would most benefit from them.

Scope

This control applies to all GitLab applications and services.

Ownership

TBD

Implementation Guidance

For detailed implementation guidance relevant to GitLab team-members, refer to the full guidance documentation.

For all reference links relevant to this control, refer to the full guidance documentation.

Examples of evidence an auditor might request to satisfy this control

For examples of evidence an auditor might request, refer to the full guidance documentation.

Framework Mapping