GitLab reconciles the established device inventory against the enterprise log repository quarterly; devices which do not forward log data are remediated.
This control is a partner control to CON.1.04 (Configuration Check Reconciliation: CMDB). The purpose of this control is to validate that all devices in the device inventory have corresponding logs. This control is simply a validation of both logging configurations and the GitLab device inventory.
This control applies to all production and enduser endpoints. A production endpoint is one used to host GitLab.com and its subdomains. An enduser endpoint refers to team member laptops.
Security configurations for endpoints can be collected using, for example, endpoint management tools such as Fleetsmith.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the control issue.
Examples of evidence an auditor might request to satisfy this control: