GitLab reconciles the established device inventory against the enterprise log repository quarterly; devices which do not forward log data are remediated.
This control is a partner control to CON.1.04 (Configuration Check Reconciliation: CMDB). The purpose of this control is to validate that all devices in the device inventory have corresponding logs. This control is simply a validation of both logging configurations and the GitLab device inventory.
This control applies to all production hosts and enduser devices. A production host is one used to host GitLab.com and its subdomains. An enduser devices refers to team member laptops.
IT Ops, Infrastructure
Logs for team member devices can be collected using, for example, tools such as Drivestrike; such tools often have the capability to automatically identify and alert on devices which are not sending logs. Production hosts not sending logs can be alerted on by comparing a list of hosts which have recently sent logs with a known source of all hosts, where if the former doesn't have all the hosts from the latter, it's an indicator that logs aren't being sent from those missing hosts.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the control issue.
Examples of evidence an auditor might request to satisfy this control: