Gitlab hero border pattern left svg Gitlab hero border pattern right svg

VUL.4.01 - Enterprise Protection Control Guidance

VUL.4.01 - Enterprise Protection

Control Statement

Where applicable and technically feasible, GitLab implements mechanisms to protect in-scope endpoints from threats such as malware and malicious actors.


This control outlines the components of a successfully deployed protection program which helps add another layer of risk mitigation to the GitLab environment. The applicability in this control is left vague since we have to apply some reason to this control. The intent of this control is to monitor and protect GitLab endpoints.


This control applies to all systems within our production environment. The production environment includes all endpoints and cloud assets used in hosting and its subdomains. This may include third-party systems that support the business of



Any production systems we are not utilizing Uptycs or Fleetsmith on should have a documented justification for why it isn't applicable. It is fine to have different tools securing different systems, but the more different solutions we use, the more complexity we introduce into the maintenance of this control.

Apple Macbook Pro Laptops

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Enterprise Protection control issue.

Policy Reference

Framework Mapping