Gitlab hero border pattern left svg Gitlab hero border pattern right svg

VUL.4.02 - Enterprise Protection Tampering Control Guidance

VUL.4.02 - Enterprise Protection Tampering

Control Statement

Endpoint protection mechanisms cannot be disabled or altered by users unless specifically authorized by management


This control outlines the mechanisms utilized to protect endpoints should be secured to not allow disablement or alteration which support the security of the endpoint that is connected to the GitLab network.


This control applies to all systems within our production environment. The production environment includes all endpoints and cloud assets used in hosting and its subdomains. This may include third-party systems that support the business of



Any production systems we are not utilizing Uptycs or Fleetsmith on should have a documented justification for why it isn't applicable. It is fine to have different tools securing different systems, but the more different solutions we use, the more complexity we introduce into the maintenance of this control.

Additional control information and project tracking

Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Enterprise Protection Tampering control issue.

Policy Reference

Framework Mapping