Endpoint protection mechanisms cannot be disabled or altered by users unless specifically authorized by management
This control outlines the mechanisms utilized to protect endpoints should be secured to not allow disablement or alteration which support the security of the endpoint that is connected to the GitLab network.
This control applies to all systems within our production environment. The production environment includes all endpoints and cloud assets used in hosting GitLab.com and its subdomains. This may include third-party systems that support the business of GitLab.com.
Any production systems we are not utilizing Uptycs or Fleetsmith on should have a documented justification for why it isn't applicable. It is fine to have different tools securing different systems, but the more different solutions we use, the more complexity we introduce into the maintenance of this control.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the Enterprise Protection Tampering control issue.