New user access requests follow an access provisioning workflow. Request forms and authorization are documented and retained.
The purpose of this control is to ensure there is a process in place to review and authorize new user account requests. Ensuring only people who require access to a system or service receive access, helps improve GitLab's overall security posture by limiting the number of accounts with access and reducing the overall likelihood of an account being compromised.
This control applies to any system or service where user accounts can be provisioned.
Non-public information relating to this security control as well as links to the work associated with various phases of project work can be found in the New Access Provisioning control issue.