GitLab govern the use of SaaS cloud environments to holistically manage risks associated with third-party involvement and architectural decisions, as well as to ensure the portability of data to change cloud providers, if needed.
This control applies to all third party providers that interact with data within the GitLab production environment, or any third party providers that a GitLab production system relies upon.
The owner of this control is Security Compliance.
| Control Number | Control Title | Control Statement | Goal | TOD | TOE |
|---|---|---|---|---|---|
| CLD-01 | Cloud Services | GitLab Inc. has implemented mechanisms to facilitate the implementation of cloud management security controls to ensure cloud instances are secure and in-line with industry best practices. | Does the organization facilitate the implementation of cloud management controls to ensure cloud instances are secure and in-line with industry practices? | 1. Identify industry best practices utilized to implement cloud management security controls. 2. Identify policies and procedures responsible for the implementation, management, contractual terms and security of cloud instances. 3. Examine policies and procedures for: purpose; scope; roles and responsibilities; management commitment; coordination among organizational entities; compliance; and implementation requirements. |
1. Examine contractual terms, cloud instance security controls and cloud management documentation for evidence that cloud instance security is in line with identified industry best practices. |
