GitLab Implement layers of physical security and environmental controls that work together to protect both physical and digital assets from theft and damage.
This control applies to all GitLab endpoint workstations as well as virtual assets within our hosting providers.
| Control Number | Control Title | Control Statement | Goal | TOD | TOE |
|---|---|---|---|---|---|
| PES-01 | Physical & Environmental Protections | GitLab Inc. has established mechanisms to facilitate the operation of physical and environmental protection controls. | Does the organization facilitate the operation of physical and environmental protection controls? | 1. Inspect formal policies, procedures or other relevant documentation that outlines mechanisms used to conduct the implementation and operations of physical and environmental protection controls. 2. Examine policies and procedures for: Purpose; Scope; Roles and responsibilities; Management commitment; Coordination among organizational entities; Compliance; and Implementation requirements. |
1. Examine formal policies, procedures or other relevant documentation to appropriately identify how physical and environmental protection controls are conducted. 2. Interview key organizational personnel within GitLab conducting discussions for evidence that mechanisms exist to conduct physical and environmental security and document in accordance to TOD. |
| PES-02 | Physical Access Authorizations | GitLab Inc. has implemented physical access control mechanisms to maintain a current list of personnel with authorized access to organizational facilities based on the position or role of the individual, (except for those areas within the facility officially designated as publicly accessible). | Does the organization maintain a current list of personnel with authorized access to organizational facilities (except for those areas within the facility officially designated as publicly accessible)? | 1. Inspect formal policies, procedures or other relevant documentation that outlines physical control for authorized access. 2. Examine policies and procedures for: Purpose; Scope; Roles and responsibilities; Management commitment; Coordination among organizational entities; Compliance; and Implementation requirements. |
1. Examine formal policies, procedures or other relevant documentation to appropriately identify how physical and environmental protection controls are conducted with regards to authorized access. 2. Interview key organizational personnel within GitLab conducting discussions for evidence that mechanisms exist to conduct physical and environmental security and document in accordance to TOD. |
| PES-03 | Physical Access Control | GitLab Inc. has implemented physical access control mechanisms to enforce physical access authorizations for all physical access points (including designated entry/exit points) to facilities (excluding those areas within the facility officially designated as publicly accessible). | Does the organization enforce physical access authorizations for all physical access points (including designated entry/exit points) to facilities (excluding those areas within the facility officially designated as publicly accessible)? | 1. Identify policies and procedures responsible for physical access authorizations. 2. Examine policies and procedures for: Purpose; Scope; Roles and responsibilities; Management commitment; Coordination among organizational entities; Compliance; and Implementation requirements. |
1. Examine formal policies, procedures or other relevant documentation to appropriately identify how physical access controls are conducted and monitored with regards to authorized physical access such as access logs and/or, inventory of physical access devices. 2. Interview key organizational personnel within GitLab conducting discussions for evidence that mechanisms exist to conduct physical access security and document in accordance to TOD. |
