Create a project template containing NIST 800-53 R5 control issues
Problem to solve
Some workflows are highly repeatable, such as NIST SP 800-53 R5 compliance. Currently, GitLab does not provide a native experience to help NIST-regulated customers capture and document the data generated within or by GitLab that can serve as necessary evidence artifacts for a Security Compliance audit.
Intended users
Further details
GitLab is capable of supporting these types of workflows natively by capturing and documenting the relevant data within GitLab issues. The issues could then be exported or otherwise shared with an auditor for auditing purposes.
Goals
- Remove waste from highly repeatable, complex processes.
- Reduce risk by generating all of the necessary artifacts for a given process programmatically (computers are more efficient than humans at this).
- Increase the ability for individuals to collaborate on these kinds of processes.
Proposal
- Create a NIST audit project template that GitLab users can use when creating a new project
- This project template should contain relevant issues that map to the relevant NIST sections that apply to an organization's use of GitLab (primarily NIST 800-53 R5)
Reference Document
Security and Privacy Controls for Information Systems and Organizations
Edited by Sameer Kamani