Relates to in-gear acceleration. A higher figure here means better roll-on acceleration, fewer gear shifts, and possibly better fuel efficiency.

Although a seemingly minuscule feature, it negates the hatchback's/SUV's inherent ability to retain dirt/water on the rear windscreen.

The official title given by the manufacturer in terms of the name of the engine, the displacement and the number of cylinders.

A windscreen-mounted camera that records the frontal view. Its primary usage is to record and gather evidence in case of an accident. A dash cam can also be used to record incidents when the car is parked and the user is away. Certain models come with both front and rear view recording.

Common control framework mapping

The brake lights flash in a quick intermittent fashion to indicate to the following vehicles to slow down quicker than usual

Smaller cars usually have two rows which can seat five, but some SUVs and MPVs have three rows and can seat around 7-8 passengers.

There are 184 default controls. This number will expand or contract based on your individual needs. For example, if you have a need for FedRamp certification you might have different control requirements than an organization that doesn't. This is a lot of controls to try and roll out all at once, and most organizations don’t need to address all of the underlying control frameworks simultaneously. At GitLab, we knew that a SOC2 certification was the first compliance priority for us and, based on these needs, we started by prioritizing all controls that mapped to SOC2’s Common Criteria. This gave us a list of 63 controls – a much more manageable starting point.

In my previous blog post, I talked about how GitLab went about choosing an overarching compliance framework that would optimize satisfying the requirements of underlying regulatory or industry best practice requirements. Today I’m blogging about the next steps in that process, and will walk through how we implemented the Adobe open source compliance framework (CCF) and adapted it to our needs, resulting in the GitLab Control Framework (GCF).

We’ve implemented and adapted an open source compliance framework. Now we're sharing our process and tools so you can adapt and customize it too.

CiscoCCF

Incorporated into the bottom section of a car's door mirrors, they light up the ground underneath the front door when the door is unlocked

When you download the Adobe CCF you get two PDF documents: a whitepaper on the state of compliance at Adobe and a table of all the generic CCF controls. The first thing we did was to convert the CCF controls PDF to a CSV so we could more easily make changes to the data. Most of these changes were to make the control statements specific to GitLab and our compliance needs.

We were careful when making changes to ensure that we weren't changing anything foundational about the statement, as this could break the mapping to underlying requirements. For example, PCI DSS states that an organization must “run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).” If you were to make the frequency of the Vulnerability Scans control “annual” instead of “quarterly,” that control would no longer map to PCI DSS control 11.2 since that underlying PCI control requires at least quarterly scanning.

Even when emergency braking, it is observed that drivers don’t apply maximum brake pressure through the pedal, the BA system provides additional pressure to help stop the car quicker

A manually operated transmission is the most popular type, thanks to its simplicity and low cost. Varied types of automatic transmissions are also available.

An electronic system that prevents the tyres from locking and skidding in emergency braking situations by pulsing the brakes (quickly releasing and reapplying the brakes)

These enable users to repair a puncture effortlessly, saving the time/effort involved in replacing it with the spare wheel

Unified Compliance Framework

Similar to how smartphones receive updates, a vehicle too (if equipped with connected car features) receives updates over the air via a cellular or WiFi connection

A manually/electrically operated, usually translucent, screen designed to reduce the sunlight filtering into the cabin through the rear windshield to improve rear-cabin comfort and privacy

An electronic system that redirects braking forces among the four brakes to stop the car as quickly and stably as possible

Most of the budget cars have non-independent suspension while the more expensive ones get independent rear suspension which offers better bump absorption.

Common controls Framework Excel

- The ventilated discs are more popular thanks to them providing better stopping power and it also works well in hot conditions.

Almost all steering systems in cars today have an assist to help park them better at low speeds - these can be hydraulic, electro-hydraulic or electric.

Gives a good idea of the performance of the vehicle under full thrust. A higher figure here usually means a higher top speed as well.

A screen situated mostly behind the steering wheel displaying information and warning lights regarding the car's various vitals

This function saves valuable time by not having to be physically present to shut the sunroof, which could otherwise result in the interiors getting damaged by rain/intruders.

Set by the Indian Government, this governs the amount of air pollutants released by cars to make the atmosphere safer for humans.

We’re currently working on scripts that turn SOC2 and HIPAA-related controls into individual issues within a GitLab project. We’re also working on a CSV-to-JSON tool that would easily convert the control CSV into a large data blob, making deployment for certain organizations easier.

Although more width gives you more lateral space inside the cabin, it makes the car more difficult to park in narrow spots.

We found it helpful to create a prefix for each domain (e.g. AM for Asset Management, BC for Business Continuity, etc.) of controls and use these to create control numbers for each control (e.g. AM.1.01, BC.1.04, etc.). With this information in place, the real fun started.

Ccf automationtraining

The wheels used on cars are either steel rims with plastic wheel cover hub or alloy wheels on higher spec models or expensive cars.

Mandatory fitment in cars sold in India, emits loud beeps when it detects that occupants are not wearing their seatbelts.

The length of the car decides its segment. In India, cars that are less than 4 metres in length enjoy reduced excise duties.

The size of the music system fitted to a car. Traditionally 1-DIN or 2-DIN, are being replaced by touchscreen units of varying sizes.

In off-road vehicles, locking differentials allows for better traction when one of the wheels is in the air, in FWD/AWD cars allows for better corner traction and in RWD sports cars allows for drifting around corners.

An Android feature that allows car infotainment displays to mirror parts of the phone screen to ease touch operations while driving.

Secure Controls Framework

Adobe Common Controls Framework

We plan to make these tools available as they are ready but we also want to hear from you. What features would make the adoption of these controls easier? How are you using GitLab to help with your compliance needs? What else can GitLab contribute to the security compliance industry to help companies of all sizes align with security best practices and reduce the effort needed for external security validations/certifications? Leave us a comment below!

Razor cut, or diamond cut alloy wheel design are not getting more popular. Manufacturers usually offer these in top-end trim of their car models.

The more torque at low RPM range makes the engine feel more responsive. It also allows the engine to run smoothly without too many gear changes.

Additional lighting apart from the roof-mounted courtesy/map lamps. These are added for a sense of style and luxury rather than utility.

Taller the car, the more headroom there is on offer inside the cabin. However, a tall boy stance also affect the car’s centre of gravity which can cause more body roll.

Common compliance framework

Important in a country with varying quality of roads, spare wheels ensure one doesn’t get stranded when one of the main tyres gets damaged.

It helps charge smartphones, tablets, laptops, rechargeable batteries and other USB chargers. It also powers a compressor that inflates tyres and the humble cigarette lighter!

It notifies the driver about which gear the car is being driven in and can also suggest down- or upshifting to improve efficiency

For these 63 controls we wanted to build out additional content relating to each. In particular, we wanted a Markdown file that addressed each of the following topics for each control:

An Apple (iOS) feature that allows car infotainment displays to mirror parts of the iPhone screen to ease touch operations while driving.

Most of this information can be seen within the security control pages in our handbook; however, some of these topics contain sensitive information so we have a repo only accessible to GitLab team members.

Budget cars are usually not offered with headrests for the middle occupant of the second-row to save on costs. Headrests are instrumental in reducing whiplash injuries in case of an accident

Our goal in sharing the details behind our compliance framework implementation is to lessen the adoption effort for smaller companies and GitLab customers alike. We’ve created a public repo that has a copy of the csv file we adapted from the Adobe CCF and a link to a view-only Google Sheet with all of these controls and variables in place to make adaptation to your organization as easy as possible.

The above steps each build on the previous ones, and help to ensure enough baseline context and requirements were established and that we understood the context and scope for each control sufficiently to perform the gap analysis.

The number of doors define the category of car. For example – four door means sedan, two-door means coupe while five-doors usually refer to a hatchback, MPV or an SUV.

Front-wheel drive (FWD) is most common in mainstream cars while expensive cars or SUVs come with rear-wheel drive (RWD) or all-wheel drive (AWD).