Profile Applicability:
Level 1
Description:
Each repository must have at least two designated administrators responsible for managing repository settings, access controls, and overall maintenance. Having multiple administrators ensures continuity of management, reduces the risk of single points of failure, and improves oversight.
Rationale:
Assigning a minimum of two administrators promotes shared responsibility and accountability. It mitigates risks associated with administrator unavailability, prevents potential mismanagement, and supports secure and resilient repository governance.
Impact:
Pros:
Ensures availability of administrative oversight at all times.
Facilitates continuity during absences or turnover.
Enhances security through shared responsibility.
Cons:
Requires careful coordination to avoid conflicting changes.
Needs ongoing management of administrator roles and access.
Default value:
Some repositories may have only one or no designated administrators by default, increasing management risks.
Audit:
Review repository settings to verify the presence of at least two administrators. Check access logs and permission assignments for compliance.
Remediation:
Assign and document two administrators for each repository. Establish role management policies and periodic reviews to maintain appropriate administrative coverage.
References:
GitHub Repository Access Management: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings
GitLab Project Members and Roles: https://docs.gitlab.com/ee/user/permissions.html
CIS Controls v8, Control 5 - Account Management: https://www.cisecurity.org/controls/account-management/