diff --git a/doc/administration/admin_area.md b/doc/administration/admin_area.md
index e7fea3aaed629e5d6ff52cdbdd3c39c54129a061..b77caab5ca4a9d9367589873012144d9fdd10c2e 100644
--- a/doc/administration/admin_area.md
+++ b/doc/administration/admin_area.md
@@ -160,7 +160,7 @@ You can impersonate a user in the following ways:
1. On the top right, select **Impersonate**.
- With the API, using [impersonation tokens](../api/rest/authentication.md#impersonation-tokens).
-All impersonation activities are [captured with audit events](audit_event_reports.md#user-impersonation).
+All impersonation activities are [captured with audit events](compliance/audit_event_reports.md#user-impersonation).
By default, impersonation is enabled. GitLab can be configured to [disable impersonation](../api/rest/authentication.md#disable-impersonation).
### User identities
diff --git a/doc/administration/audit_event_reports.md b/doc/administration/audit_event_reports.md
index f24c8273010a5eb8fb4bb974a22b01af5cf70e98..a8424a0f00ffea8724a8407b6bb39014a74f8102 100644
--- a/doc/administration/audit_event_reports.md
+++ b/doc/administration/audit_event_reports.md
@@ -1,110 +1,13 @@
---
-stage: Software Supply Chain Security
-group: Compliance
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
-title: Audit events administration
+redirect_to: 'compliance/audit_event_reports.md'
+remove_date: '2025-05-26'
---
-In addition to [audit events](../user/compliance/audit_events.md), as an administrator, you can access additional
-features.
+<!-- markdownlint-disable -->
-## Instance audit events
+This document was moved to [another location](compliance/audit_event_reports.md).
-{{< details >}}
-
-- Tier: Premium, Ultimate
-- Offering: GitLab Self-Managed
-
-{{< /details >}}
-
-You can view audit events from user actions across an entire GitLab instance.
-To view instance audit events:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. Filter by the following:
- - Member of the project (user) who performed the action
- - Group
- - Project
- - Date Range
-
-Instance audit events can also be accessed using the [instance audit events API](../api/audit_events.md#instance-audit-events). Instance audit event queries are limited to a maximum of 30 days.
-
-## Exporting audit events
-
-{{< details >}}
-
-- Tier: Premium, Ultimate
-- Offering: GitLab Self-Managed
-
-{{< /details >}}
-
-{{< history >}}
-
-- Entity type `Gitlab::Audit::InstanceScope` for instance audit events [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/418185) in GitLab 16.2.
-
-{{< /history >}}
-
-You can export the current view (including filters) of your instance audit events as a
-CSV(comma-separated values) file. To export the instance audit events to CSV:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. Select the available search filters.
-1. Select **Export as CSV**.
-
-A download confirmation dialog then appears for you to download the CSV file. The exported CSV is limited
-to a maximum of 100000 events. The remaining records are truncated when this limit is reached.
-
-### Audit event CSV encoding
-
-The exported CSV file is encoded as follows:
-
-- `,` is used as the column delimiter
-- `"` is used to quote fields if necessary.
-- `\n` is used to separate rows.
-
-The first row contains the headers, which are listed in the following table along
-with a description of the values:
-
-| Column | Description |
-| --------------------- | ---------------------------------------------------------------------------------- |
-| **ID** | Audit event `id`. |
-| **Author ID** | ID of the author. |
-| **Author Name** | Full name of the author. |
-| **Entity ID** | ID of the scope. |
-| **Entity Type** | Type of the scope (`Project`, `Group`, `User`, or `Gitlab::Audit::InstanceScope`). |
-| **Entity Path** | Path of the scope. |
-| **Target ID** | ID of the target. |
-| **Target Type** | Type of the target. |
-| **Target Details** | Details of the target. |
-| **Action** | Description of the action. |
-| **IP Address** | IP address of the author who performed the action. |
-| **Created At (UTC)** | Formatted as `YYYY-MM-DD HH:MM:SS`. |
-
-All items are sorted by `created_at` in ascending order.
-
-## User impersonation
-
-{{< details >}}
-
-- Tier: Premium, Ultimate
-- Offering: GitLab Self-Managed
-
-{{< /details >}}
-
-When a user is [impersonated](admin_area.md#user-impersonation), their actions are logged as audit events with the following additional details:
-
-- Audit events include information about the impersonating administrator.
-- Extra audit events are recorded for the start and end of the administrator's impersonation session.
-
-
-
-## Time zones
-
-For information on timezones and audit events, see [Time zones](../user/compliance/audit_events.md#time-zones).
-
-## Contribute to audit events
-
-For information on contributing to audit events, see
-[Contribute to audit events](../user/compliance/audit_events.md#contribute-to-audit-events).
+<!-- This redirect file can be deleted after <2025-05-26>. -->
+<!-- Redirects that point to other docs in the same project expire in three months. -->
+<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
+<!-- Before deletion, see: https://docs.gitlab.com/development/documentation/redirects -->
diff --git a/doc/administration/audit_event_streaming/_index.md b/doc/administration/audit_event_streaming/_index.md
index c79147154f022781b2f664b92d518ae461a618b1..4196ebc5e42d0efcd387cb91e06abb25fb24510b 100644
--- a/doc/administration/audit_event_streaming/_index.md
+++ b/doc/administration/audit_event_streaming/_index.md
@@ -1,374 +1,13 @@
---
-stage: Software Supply Chain Security
-group: Compliance
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
-title: Audit event streaming for instances
+redirect_to: '../compliance/audit_event_streaming.md'
+remove_date: '2025-05-26'
---
-{{< details >}}
+<!-- markdownlint-disable -->
-- Tier: Ultimate
-- Offering: GitLab Self-Managed, GitLab Dedicated
+This document was moved to [another location](../compliance/audit_event_streaming.md).
-{{< /details >}}
-
-{{< history >}}
-
-- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default.
-- [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2.
-- Instance streaming destinations [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) in GitLab 16.4. [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/417708) removed.
-- Custom HTTP headers UI [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/361630) in GitLab 15.2 [with a flag](../feature_flags.md) named `custom_headers_streaming_audit_events_ui`. Disabled by default.
-- Custom HTTP headers UI [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/365259) in GitLab 15.3. [Feature flag `custom_headers_streaming_audit_events_ui`](https://gitlab.com/gitlab-org/gitlab/-/issues/365259) removed.
-- [Improved user experience](https://gitlab.com/gitlab-org/gitlab/-/issues/367963) in GitLab 15.3.
-- HTTP destination **Name** field [added](https://gitlab.com/gitlab-org/gitlab/-/issues/411357) in GitLab 16.3.
-- Functionality for the **Active** checkbox [added](https://gitlab.com/gitlab-org/gitlab/-/issues/415268) in GitLab 16.5.
-
-{{< /history >}}
-
-Audit event streaming for instances, administrators can:
-
-- Set a streaming destination for an entire instance to receive all audit events about that instance as structured JSON.
-- Manage their audit logs in third-party systems. Any service that can receive structured JSON data can be used as the
- streaming destination.
-
-Each streaming destination can have up to 20 custom HTTP headers included with each streamed event.
-
-GitLab can stream a single event more than once to the same destination. Use the `id` key in the payload to deduplicate
-incoming data.
-
-Audit events are sent using the POST request method protocol supported by HTTP.
-
-{{< alert type="warning" >}}
-
-Streaming destinations receive **all** audit event data, which could include sensitive information. Make sure you trust
-the streaming destination.
-
-{{< /alert >}}
-
-Manage streaming destinations for an entire instance.
-
-## HTTP destinations
-
-Prerequisites:
-
-- For better security, you should use an SSL certificate on the destination URL.
-
-Manage HTTP streaming destinations for an entire instance.
-
-### Add a new HTTP destination
-
-Add a new HTTP streaming destination to an instance.
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To add a streaming destination for an instance:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select **Add streaming destination** and select **HTTP endpoint** to show the section for adding destinations.
-1. In the **Name** and **Destination URL** fields, add a destination name and URL.
-1. Optional. To add custom HTTP headers, select **Add header** to create a new name and value pair, and input their values. Repeat this step for as many name and value pairs are required. You can add up to 20 headers per streaming destination.
-1. To make the header active, select the **Active** checkbox. The header will be sent with the audit event.
-1. Select **Add header** to create a new name and value pair. Repeat this step for as many name and value pairs are required. You can add up to
- 20 headers per streaming destination.
-1. After all headers have been filled out, select **Add** to add the new streaming destination.
-
-### List HTTP destinations
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To list the streaming destinations for an instance:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select the stream to expand it and see all the custom HTTP headers.
-
-### Update an HTTP destination
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To update a instance streaming destination's name:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select the stream to expand.
-1. In the **Name** fields, add a destination name to update.
-1. Select **Save** to update the streaming destination.
-
-To update a instance streaming destination's custom HTTP headers:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select the stream to expand.
-1. Locate the **Custom HTTP headers** table.
-1. Locate the header that you wish to update.
-1. To make the header active, select the **Active** checkbox. The header will be sent with the audit event.
-1. Select **Add header** to create a new name and value pair. Enter as many name and value pairs as required. You can add up to
- 20 headers per streaming destination.
-1. Select **Save** to update the streaming destination.
-
-### Delete an HTTP destination
-
-Delete streaming destinations for an entire instance. When the last destination is successfully deleted, streaming is
-disabled for the instance.
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To delete the streaming destinations for an instance:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select the stream to expand.
-1. Select **Delete destination**.
-1. Confirm by selecting **Delete destination** in the dialog.
-
-To delete only the custom HTTP headers for a streaming destination:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. To the right of the item, select **Edit** ({{< icon name="pencil" >}}).
-1. Locate the **Custom HTTP headers** table.
-1. Locate the header that you wish to remove.
-1. To the right of the header, select **Delete** ({{< icon name="remove" >}}).
-1. Select **Save** to update the streaming destination.
-
-### Verify event authenticity
-
-{{< history >}}
-
-- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default.
-- [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2.
-- Instance streaming destinations [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) in GitLab 16.4. [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/417708) removed.
-
-{{< /history >}}
-
-Each streaming destination has a unique verification token (`verificationToken`) that can be used to verify the authenticity of the event. This
-token is either specified by the Owner or generated automatically when the event destination is created and cannot be changed.
-
-Each streamed event contains the verification token in the `X-Gitlab-Event-Streaming-Token` HTTP header that can be verified against
-the destination's value when listing streaming destinations.
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To list streaming destinations for an instance and see the verification tokens:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. View the verification token on the right side of each item.
-
-### Update event filters
-
-{{< history >}}
-
-- Event type filtering in the UI with a defined list of audit event types [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/415013) in GitLab 16.3.
-
-{{< /history >}}
-
-When this feature is enabled, you can permit users to filter streamed audit events per destination.
-If the feature is enabled with no filters, the destination receives all audit events.
-
-A streaming destination that has an event type filter set has a **filtered** ({{< icon name="filter" >}}) label.
-
-To update a streaming destination's event filters:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select the stream to expand.
-1. Locate the **Filter by audit event type** dropdown list.
-1. Select the dropdown list and select or clear the required event types.
-1. Select **Save** to update the event filters.
-
-### Override default content type header
-
-By default, streaming destinations use a `content-type` header of `application/x-www-form-urlencoded`. However, you
-might want to set the `content-type` header to something else. For example ,`application/json`.
-
-To override the `content-type` header default value for an instance streaming destination, use either:
-
-- The [GitLab UI](#update-an-http-destination).
-- The [GraphQL API](../../api/graphql/audit_event_streaming_instances.md#update-streaming-destinations).
-
-## Google Cloud Logging destinations
-
-{{< history >}}
-
-- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131851) in GitLab 16.5.
-
-{{< /history >}}
-
-Manage Google Cloud Logging destinations for an entire instance.
-
-### Prerequisites
-
-Before setting up Google Cloud Logging streaming audit events, you must:
-
-1. Enable [Cloud Logging API](https://console.cloud.google.com/marketplace/product/google/logging.googleapis.com) on your Google Cloud project.
-1. Create a service account for Google Cloud with the appropriate credentials and permissions. This account is used to configure audit log streaming authentication.
- For more information, see [Creating and managing service accounts in the Google Cloud documentation](https://cloud.google.com/iam/docs/service-accounts-create#creating).
-1. Enable the **Logs Writer** role for the service account to enable logging on Google Cloud. For more information, see [Access control with IAM](https://cloud.google.com/logging/docs/access-control#logging.logWriter).
-1. Create a JSON key for the service account. For more information, see [Creating a service account key](https://cloud.google.com/iam/docs/keys-create-delete#creating).
-
-### Add a new Google Cloud Logging destination
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To add Google Cloud Logging streaming destinations to an instance:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select **Add streaming destination** and select **Google Cloud Logging** to show the section for adding destinations.
-1. Enter a random string to use as a name for the new destination.
-1. Enter the Google project ID, Google client email, and Google private key from previously-created Google Cloud service account key to add to the new destination.
-1. Enter a random string to use as a log ID for the new destination. You can use this later to filter log results in Google Cloud.
-1. Select **Add** to add the new streaming destination.
-
-### List Google Cloud Logging destinations
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To list Google Cloud Logging streaming destinations for an instance:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select the Google Cloud Logging stream to expand and see all the fields.
-
-### Update a Google Cloud Logging destination
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To update Google Cloud Logging streaming destinations to an instance:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select the Google Cloud Logging stream to expand.
-1. Enter a random string to use as a name for the destination.
-1. Enter the Google project ID and Google client email from previously-created Google Cloud service account key to update the destination.
-1. Enter a random string to update the log ID for the destination. You can use this later to filter log results in Google Cloud.
-1. Select **Add a new private key** and enter a Google private key to update the private key.
-1. Select **Save** to update the streaming destination.
-
-### Delete a Google Cloud Logging streaming destination
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To delete Google Cloud Logging streaming destinations to an instance:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select the Google Cloud Logging stream to expand.
-1. Select **Delete destination**.
-1. Confirm by selecting **Delete destination** in the dialog.
-
-## AWS S3 destinations
-
-{{< history >}}
-
-- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138245) in GitLab 16.7 [with a flag](../feature_flags.md) named `allow_streaming_instance_audit_events_to_amazon_s3`. Disabled by default.
-- [Feature flag `allow_streaming_instance_audit_events_to_amazon_s3`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137391) removed in GitLab 16.8.
-
-{{< /history >}}
-
-Manage AWS S3 destinations for entire instance.
-
-### Prerequisites
-
-Before setting up AWS S3 streaming audit events, you must:
-
-1. Create a access key for AWS with the appropriate credentials and permissions. This account is used to configure audit log streaming authentication.
- For more information, see [Managing access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html?icmpid=docs_iam_console#Using_CreateAccessKey).
-1. Create a AWS S3 bucket. This bucket is used to store audit log streaming data. For more information, see [Creating a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html)
-
-### Add a new AWS S3 destination
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To add AWS S3 streaming destinations to an instance:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select **Add streaming destination** and select **AWS S3** to show the section for adding destinations.
-1. Enter a random string to use as a name for the new destination.
-1. Enter the Access Key ID, Secret Access Key, Bucket Name, and AWS Region from previously-created AWS access key and bucket to add to the new destination.
-1. Select **Add** to add the new streaming destination.
-
-### List AWS S3 destinations
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To list AWS S3 streaming destinations for an instance.
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select the AWS S3 stream to expand and see all the fields.
-
-### Update an AWS S3 destination
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To update AWS S3 streaming destinations to an instance:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select the AWS S3 stream to expand.
-1. Enter a random string to use as a name for the destination.
-1. Enter the Access Key ID, Secret Access Key, Bucket Name, and AWS Region from previously-created AWS access key and bucket to update the destination.
-1. Select **Add a new Secret Access Key** and enter a AWS Secret Access Key to update the Secret Access Key.
-1. Select **Save** to update the streaming destination.
-
-### Delete an AWS S3 streaming destination
-
-Prerequisites:
-
-- Administrator access on the instance.
-
-To delete AWS S3 streaming destinations on an instance:
-
-1. On the left sidebar, at the bottom, select **Admin**.
-1. Select **Monitoring > Audit events**.
-1. On the main area, select the **Streams** tab.
-1. Select the AWS S3 stream to expand.
-1. Select **Delete destination**.
-1. Confirm by selecting **Delete destination** in the dialog.
-
-## Related topics
-
-- [Audit event streaming for top-level groups](../../user/compliance/audit_event_streaming.md)
+<!-- This redirect file can be deleted after <2025-05-26>. -->
+<!-- Redirects that point to other docs in the same project expire in three months. -->
+<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
+<!-- Before deletion, see: https://docs.gitlab.com/development/documentation/redirects -->
diff --git a/doc/administration/compliance.md b/doc/administration/compliance.md
index 3dad7ea63fe2c7a07065308341f0dd9fd2ddfc6e..de77e46f57fc0cdbc6181fd5c748fce2111c3ed0 100644
--- a/doc/administration/compliance.md
+++ b/doc/administration/compliance.md
@@ -1,82 +1,13 @@
---
-stage: Software Supply Chain Security
-group: Compliance
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
-title: Compliance features
+redirect_to: 'compliance/compliance_features.md'
+remove_date: '2025-05-26'
---
-{{< details >}}
+<!-- markdownlint-disable -->
-- Tier: Free, Premium, Ultimate
-- Offering: GitLab Self-Managed
+This document was moved to [another location](compliance/compliance_features.md).
-{{< /details >}}
-
-GitLab compliance features ensure your GitLab instance meets common compliance standards, and are available at various pricing tiers. For more information about compliance management, see the compliance
-management [solutions page](https://about.gitlab.com/solutions/compliance/).
-
-The [security features](../security/_index.md) in GitLab may also help you meet relevant compliance standards.
-
-For more information on all GitLab compliance features to ensure your GitLab group meets common compliance standards, see
-[Compliance features](../user/compliance/_index.md).
-
-## Compliant workflow automation
-
-It is important for compliance teams to be confident that their controls and
-requirements are set up correctly, but also that they _stay_ set up correctly.
-One way of doing this is manually checking settings periodically, but this is
-error prone and time consuming. A better approach is to use single-source-of-truth
-settings and automation to ensure that whatever a compliance team has configured,
-stays configured and working correctly. These features can help you automate
-compliance:
-
-| Feature | Instances | Groups | Projects | Description |
-|:----------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------|:-------------------------------------|:--------------------------------------|:------------|
-| [Merge request approval policy approval settings](../user/application_security/policies/merge_request_approval_policies.md#approval_settings) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Enforce a merge request approval policy enforcing multiple approvers and override various project settings in all enforced groups or projects across your GitLab instance or group. |
-
-## Audit management
-
-An important part of any compliance program is being able to go back and understand
-what happened, when it happened, and who was responsible. You can use this in audit
-situations as well as for understanding the root cause of issues when they occur.
-
-It is helpful to have both low-level, raw lists of audit data as well as high-level,
-summary lists of audit data. Between these two, compliance teams can quickly
-identify if problems exist and then drill down into the specifics of those issues.
-These features can help provide visibility into GitLab and audit what is happening:
-
-| Feature | Instances | Groups | Projects | Description |
-|:---------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
-| [Audit events](audit_event_reports.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | To maintain the integrity of your code, audit events give administrators the ability to view any modifications made in the GitLab server in an advanced audit events system, so you can control, analyze, and track every change. |
-| [Audit reports](audit_event_reports.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Create and access reports based on the audit events that have occurred. Use pre-built GitLab reports or the API to build your own. |
-| [Audit event streaming](audit_event_streaming/_index.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Stream GitLab audit events to a HTTP endpoint or third party service, such as AWS S3 or GCP Logging. |
-| [Auditor users](auditor_users.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance. |
-
-## Policy management
-
-Organizations have unique policy requirements, either due to organizational
-standards or mandates from regulatory bodies. The following features help you
-define rules and policies to adhere to workflow requirements, separation of duties,
-and secure supply chain best practices:
-
-| Feature | Instances | Groups | Projects | Description |
-|:------------------------------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
-| [Credentials inventory](credentials_inventory.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Keep track of the credentials used by all of the users in a GitLab instance. |
-| [Granular user roles<br/>and flexible permissions](../user/permissions.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Manage access and permissions with five different user roles and settings for external users. Set permissions according to people's role, rather than either read or write access to a repository. Don't share the source code with people that only need access to the issue tracker. |
-| [Merge request approvals](../user/project/merge_requests/approvals/_index.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Configure approvals required for merge requests. |
-| [Push rules](../user/project/repository/push_rules.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Control pushes to your repositories. |
-| [Security policies](../user/application_security/policies/_index.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Configure customizable policies that require merge request approval based on policy rules, or enforce security scanners to execute in project pipelines for compliance requirements. Policies can be enforced granularly against specific projects, or all projects in a group or subgroup. |
-
-## Other compliance features
-
-These features can also help with compliance requirements:
-
-| Feature | Instances | Groups | Projects | Description |
-|:--------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
-| [Email all users of a project,<br/>group, or entire server](email_from_gitlab.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Email groups of users based on project or group membership, or email everyone using the GitLab instance. These emails are great for scheduled maintenance or upgrades. |
-| [Enforce ToS acceptance](settings/terms.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Enforce your users accepting new terms of service by blocking GitLab traffic. |
-| [Generate reports on permission<br/>levels of users](admin_area.md#user-permission-export) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Generate a report listing all users' access permissions for groups and projects in the instance. |
-| [LDAP group sync](auth/ldap/ldap_synchronization.md#group-sync) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Automatically synchronize groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools. |
-| [LDAP group sync filters](auth/ldap/ldap_synchronization.md#group-sync) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions. |
-| [Linux package installations support<br/>log forwarding](https://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Forward your logs to a central system. |
-| [Restrict SSH Keys](../security/ssh_keys_restrictions.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Control the technology and key length of SSH keys used to access GitLab. |
+<!-- This redirect file can be deleted after <2025-05-26>. -->
+<!-- Redirects that point to other docs in the same project expire in three months. -->
+<!-- Redirects that point to docs in a different project or site (for example, link is not relative and starts with `https:`) expire in one year. -->
+<!-- Before deletion, see: https://docs.gitlab.com/development/documentation/redirects -->
diff --git a/doc/administration/compliance/audit_event_reports.md b/doc/administration/compliance/audit_event_reports.md
new file mode 100644
index 0000000000000000000000000000000000000000..6f887266ebc1bc69ac0b62295c11fdad4ea6c166
--- /dev/null
+++ b/doc/administration/compliance/audit_event_reports.md
@@ -0,0 +1,110 @@
+---
+stage: Software Supply Chain Security
+group: Compliance
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+title: Audit events administration
+---
+
+In addition to [audit events](../../user/compliance/audit_events.md), as an administrator, you can access additional
+features.
+
+## Instance audit events
+
+{{< details >}}
+
+- Tier: Premium, Ultimate
+- Offering: GitLab Self-Managed
+
+{{< /details >}}
+
+You can view audit events from user actions across an entire GitLab instance.
+To view instance audit events:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. Filter by the following:
+ - Member of the project (user) who performed the action
+ - Group
+ - Project
+ - Date Range
+
+Instance audit events can also be accessed using the [instance audit events API](../../api/audit_events.md#instance-audit-events). Instance audit event queries are limited to a maximum of 30 days.
+
+## Exporting audit events
+
+{{< details >}}
+
+- Tier: Premium, Ultimate
+- Offering: GitLab Self-Managed
+
+{{< /details >}}
+
+{{< history >}}
+
+- Entity type `Gitlab::Audit::InstanceScope` for instance audit events [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/418185) in GitLab 16.2.
+
+{{< /history >}}
+
+You can export the current view (including filters) of your instance audit events as a
+CSV(comma-separated values) file. To export the instance audit events to CSV:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. Select the available search filters.
+1. Select **Export as CSV**.
+
+A download confirmation dialog then appears for you to download the CSV file. The exported CSV is limited
+to a maximum of 100000 events. The remaining records are truncated when this limit is reached.
+
+### Audit event CSV encoding
+
+The exported CSV file is encoded as follows:
+
+- `,` is used as the column delimiter
+- `"` is used to quote fields if necessary.
+- `\n` is used to separate rows.
+
+The first row contains the headers, which are listed in the following table along
+with a description of the values:
+
+| Column | Description |
+| --------------------- | ---------------------------------------------------------------------------------- |
+| **ID** | Audit event `id`. |
+| **Author ID** | ID of the author. |
+| **Author Name** | Full name of the author. |
+| **Entity ID** | ID of the scope. |
+| **Entity Type** | Type of the scope (`Project`, `Group`, `User`, or `Gitlab::Audit::InstanceScope`). |
+| **Entity Path** | Path of the scope. |
+| **Target ID** | ID of the target. |
+| **Target Type** | Type of the target. |
+| **Target Details** | Details of the target. |
+| **Action** | Description of the action. |
+| **IP Address** | IP address of the author who performed the action. |
+| **Created At (UTC)** | Formatted as `YYYY-MM-DD HH:MM:SS`. |
+
+All items are sorted by `created_at` in ascending order.
+
+## User impersonation
+
+{{< details >}}
+
+- Tier: Premium, Ultimate
+- Offering: GitLab Self-Managed
+
+{{< /details >}}
+
+When a user is [impersonated](../admin_area.md#user-impersonation), their actions are logged as audit events with the following additional details:
+
+- Audit events include information about the impersonating administrator.
+- Extra audit events are recorded for the start and end of the administrator's impersonation session.
+
+
+
+## Time zones
+
+For information on timezones and audit events, see [Time zones](../../user/compliance/audit_events.md#time-zones).
+
+## Contribute to audit events
+
+For information on contributing to audit events, see
+[Contribute to audit events](../../user/compliance/audit_events.md#contribute-to-audit-events).
diff --git a/doc/administration/compliance/audit_event_streaming.md b/doc/administration/compliance/audit_event_streaming.md
new file mode 100644
index 0000000000000000000000000000000000000000..c79147154f022781b2f664b92d518ae461a618b1
--- /dev/null
+++ b/doc/administration/compliance/audit_event_streaming.md
@@ -0,0 +1,374 @@
+---
+stage: Software Supply Chain Security
+group: Compliance
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+title: Audit event streaming for instances
+---
+
+{{< details >}}
+
+- Tier: Ultimate
+- Offering: GitLab Self-Managed, GitLab Dedicated
+
+{{< /details >}}
+
+{{< history >}}
+
+- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default.
+- [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2.
+- Instance streaming destinations [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) in GitLab 16.4. [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/417708) removed.
+- Custom HTTP headers UI [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/361630) in GitLab 15.2 [with a flag](../feature_flags.md) named `custom_headers_streaming_audit_events_ui`. Disabled by default.
+- Custom HTTP headers UI [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/365259) in GitLab 15.3. [Feature flag `custom_headers_streaming_audit_events_ui`](https://gitlab.com/gitlab-org/gitlab/-/issues/365259) removed.
+- [Improved user experience](https://gitlab.com/gitlab-org/gitlab/-/issues/367963) in GitLab 15.3.
+- HTTP destination **Name** field [added](https://gitlab.com/gitlab-org/gitlab/-/issues/411357) in GitLab 16.3.
+- Functionality for the **Active** checkbox [added](https://gitlab.com/gitlab-org/gitlab/-/issues/415268) in GitLab 16.5.
+
+{{< /history >}}
+
+Audit event streaming for instances, administrators can:
+
+- Set a streaming destination for an entire instance to receive all audit events about that instance as structured JSON.
+- Manage their audit logs in third-party systems. Any service that can receive structured JSON data can be used as the
+ streaming destination.
+
+Each streaming destination can have up to 20 custom HTTP headers included with each streamed event.
+
+GitLab can stream a single event more than once to the same destination. Use the `id` key in the payload to deduplicate
+incoming data.
+
+Audit events are sent using the POST request method protocol supported by HTTP.
+
+{{< alert type="warning" >}}
+
+Streaming destinations receive **all** audit event data, which could include sensitive information. Make sure you trust
+the streaming destination.
+
+{{< /alert >}}
+
+Manage streaming destinations for an entire instance.
+
+## HTTP destinations
+
+Prerequisites:
+
+- For better security, you should use an SSL certificate on the destination URL.
+
+Manage HTTP streaming destinations for an entire instance.
+
+### Add a new HTTP destination
+
+Add a new HTTP streaming destination to an instance.
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To add a streaming destination for an instance:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select **Add streaming destination** and select **HTTP endpoint** to show the section for adding destinations.
+1. In the **Name** and **Destination URL** fields, add a destination name and URL.
+1. Optional. To add custom HTTP headers, select **Add header** to create a new name and value pair, and input their values. Repeat this step for as many name and value pairs are required. You can add up to 20 headers per streaming destination.
+1. To make the header active, select the **Active** checkbox. The header will be sent with the audit event.
+1. Select **Add header** to create a new name and value pair. Repeat this step for as many name and value pairs are required. You can add up to
+ 20 headers per streaming destination.
+1. After all headers have been filled out, select **Add** to add the new streaming destination.
+
+### List HTTP destinations
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To list the streaming destinations for an instance:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select the stream to expand it and see all the custom HTTP headers.
+
+### Update an HTTP destination
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To update a instance streaming destination's name:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select the stream to expand.
+1. In the **Name** fields, add a destination name to update.
+1. Select **Save** to update the streaming destination.
+
+To update a instance streaming destination's custom HTTP headers:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select the stream to expand.
+1. Locate the **Custom HTTP headers** table.
+1. Locate the header that you wish to update.
+1. To make the header active, select the **Active** checkbox. The header will be sent with the audit event.
+1. Select **Add header** to create a new name and value pair. Enter as many name and value pairs as required. You can add up to
+ 20 headers per streaming destination.
+1. Select **Save** to update the streaming destination.
+
+### Delete an HTTP destination
+
+Delete streaming destinations for an entire instance. When the last destination is successfully deleted, streaming is
+disabled for the instance.
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To delete the streaming destinations for an instance:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select the stream to expand.
+1. Select **Delete destination**.
+1. Confirm by selecting **Delete destination** in the dialog.
+
+To delete only the custom HTTP headers for a streaming destination:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. To the right of the item, select **Edit** ({{< icon name="pencil" >}}).
+1. Locate the **Custom HTTP headers** table.
+1. Locate the header that you wish to remove.
+1. To the right of the header, select **Delete** ({{< icon name="remove" >}}).
+1. Select **Save** to update the streaming destination.
+
+### Verify event authenticity
+
+{{< history >}}
+
+- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/398107) in GitLab 16.1 [with a flag](../feature_flags.md) named `ff_external_audit_events`. Disabled by default.
+- [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) enabled by default in GitLab 16.2.
+- Instance streaming destinations [made generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/393772) in GitLab 16.4. [Feature flag `ff_external_audit_events`](https://gitlab.com/gitlab-org/gitlab/-/issues/417708) removed.
+
+{{< /history >}}
+
+Each streaming destination has a unique verification token (`verificationToken`) that can be used to verify the authenticity of the event. This
+token is either specified by the Owner or generated automatically when the event destination is created and cannot be changed.
+
+Each streamed event contains the verification token in the `X-Gitlab-Event-Streaming-Token` HTTP header that can be verified against
+the destination's value when listing streaming destinations.
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To list streaming destinations for an instance and see the verification tokens:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. View the verification token on the right side of each item.
+
+### Update event filters
+
+{{< history >}}
+
+- Event type filtering in the UI with a defined list of audit event types [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/415013) in GitLab 16.3.
+
+{{< /history >}}
+
+When this feature is enabled, you can permit users to filter streamed audit events per destination.
+If the feature is enabled with no filters, the destination receives all audit events.
+
+A streaming destination that has an event type filter set has a **filtered** ({{< icon name="filter" >}}) label.
+
+To update a streaming destination's event filters:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select the stream to expand.
+1. Locate the **Filter by audit event type** dropdown list.
+1. Select the dropdown list and select or clear the required event types.
+1. Select **Save** to update the event filters.
+
+### Override default content type header
+
+By default, streaming destinations use a `content-type` header of `application/x-www-form-urlencoded`. However, you
+might want to set the `content-type` header to something else. For example ,`application/json`.
+
+To override the `content-type` header default value for an instance streaming destination, use either:
+
+- The [GitLab UI](#update-an-http-destination).
+- The [GraphQL API](../../api/graphql/audit_event_streaming_instances.md#update-streaming-destinations).
+
+## Google Cloud Logging destinations
+
+{{< history >}}
+
+- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131851) in GitLab 16.5.
+
+{{< /history >}}
+
+Manage Google Cloud Logging destinations for an entire instance.
+
+### Prerequisites
+
+Before setting up Google Cloud Logging streaming audit events, you must:
+
+1. Enable [Cloud Logging API](https://console.cloud.google.com/marketplace/product/google/logging.googleapis.com) on your Google Cloud project.
+1. Create a service account for Google Cloud with the appropriate credentials and permissions. This account is used to configure audit log streaming authentication.
+ For more information, see [Creating and managing service accounts in the Google Cloud documentation](https://cloud.google.com/iam/docs/service-accounts-create#creating).
+1. Enable the **Logs Writer** role for the service account to enable logging on Google Cloud. For more information, see [Access control with IAM](https://cloud.google.com/logging/docs/access-control#logging.logWriter).
+1. Create a JSON key for the service account. For more information, see [Creating a service account key](https://cloud.google.com/iam/docs/keys-create-delete#creating).
+
+### Add a new Google Cloud Logging destination
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To add Google Cloud Logging streaming destinations to an instance:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select **Add streaming destination** and select **Google Cloud Logging** to show the section for adding destinations.
+1. Enter a random string to use as a name for the new destination.
+1. Enter the Google project ID, Google client email, and Google private key from previously-created Google Cloud service account key to add to the new destination.
+1. Enter a random string to use as a log ID for the new destination. You can use this later to filter log results in Google Cloud.
+1. Select **Add** to add the new streaming destination.
+
+### List Google Cloud Logging destinations
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To list Google Cloud Logging streaming destinations for an instance:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select the Google Cloud Logging stream to expand and see all the fields.
+
+### Update a Google Cloud Logging destination
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To update Google Cloud Logging streaming destinations to an instance:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select the Google Cloud Logging stream to expand.
+1. Enter a random string to use as a name for the destination.
+1. Enter the Google project ID and Google client email from previously-created Google Cloud service account key to update the destination.
+1. Enter a random string to update the log ID for the destination. You can use this later to filter log results in Google Cloud.
+1. Select **Add a new private key** and enter a Google private key to update the private key.
+1. Select **Save** to update the streaming destination.
+
+### Delete a Google Cloud Logging streaming destination
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To delete Google Cloud Logging streaming destinations to an instance:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select the Google Cloud Logging stream to expand.
+1. Select **Delete destination**.
+1. Confirm by selecting **Delete destination** in the dialog.
+
+## AWS S3 destinations
+
+{{< history >}}
+
+- [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/138245) in GitLab 16.7 [with a flag](../feature_flags.md) named `allow_streaming_instance_audit_events_to_amazon_s3`. Disabled by default.
+- [Feature flag `allow_streaming_instance_audit_events_to_amazon_s3`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137391) removed in GitLab 16.8.
+
+{{< /history >}}
+
+Manage AWS S3 destinations for entire instance.
+
+### Prerequisites
+
+Before setting up AWS S3 streaming audit events, you must:
+
+1. Create a access key for AWS with the appropriate credentials and permissions. This account is used to configure audit log streaming authentication.
+ For more information, see [Managing access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html?icmpid=docs_iam_console#Using_CreateAccessKey).
+1. Create a AWS S3 bucket. This bucket is used to store audit log streaming data. For more information, see [Creating a bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-bucket-overview.html)
+
+### Add a new AWS S3 destination
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To add AWS S3 streaming destinations to an instance:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select **Add streaming destination** and select **AWS S3** to show the section for adding destinations.
+1. Enter a random string to use as a name for the new destination.
+1. Enter the Access Key ID, Secret Access Key, Bucket Name, and AWS Region from previously-created AWS access key and bucket to add to the new destination.
+1. Select **Add** to add the new streaming destination.
+
+### List AWS S3 destinations
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To list AWS S3 streaming destinations for an instance.
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select the AWS S3 stream to expand and see all the fields.
+
+### Update an AWS S3 destination
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To update AWS S3 streaming destinations to an instance:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select the AWS S3 stream to expand.
+1. Enter a random string to use as a name for the destination.
+1. Enter the Access Key ID, Secret Access Key, Bucket Name, and AWS Region from previously-created AWS access key and bucket to update the destination.
+1. Select **Add a new Secret Access Key** and enter a AWS Secret Access Key to update the Secret Access Key.
+1. Select **Save** to update the streaming destination.
+
+### Delete an AWS S3 streaming destination
+
+Prerequisites:
+
+- Administrator access on the instance.
+
+To delete AWS S3 streaming destinations on an instance:
+
+1. On the left sidebar, at the bottom, select **Admin**.
+1. Select **Monitoring > Audit events**.
+1. On the main area, select the **Streams** tab.
+1. Select the AWS S3 stream to expand.
+1. Select **Delete destination**.
+1. Confirm by selecting **Delete destination** in the dialog.
+
+## Related topics
+
+- [Audit event streaming for top-level groups](../../user/compliance/audit_event_streaming.md)
diff --git a/doc/administration/compliance/compliance_features.md b/doc/administration/compliance/compliance_features.md
new file mode 100644
index 0000000000000000000000000000000000000000..ae7d69ce60abf512185470cbcaa47422b337481f
--- /dev/null
+++ b/doc/administration/compliance/compliance_features.md
@@ -0,0 +1,82 @@
+---
+stage: Software Supply Chain Security
+group: Compliance
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+title: Compliance features
+---
+
+{{< details >}}
+
+- Tier: Free, Premium, Ultimate
+- Offering: GitLab Self-Managed
+
+{{< /details >}}
+
+GitLab compliance features ensure your GitLab instance meets common compliance standards, and are available at various pricing tiers. For more information about compliance management, see the compliance
+management [solutions page](https://about.gitlab.com/solutions/compliance/).
+
+The [security features](../../security/_index.md) in GitLab may also help you meet relevant compliance standards.
+
+For more information on all GitLab compliance features to ensure your GitLab group meets common compliance standards, see
+[Compliance features](../../user/compliance/_index.md).
+
+## Compliant workflow automation
+
+It is important for compliance teams to be confident that their controls and
+requirements are set up correctly, but also that they _stay_ set up correctly.
+One way of doing this is manually checking settings periodically, but this is
+error prone and time consuming. A better approach is to use single-source-of-truth
+settings and automation to ensure that whatever a compliance team has configured,
+stays configured and working correctly. These features can help you automate
+compliance:
+
+| Feature | Instances | Groups | Projects | Description |
+|:----------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------|:-------------------------------------|:--------------------------------------|:------------|
+| [Merge request approval policy approval settings](../../user/application_security/policies/merge_request_approval_policies.md#approval_settings) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Enforce a merge request approval policy enforcing multiple approvers and override various project settings in all enforced groups or projects across your GitLab instance or group. |
+
+## Audit management
+
+An important part of any compliance program is being able to go back and understand
+what happened, when it happened, and who was responsible. You can use this in audit
+situations as well as for understanding the root cause of issues when they occur.
+
+It is helpful to have both low-level, raw lists of audit data as well as high-level,
+summary lists of audit data. Between these two, compliance teams can quickly
+identify if problems exist and then drill down into the specifics of those issues.
+These features can help provide visibility into GitLab and audit what is happening:
+
+| Feature | Instances | Groups | Projects | Description |
+|:---------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
+| [Audit events](audit_event_reports.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | To maintain the integrity of your code, audit events give administrators the ability to view any modifications made in the GitLab server in an advanced audit events system, so you can control, analyze, and track every change. |
+| [Audit reports](audit_event_reports.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Create and access reports based on the audit events that have occurred. Use pre-built GitLab reports or the API to build your own. |
+| [Audit event streaming](audit_event_streaming.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Stream GitLab audit events to a HTTP endpoint or third party service, such as AWS S3 or GCP Logging. |
+| [Auditor users](../auditor_users.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance. |
+
+## Policy management
+
+Organizations have unique policy requirements, either due to organizational
+standards or mandates from regulatory bodies. The following features help you
+define rules and policies to adhere to workflow requirements, separation of duties,
+and secure supply chain best practices:
+
+| Feature | Instances | Groups | Projects | Description |
+|:------------------------------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
+| [Credentials inventory](../credentials_inventory.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Keep track of the credentials used by all of the users in a GitLab instance. |
+| [Granular user roles<br/>and flexible permissions](../../user/permissions.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Manage access and permissions with five different user roles and settings for external users. Set permissions according to people's role, rather than either read or write access to a repository. Don't share the source code with people that only need access to the issue tracker. |
+| [Merge request approvals](../../user/project/merge_requests/approvals/_index.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Configure approvals required for merge requests. |
+| [Push rules](../../user/project/repository/push_rules.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Control pushes to your repositories. |
+| [Security policies](../../user/application_security/policies/_index.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | {{< icon name="check-circle" >}} Yes | Configure customizable policies that require merge request approval based on policy rules, or enforce security scanners to execute in project pipelines for compliance requirements. Policies can be enforced granularly against specific projects, or all projects in a group or subgroup. |
+
+## Other compliance features
+
+These features can also help with compliance requirements:
+
+| Feature | Instances | Groups | Projects | Description |
+|:--------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------|:-------------------------------------|:-------------------------------------|:------------|
+| [Email all users of a project,<br/>group, or entire server](../email_from_gitlab.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Email groups of users based on project or group membership, or email everyone using the GitLab instance. These emails are great for scheduled maintenance or upgrades. |
+| [Enforce ToS acceptance](../settings/terms.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Enforce your users accepting new terms of service by blocking GitLab traffic. |
+| [Generate reports on permission<br/>levels of users](../admin_area.md#user-permission-export) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Generate a report listing all users' access permissions for groups and projects in the instance. |
+| [LDAP group sync](../auth/ldap/ldap_synchronization.md#group-sync) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Automatically synchronize groups and manage SSH keys, permissions, and authentication, so you can focus on building your product, not configuring your tools. |
+| [LDAP group sync filters](../auth/ldap/ldap_synchronization.md#group-sync) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Gives more flexibility to synchronize with LDAP based on filters, meaning you can leverage LDAP attributes to map GitLab permissions. |
+| [Linux package installations support<br/>log forwarding](https://docs.gitlab.com/omnibus/settings/logs.html#udp-log-forwarding) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Forward your logs to a central system. |
+| [Restrict SSH Keys](../../security/ssh_keys_restrictions.md) | {{< icon name="check-circle" >}} Yes | {{< icon name="dotted-circle" >}} No | {{< icon name="dotted-circle" >}} No | Control the technology and key length of SSH keys used to access GitLab. |
diff --git a/doc/api/graphql/audit_event_streaming_instances.md b/doc/api/graphql/audit_event_streaming_instances.md
index 5aa7ba5e85ac171233f75c150a39a8895f7524d2..154754c7089900cb496881ac426c2dfdff71b965 100644
--- a/doc/api/graphql/audit_event_streaming_instances.md
+++ b/doc/api/graphql/audit_event_streaming_instances.md
@@ -304,7 +304,7 @@ Event type filters are removed if:
Manage Google Cloud Logging destinations for an entire instance.
-Before setting up Google Cloud Logging streaming audit events, you must satisfy [the prerequisites](../../administration/audit_event_streaming/_index.md#prerequisites).
+Before setting up Google Cloud Logging streaming audit events, you must satisfy [the prerequisites](../../administration/compliance/audit_event_streaming.md#prerequisites).
### Add a new Google Cloud Logging destination
diff --git a/doc/development/export_csv.md b/doc/development/export_csv.md
index 9e3d7fe399f39a13cce2f619e324eaed709158be..08071e3e12dfc01c58f41b51dfd446015d1b2279 100644
--- a/doc/development/export_csv.md
+++ b/doc/development/export_csv.md
@@ -9,7 +9,7 @@ This document lists the different implementations of CSV export in GitLab codeba
| Export type | How it works | Advantages | Disadvantages | Existing examples |
|---|---|---|---|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Streaming | - Query and yield data in batches to a response stream.<br>- Download starts immediately. | - Report available immediately. | - No progress indicator.<br>- Requires a reliable connection. | [Export audit event log](../administration/audit_event_reports.md#exporting-audit-events) |
+| Streaming | - Query and yield data in batches to a response stream.<br>- Download starts immediately. | - Report available immediately. | - No progress indicator.<br>- Requires a reliable connection. | [Export audit event log](../administration/compliance/audit_event_reports.md#exporting-audit-events) |
| Downloading | - Query and write data in batches to a temporary file.<br>- Loads the file into memory.<br>- Sends the file to the client. | - Report available immediately. | - Large amount of data might cause request timeout.<br>- Memory intensive.<br>- Request expires when the user goes to a different page. | - [Export Chain of Custody Report](../user/compliance/compliance_center/compliance_chain_of_custody_report.md)<br>- [Export License Usage File](../subscriptions/self_managed/_index.md#export-your-license-usage) |
| As email attachment | - Asynchronously process the query with background job.<br>- Email uses the export as an attachment. | - Asynchronous processing. | - Requires users use a different app (email) to download the CSV.<br>- Email providers may limit attachment size. | - [Export issues](../user/project/issues/csv_export.md)<br>- [Export merge requests](../user/project/merge_requests/csv_export.md) |
| As downloadable link in email (*) | - Asynchronously process the query with background job.<br>- Email uses an export link. | - Asynchronous processing.<br>- Bypasses email provider attachment size limit. | - Requires users use a different app (email).<br>- Requires additional storage and cleanup. | [Export User Permissions](https://gitlab.com/gitlab-org/gitlab/-/issues/1772) |
diff --git a/doc/security/hardening_nist_800_53.md b/doc/security/hardening_nist_800_53.md
index dc188ca1dc36de0d026d7b9dd51c99f2625b4d61..a588185df8b3138160b9752685523d781e078a4a 100644
--- a/doc/security/hardening_nist_800_53.md
+++ b/doc/security/hardening_nist_800_53.md
@@ -35,7 +35,7 @@ Before you handle government data, you should:
## Compliance features
-GitLab offers several [compliance features](../administration/compliance.md) you can use to automate critical controls and workflows in GitLab. Before you make configurations aligned with NIST 800-53, you should enable these foundational features.
+GitLab offers several [compliance features](../administration/compliance/compliance_features.md) you can use to automate critical controls and workflows in GitLab. Before you make configurations aligned with NIST 800-53, you should enable these foundational features.
## Configuration by control family
diff --git a/doc/topics/set_up_organization.md b/doc/topics/set_up_organization.md
index c2851a2c258fbda31b06666905ca20260dc32a59..50b2f93b5e53205183a6053f674607b89a13b5b7 100644
--- a/doc/topics/set_up_organization.md
+++ b/doc/topics/set_up_organization.md
@@ -13,5 +13,5 @@ and give everyone access to the projects they need.
|--|--|--|
| [**Tutorial: Set up your organization**](../tutorials/manage_user/_index.md)<br>Setup, configuration, onboarding, organization structure. | [**Namespaces**](../user/namespace/_index.md)<br>Organization, hierarchy, project grouping. | [**Members**](../user/project/members/_index.md)<br>User management, roles, permissions, access levels. |
| [**Organization** (in development)](../user/organization/_index.md)<br>Namespace hierarchy. | [**Groups**](../user/group/_index.md)<br>Project management, access control, client groups, team groups. | [**Sharing projects and groups**](../user/project/members/sharing_projects_groups.md)<br>Invitations, group inheritance, project visibility. |
-| [**Compliance**](../administration/compliance.md)<br>Compliance center, audit events, security policies, compliance frameworks. | [**Enterprise users**](../user/enterprise_user/_index.md)<br>Domain verification, two-factor authentication, enterprise user management, SAML response. | [**Service accounts**](../user/profile/service_accounts.md)<br>Machine user, rate limits, personal access tokens. |
+| [**Compliance**](../administration/compliance/compliance_features.md)<br>Compliance center, audit events, security policies, compliance frameworks. | [**Enterprise users**](../user/enterprise_user/_index.md)<br>Domain verification, two-factor authentication, enterprise user management, SAML response. | [**Service accounts**](../user/profile/service_accounts.md)<br>Machine user, rate limits, personal access tokens. |
| [**User account options**](../user/profile/_index.md)<br>Profile settings, preferences, authentication, notifications. | [**SSH keys**](../user/ssh.md)<br>Authentication, permissions, key types, ownership. | [**GitLab.com settings**](../user/gitlab_com/_index.md)<br>Instance configurations. |
diff --git a/doc/user/compliance/_index.md b/doc/user/compliance/_index.md
index acd321233d008ffba9fb9e2c812e447bac01084d..465436d62d4f76bdd872cb933b2856ce0454b6be 100644
--- a/doc/user/compliance/_index.md
+++ b/doc/user/compliance/_index.md
@@ -18,7 +18,7 @@ management [solutions page](https://about.gitlab.com/solutions/compliance/).
The [security features](../../security/_index.md) in GitLab may also help you meet relevant compliance standards.
For more information on all GitLab compliance features to ensure your GitLab instance meets common compliance standards, see
-[Compliance features](../../administration/compliance.md).
+[Compliance features](../../administration/compliance/compliance_features.md).
## Compliant workflow automation
diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md
index 9d7d2a92d104bb4657cbb59347bea763145997a9..30f28b38af36b20ccde3a20a0ce66181f377ad2c 100644
--- a/doc/user/compliance/audit_event_types.md
+++ b/doc/user/compliance/audit_event_types.md
@@ -30,7 +30,7 @@ title: Audit event types
Audit event types are used to filter streamed audit events:
-- [For instances](../../administration/audit_event_streaming/_index.md#update-event-filters).
+- [For instances](../../administration/compliance/audit_event_streaming.md#update-event-filters).
- [For top-level groups](audit_event_streaming.md#update-event-filters)
Every audit event is associated with an event type. Audit event types can allow:
@@ -44,7 +44,7 @@ Every audit event is associated with an event type. Audit event types can allow:
An audit event type's scope limits the availability of the audit event type to either:
- [Project, group, or user](audit_events.md) audit events.
-- [Instance](../../administration/audit_event_reports.md) audit events.
+- [Instance](../../administration/compliance/audit_event_reports.md) audit events.
## Available audit event types
diff --git a/doc/user/compliance/compliance_center/_index.md b/doc/user/compliance/compliance_center/_index.md
index e7636b0a00dc45cc96f95fe6fcf2c3608b12fe93..a9ba5db350041532122adc9405d4c182cbfd847d 100644
--- a/doc/user/compliance/compliance_center/_index.md
+++ b/doc/user/compliance/compliance_center/_index.md
@@ -29,4 +29,4 @@ The compliance center comprises the:
- [Compliance projects report](compliance_projects_report.md).
For more information on other GitLab compliance features for projects, groups, and instances, see
-[Compliance features](../../../administration/compliance.md).
+[Compliance features](../../../administration/compliance/compliance_features.md).
diff --git a/doc/user/duo_workflow/_index.md b/doc/user/duo_workflow/_index.md
index 1e8ee89a2208e89759f2d9fe67055fd0aef322a5..e62263b695cf682a9c52e92c406fe6142e3b529f 100644
--- a/doc/user/duo_workflow/_index.md
+++ b/doc/user/duo_workflow/_index.md
@@ -96,7 +96,7 @@ Workflow has the following limitations:
## Audit log
An audit event is created for each API request done by Workflow.
-On your GitLab Self-Managed instance, you can view these events on the [instance audit events](../../administration/audit_event_reports.md#instance-audit-events) page.
+On your GitLab Self-Managed instance, you can view these events on the [instance audit events](../../administration/compliance/audit_event_reports.md#instance-audit-events) page.
## Give feedback
diff --git a/ee/app/assets/javascripts/audit_events/constants.js b/ee/app/assets/javascripts/audit_events/constants.js
index e600189fe712966c7776a25d978286ea24b629b3..9db327962e71776de79e7284d9ded25b589438e5 100644
--- a/ee/app/assets/javascripts/audit_events/constants.js
+++ b/ee/app/assets/javascripts/audit_events/constants.js
@@ -84,7 +84,7 @@ export const STREAM_ITEMS_I18N = {
FILTER_TOOLTIP_LABEL: s__(
'AuditStreams|Destination has filters applied. %{linkStart}What are filters?%{linkEnd}',
),
- FILTER_TOOLTIP_ADMIN_LINK: helpPagePath('administration/audit_event_streaming/_index', {
+ FILTER_TOOLTIP_ADMIN_LINK: helpPagePath('administration/compliance/audit_event_streaming', {
anchor: 'update-event-filters',
}),
FILTER_TOOLTIP_GROUP_LINK: helpPagePath('user/compliance/audit_event_streaming', {
diff --git a/tooling/audit_events/docs/templates/audit_event_types.md.erb b/tooling/audit_events/docs/templates/audit_event_types.md.erb
index 69dee15e9f1960988366e76b2dcc42c767fc7bb5..ca4a0fa7709f5437119389c434f8488512386348 100644
--- a/tooling/audit_events/docs/templates/audit_event_types.md.erb
+++ b/tooling/audit_events/docs/templates/audit_event_types.md.erb
@@ -50,7 +50,7 @@ title: Audit event types
Audit event types are used to filter streamed audit events:
-- [For instances](../../administration/audit_event_streaming/_index.md#update-event-filters).
+- [For instances](../../administration/compliance/audit_event_streaming.md#update-event-filters).
- [For top-level groups](audit_event_streaming.md#update-event-filters)
Every audit event is associated with an event type. Audit event types can allow:
@@ -64,7 +64,7 @@ Every audit event is associated with an event type. Audit event types can allow:
An audit event type's scope limits the availability of the audit event type to either:
- [Project, group, or user](audit_events.md) audit events.
-- [Instance](../../administration/audit_event_reports.md) audit events.
+- [Instance](../../administration/compliance/audit_event_reports.md) audit events.
## Available audit event types