alpha

OpenATO · Mar 29, 2024 · 41bb1b4 · 41bb1b4
1 parent 644995c
commit 41bb1b4
Show file tree

Hide file tree

Showing 53 changed files with 103 additions and 2,171 deletions.
diff --git a/.jekyll-metadata b/.jekyll-metadata
diff --git a/_data/navigation.yml b/_data/navigation.yml
@@ -20,8 +20,6 @@ primary:
     href: /news
   - text: People
     href: /people
-  - text: Playbook
-    href: https://ato-asap.github.io/playbook
   - text: Guide
     href: /guide
   - text: Contact

diff --git a/_guide/introduction.md b/_guide/introduction.md
@@ -11,4 +11,6 @@ categories:
 
 Welcome to the OpenATO Guide.
 
-Our goal with this guide is to make it easy for everyone in government (public and private sector) to understand the authory to operate (ATO) process and how they can better address security as it pertains to their specific role.
+Technology platforms are continuously evolving, CVEs are growing at 20% a year, and threats are increasing probably faster. No single group (contractor or agency) is up to the task of staying abreast of all the changes, yet we must. A path forward is to open the process up to community collaboration so that all can benefit from the updates made at the edges by other parties.
+
+The platform needs to be open to encourage sharing. Catalog baselines, agency Profiles and system Components should contain little or no sensitive information. Even SSPs and Assessment Plans can, for the most part, be open and shared. (Of course, the Assessment Results containing system vulnerabilities and POA&Ms may be sensitive.) The goal is to slowly trim-tab the ship toward a fluid, evolving ecosystem of assertions and tests (covering the inventory of hardware, software, policy and processes) and away from static "paper" SSPs/ATOs.
diff --git a/_guide/resources.md b/_guide/resources.md
@@ -9,5 +9,6 @@ categories:
 
 ---
 
-* [ATO ASAP: Let’s finally fix the security compliance problem](https://fcw.com/articles/2021/02/04/comment-lazzeri-automate-ato.aspx) (*FCW*)
-* [Rethinking the process of attaining ATOs](https://govmatters.tv/rethinking-the-process-of-attaining-atos/) (*Government Matters*)
+* [Policy recommendations for improving the ATO process through Compliance as Code](https://medium.com/civicactions/policy-recommendations-for-improving-the-ato-process-through-compliance-as-code-524e3005fceb)
+* [ATO ASAP: Let’s finally fix the security compliance problem](https://www.nextgov.com/modernization/2021/02/ato-asap-lets-finally-fix-the-security-compliance-problem/258357/) (*FCW*)
+* [Rethinking the process of attaining ATOs](https://www.youtube.com/watch?v=C9WAhI3cXb0) (*Government Matters*)
diff --git a/_guide/solution.md b/_guide/solution.md
@@ -5,7 +5,6 @@ description: How we can streamline the authority to operate process.
 excerpt: 
 sidenav: docs
 categories:
-  - 
-
 ---
 
+With Compliance as Code as a base, a library of reusble and locally configurable component definitions can be created. These are best shared as Open Source so that experts across multiple domains can review and enhance as vulnerabilities are discovered and mitigated and the threat landscape changes.
diff --git a/_guide/stakeholders.md b/_guide/stakeholders.md
@@ -17,9 +17,7 @@ Key stakeholders include:
 * Security professionals
 * Acquisition professionals
 * Audit and assessment personnel
-* Baseline authors
-* Tool developers
+* System and component developers
 * Policy authors
 * Bureaucracy hackers
 * Industry
-* Media
diff --git a/_layouts/post.html b/_layouts/post.html
@@ -41,7 +41,7 @@ <h1 class="font-heading-3xl">{{ page.title }}</h1>
                 {% if author_data.content.size > 1 %}
                 <div class="post-bio">
                     <p>
-                        {{ author_data.content }}
+                      {{ author_data.content | markdownify }}
                     </p>
                 </div>
                 {% endif %}

diff --git a/_people/mary-lazzeri.md b/_people/mary-lazzeri.md
diff --git a/_posts/2021-01-01-day-one-project.md b/_posts/2021-01-01-day-one-project.md
@@ -3,11 +3,11 @@ layout: post
 title:  "Day One Project: Compliance as Code and Improving the ATO Process"
 date:   2021-01-01 08:00:00 -0800
 description: We co-wrote a white paper for Day One Project focused on improving the ATO Process.
-author: mary-lazzeri
+author: fen-labalme
 categories: featured
 image: card-power.png
 ---
 
-We co-wrote a white paper for Day One Project focused on improving the ATO Process. The authors included CivicAction's Mary Lazzeri and Fen Labalme and GovReady's Dayton Williams and Greg Elin. 
+We co-wrote a white paper for Day One Project focused on improving the ATO Process. The authors included CivicAction's Fen Labalme and Mary Lazzeri and GovReady's Dayton Williams and Greg Elin. 
 
-Full post: [Day One Project: Compliance as Code and Improving the ATO Process](https://www.dayoneproject.org/post/compliance-as-code-and-improving-the-ato-process)
+Full post: [Day One Project: Compliance as Code and Improving the ATO Process](https://fas.org/publication/compliance-as-code-and-improving-the-ato-process/)
diff --git a/_posts/2021-02-16-policy-recomendations-for-improving-the-ato-process.md b/_posts/2021-02-16-policy-recomendations-for-improving-the-ato-process.md
@@ -0,0 +1,13 @@
+---
+layout: post
+title:  "Policy recommendations for improving the ATO process through Compliance as Code"
+date:   2021-02-16 08:00:00 -0800
+description: How federal agencies can remove barriers to better, faster security
+author: fen-labalme
+categories: featured
+image: card-power.png
+---
+
+Suggestions for actionable steps to improve IT security compliance on a national scale.
+
+Full post: [Policy recommendations for improving the ATO process through Compliance as Code](https://medium.com/civicactions/policy-recommendations-for-improving-the-ato-process-through-compliance-as-code-524e3005fceb)
diff --git a/_posts/2021-02-19-hello-world.md b/_posts/2021-02-19-hello-world.md
diff --git a/_posts/2021-02-29-fcw-ato-asap-lets-finally-fix-the-security compliance problem.md b/_posts/2021-02-29-fcw-ato-asap-lets-finally-fix-the-security compliance problem.md
diff --git a/_posts/2021-02-29-government-matters-rethinking-the-process-of-attaining-atos.md b/_posts/2021-02-29-government-matters-rethinking-the-process-of-attaining-atos.md
diff --git a/...03-22-fcw-streamlining-government-security-with-a-federal-compliance-library.md b/...03-22-fcw-streamlining-government-security-with-a-federal-compliance-library.md
diff --git a/_sass/uswds/src/core/_functions.scss b/_sass/uswds/src/core/_functions.scss
@@ -3,7 +3,6 @@
 Functions
 ----------------------------------------
 */
-@use 'sass:math';
 
 
 // The following vars need to be set
@@ -57,7 +56,7 @@ Remove the unit of a length
 
 @function strip-unit($number) {
   @if type-of($number) == "number" and not unitless($number) {
-    @return math.div($number, ($number * 0 + 1));
+    @return ($number / ($number * 0 + 1));
   }
 
   @return $number;

diff --git a/_site/404.html b/_site/404.html
@@ -124,14 +124,6 @@
 
           </li>
 
-          <li class="usa-nav__primary-item">
-
-              <a class=" usa-nav__link  " href="https://ato-asap.github.io/playbook">
-                <span>Playbook</span>
-              </a>
-
-          </li>
-
           <li class="usa-nav__primary-item">
 
               <a class=" usa-nav__link  " href="/guide">

diff --git a/_site/about.html b/_site/about.html
@@ -126,14 +126,6 @@
 
           </li>
 
-          <li class="usa-nav__primary-item">
-
-              <a class=" usa-nav__link  " href="https://ato-asap.github.io/playbook">
-                <span>Playbook</span>
-              </a>
-
-          </li>
-
           <li class="usa-nav__primary-item">
 
               <a class=" usa-nav__link  " href="/guide">
@@ -211,7 +203,7 @@ <h1>About</h1>
 
         <p>OpenATO is an <a href="open">open project and community</a>.</p>
 
-<p>With Compliance as Code as a base, a library of reusble and locally configurable component definitions can be created. These are best shared as Open Source so that experts across multiple domains can review and enhance as vulnerabilities are discovered and mitigated and the threat landscape changes.</p>
+<p>OpenATO seeks to open the closed world of security to sharing, collaboration and community much in the same way that the open source software community has opened the world of creating software.</p>
 
 <h2 id="our-work">Our work</h2>
 <ul>
@@ -245,7 +237,7 @@ <h2 id="our-work">Our work</h2>
 
 
 <!--  // Date not working
-     &nbsp; &middot; &nbsp; Last updated: March 19, 2024 at 04:08 PM 
+     &nbsp; &middot; &nbsp; Last updated: March 29, 2024 at 03:10 PM 
 -->
 
       </p>

diff --git a/_site/accessibility.html b/_site/accessibility.html
@@ -126,14 +126,6 @@
 
           </li>
 
-          <li class="usa-nav__primary-item">
-
-              <a class=" usa-nav__link  " href="https://ato-asap.github.io/playbook">
-                <span>Playbook</span>
-              </a>
-
-          </li>
-
           <li class="usa-nav__primary-item">
 
               <a class=" usa-nav__link  " href="/guide">
@@ -270,7 +262,7 @@ <h2 id="feedback">Feedback</h2>
 
 
 <!--  // Date not working
-     &nbsp; &middot; &nbsp; Last updated: March 19, 2024 at 03:55 PM 
+     &nbsp; &middot; &nbsp; Last updated: March 19, 2024 at 04:10 PM 
 -->
 
       </p>

diff --git a/_site/assets/css/uswds-theme.css.map b/_site/assets/css/uswds-theme.css.map
diff --git a/_site/assets/img/people/luke-fretwell.png b/_site/assets/img/people/luke-fretwell.png
diff --git a/_site/assets/img/people/marlena-medford.jpg b/_site/assets/img/people/marlena-medford.jpg
diff --git a/_site/assets/img/people/mary-lazzeri.jpg b/_site/assets/img/people/mary-lazzeri.jpg
diff --git a/_site/colophon.html b/_site/colophon.html
@@ -126,14 +126,6 @@
 
           </li>
 
-          <li class="usa-nav__primary-item">
-
-              <a class=" usa-nav__link  " href="https://ato-asap.github.io/playbook">
-                <span>Playbook</span>
-              </a>
-
-          </li>
-
           <li class="usa-nav__primary-item">
 
               <a class=" usa-nav__link  " href="/guide">

diff --git a/_site/conduct.html b/_site/conduct.html
@@ -126,14 +126,6 @@
 
           </li>
 
-          <li class="usa-nav__primary-item">
-
-              <a class=" usa-nav__link  " href="https://ato-asap.github.io/playbook">
-                <span>Playbook</span>
-              </a>
-
-          </li>
-
           <li class="usa-nav__primary-item">
 
               <a class=" usa-nav__link  " href="/guide">
@@ -292,7 +284,7 @@ <h1 class="font-heading-3xl">Code of conduct</h1>
 
 
 <!--  // Date not working
-     &nbsp; &middot; &nbsp; Last updated: March 19, 2024 at 03:55 PM 
+     &nbsp; &middot; &nbsp; Last updated: March 19, 2024 at 04:10 PM 
 -->
 
       </p>

diff --git a/_site/contact.html b/_site/contact.html
@@ -126,14 +126,6 @@
 
           </li>
 
-          <li class="usa-nav__primary-item">
-
-              <a class=" usa-nav__link  " href="https://ato-asap.github.io/playbook">
-                <span>Playbook</span>
-              </a>
-
-          </li>
-
           <li class="usa-nav__primary-item">
 
               <a class=" usa-nav__link  " href="/guide">
@@ -240,7 +232,7 @@ <h1>Contact</h1>
 
 
 <!--  // Date not working
-     &nbsp; &middot; &nbsp; Last updated: March 19, 2024 at 03:55 PM 
+     &nbsp; &middot; &nbsp; Last updated: March 19, 2024 at 04:10 PM 
 -->
 
       </p>

diff --git a/_site/federal-compliance-library.html b/_site/federal-compliance-library.html
@@ -126,14 +126,6 @@
 
           </li>
 
-          <li class="usa-nav__primary-item">
-
-              <a class=" usa-nav__link  " href="https://ato-asap.github.io/playbook">
-                <span>Playbook</span>
-              </a>
-
-          </li>
-
           <li class="usa-nav__primary-item">
 
               <a class=" usa-nav__link  " href="/guide">

diff --git a/_site/guide.html b/_site/guide.html
@@ -126,14 +126,6 @@
 
           </li>
 
-          <li class="usa-nav__primary-item">
-
-              <a class=" usa-nav__link  " href="https://ato-asap.github.io/playbook">
-                <span>Playbook</span>
-              </a>
-
-          </li>
-
           <li class="usa-nav__primary-item">
 
               <a class=" usa-nav__link   usa-current" href="/guide">
@@ -333,7 +325,7 @@ <h2 class="usa-card__heading"><a href="/guide/resources">Resources</a></h2>
 
 
 <!--  // Date not working
-     &nbsp; &middot; &nbsp; Last updated: March 19, 2024 at 03:55 PM 
+     &nbsp; &middot; &nbsp; Last updated: March 19, 2024 at 04:10 PM 
 -->
 
       </p>