diff --git a/_guide/introduction.md b/_guide/introduction.md index 27184c0..7ef1e07 100644 --- a/_guide/introduction.md +++ b/_guide/introduction.md @@ -13,4 +13,4 @@ Welcome to the OpenATO Guide. Technology platforms are continuously evolving, CVEs are growing at 20% a year, and threats are increasing probably faster. No single group (contractor or agency) is up to the task of staying abreast of all the changes, yet we must. A path forward is to open the process up to community collaboration so that all can benefit from the updates made at the edges by other parties. -The platform needs to be open to encourage sharing. Catalog baselines, agency Profiles and system Components should contain little or no sensitive information. Even SSPs and Assessment Plans can, for the most part, be open and shared. (Of course, the Assessment Results containing system vulnerabilities and POA&Ms may be sensitive.) The goal is to slowly trim-tab the ship toward a fluid, evolving ecosystem of assertions and tests (covering the inventory of hardware, software, policy and processes) and away from static "paper" SSPs/ATOs. +The platform needs to be open to encourage sharing. Catalog baselines, agency Profiles and system Components often contain little or no sensitive information and can easily be shared. Even SSPs and Assessment Plans can, for the most part, be open and shared. (Of course, the Assessment Results containing system vulnerabilities and POA&Ms may be sensitive.) The goal is to slowly trim-tab the ship toward a fluid, evolving ecosystem of assertions and tests (covering the inventory of hardware, software, policy and processes) and away from static "paper" SSPs/ATOs. diff --git a/_posts/2021-01-01-day-one-project.md b/_posts/2021-01-01-day-one-project.md index 51eb63d..bb36e38 100644 --- a/_posts/2021-01-01-day-one-project.md +++ b/_posts/2021-01-01-day-one-project.md @@ -8,6 +8,6 @@ categories: featured image: card-power.png --- -We co-wrote a white paper for Day One Project focused on improving the ATO Process. The authors included CivicAction's Fen Labalme and Mary Lazzeri and GovReady's Dayton Williams and Greg Elin. +We co-wrote a white paper for Day One Project focused on improving the ATO Process. The authors included CivicAction's Fen Labalme and Mary Lazzeri and GovReady's Greg Elin and Dayton Williams. Full post: [Day One Project: Compliance as Code and Improving the ATO Process](https://fas.org/publication/compliance-as-code-and-improving-the-ato-process/)