initial updates

CNAME

@@ -1 +1 @@
-atoasap.org
+openato.org

_config.yml

@@ -1,15 +1,15 @@
-title: ATO ASAP
+title: OpenATO
 description: 
 # baseurl: /compliance-as-code # the subpath of your site, e.g. /blog
 # url: https://govthinktank.github.io/compliance-as-code/ # the base hostname & protocol for your site, e.g. http://example.com
 
 # GitHub information
 # This is used for adding an edit this page link to the footer
 github_info:
-  organization: ato-asap
+  organization: openato
   repository: website
 
-url: "https://ato-asap.github.io" # the base hostname & protocol for your site
+url: "https://openato.github.io" # the base hostname & protocol for your site
 plugins:
   - jekyll-sitemap
   - jekyll-redirect-from

_data/footer.yml

@@ -32,7 +32,7 @@ links: footer
 big_footer_signup_form: false
 
 # Configuration for footer heading. (optional)
-heading: ATO ASAP
+heading: OpenATO
 
 # Configuration for agency logo(s) (shown side by side).
 # If the logo is external add external: true
@@ -47,7 +47,7 @@ contact:
   # Comment out links you don't want to use (RSS is an example)
   social_links:
     - text: GitHub
-      href: https://github.com/ato-asap
+      href: https://github.com/OpenATO
       external: true
       type: github
 #    - text: Facebook

_data/header.yml

@@ -22,8 +22,11 @@ type: extended-mega
 # If the logo is external add external: true
 # logo:
 #   src: /assets/img/logos/logo.png
-#   alt: ATO ASAP
+#   alt: OpenATO
 #  external: #true
+logo:
+  src: /assets/img/logos/OpenATO.png
+  alt: OpenATO
 
 # this is a key into _data/navigation.yml
 primary:

_guide/introduction.md

@@ -9,6 +9,6 @@ categories:
 
 ---
 
-Welcome to the ATO ASAP Guide.
+Welcome to the OpenATO Guide.
 
-Our goal with this guide is to make it easy for everyone in government (public and private sector) to understand the authory to operate (ATO) process and how they can better address security as it pertains to their specific role.
+Our goal with this guide is to make it easy for everyone in government (public and private sector) to understand the authory to operate (ATO) process and how they can better address security as it pertains to their specific role.

_layouts/guide.html

@@ -10,7 +10,7 @@
                 <ol class="usa-breadcrumb__list">
                     <li class="usa-breadcrumb__list-item">
                         <a href="{{ site.baseurl }}/guide" class="usa-breadcrumb__link">
-                            <span class="guide-title">ATO ASAP Guide</span>
+                            <span class="guide-title">OpenATO Guide</span>
                         </a>
                     </li>
                     <li class="usa-breadcrumb__list-item usa-current" aria-current="page">
@@ -36,4 +36,4 @@ <h1>{{ page.title }}</h1>
             </main>
         </div>
     </div>
-</div>
+</div>

_people/fen-labalme.md

@@ -7,13 +7,12 @@ image: fen-labalme.jpg
 categories:
  - Security and compliance
 linkedin: https://www.linkedin.com/in/fenlabalme/
-twitter: https://twitter.com/openprivacy
 github: https://github.com/openprivacy
-gitlab: 
+gitlab: https://gitlab.com/openprivacy
 drupal: 
 speakerdeck: 
 website: 
 
 ---
 
-Fen leads security and compliance for [CivicActions](https://civicactions.com).
+Fen leads security and compliance for [CivicActions](https://civicactions.com).

_posts/2021-02-19-hello-world.md

@@ -2,16 +2,16 @@
 layout: post
 title:  "Hello world"
 date:   2021-02-19 08:00:00 -0800
-description: Welcome to ATO ASAP.
+description: Welcome to OpenATO.
 author: fen-labalme
 categories: 
 image: card-power.png
 ---
 
-Stay tuned. We're just getting started.
+Stay tuned. We're just getting started. 
 
 In the meantime, take a look around:
 
 * [We're open.](/open)
 * [Join us](/join)
-* [News](/news)
+* [News](/news)

_posts/2021-02-29-fcw-ato-asap-lets-finally-fix-the-security compliance problem.md

@@ -14,4 +14,4 @@ From the post:
 
 > If we collaborate and take deliberate steps to integrate automation, we can unlock the bureaucratic inertia that has stalled compliance modernization and fix the ATO problem once and for all.
 
-Full post: [ATO ASAP: Let’s finally fix the security compliance problem](https://fcw.com/articles/2021/02/04/comment-lazzeri-automate-ato.aspx)
+Full post: [ATO ASAP: Let’s finally fix the security compliance problem](https://www.nextgov.com/modernization/2021/02/ato-asap-lets-finally-fix-the-security-compliance-problem/258357/)

_posts/2021-03-22-fcw-streamlining-government-security-with-a-federal-compliance-library.md

@@ -16,4 +16,4 @@ From the post:
 
 > By building a Federal Compliance Library based on open, iterative, collaborative principles, the federal government technology community will go further, faster.
 
-Full post: [ATO ASAP: Streamlining government security with a Federal Compliance Library](https://fcw.com/articles/2021/03/22/comment-lazzeri-ato-asap.aspx) 
+Full post: [ATO ASAP: Streamlining government security with a Federal Compliance Library](https://fcw.com/articles/2021/03/22/comment-lazzeri-ato-asap.aspx) 

_posts/2024-03-11-cybersecurity-notes.md

@@ -0,0 +1,17 @@
+---
+layout: post
+title:  "Cybersecurity: Open and Transparent"
+date:   2024-03-11 08:00:00 -0800
+description: Data Centricity is key.
+author: fen-labalme
+categories: featured
+image: card-power.png
+---
+
+Obtaining an ATO is required for every internet-based system in the federal government. The documentation for an ATO is called a system security plan or SSP. Creating the SSP can take months, and very few SSPs are clear, complete or well written. In particular, details about how, say, access control or audit logs are managed may be broadly covered with few specifics regarding the system at hand. Further complicating the process, is a shroud of secrecy that forces every ISSO building a SSP has to reinvent the wheel for every technology component that their system is using.
+
+After inspecting hundreds of SSPs, we have found that the information contained within rarely requires secrecy to maintain the security of the system. And when such sensitive information exists it is usually misplaced and should not be in the SSP to begin with. To be clear, the results of assessing an SSP, that may include a list of discovered vulnerabilities, can reasonably be considered sensitive and maintained in a secure fashion. But there's a little reason for the SSP itself to remain secret, or even for the secure management of the general component-level assessment processes. (Tailored, specific assessment processes aimed at a particular implementation and environment may be crafted to exercise specific features of a system, and therefore may have a need to remain secret. But this is the exception and not the rule.)
+
+The threat landscape is evolving along with Moore's Law at an exponential rate. Humans do not evolve so quickly. And there is an increasing need to be proactive in the expanding open source software world. SBOM can show you CVEs that exist, but you need to know, your developers need to know what the risks are and what needs to be protected and what the business case is. Where open source development appears to be getting more opaque, we believe this is the perfect time to introduce open source assessment and open source ATOs.
+
+Creating an SSP in an open and transparent manner can help to improve communication and collaboration between different parts of an organization and even across orgaanizations. A library of separable, reusable components enables wide review and support to address changes in the threat landscape existing security vulnerabilities that might otherwise have been overlooked.

_site/404.html

@@ -5,7 +5,7 @@
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 
-<title>Not found (404) | ATO ASAP</title>
+<title>Not found (404) | OpenATO</title>
 
 
 
@@ -68,8 +68,13 @@
           href="/"
           title="Home">
 
+            <img
+              class="usa-logo-img"
+              src="/assets/img/logos/OpenATO.png"
+              alt="OpenATO">
+
           <em class="usa-logo__text">
-            ATO ASAP <sup>ALPHA</sup>
+            OpenATO <sup>ALPHA</sup>
           </em>
         </a>
       </div>
@@ -224,11 +229,11 @@ <h1>Not found (404)</h1>
 
 
 
-<a href="https://github.com/ato-asap/website/edit/main/pages/404.md" class="usa-sidenav-edit" target="_blank">Help improve this page</a>
+<a href="https://github.com/openato/website/edit/main/pages/404.md" class="usa-sidenav-edit" target="_blank">Help improve this page</a>
 
 
 <!--  // Date not working
-     &nbsp; &middot; &nbsp; Last updated: March 03, 2024 at 01:08 PM 
+     &nbsp; &middot; &nbsp; Last updated: March 08, 2024 at 05:31 PM 
 -->
 
       </p>
@@ -320,7 +325,7 @@ <h1>Not found (404)</h1>
 
 
           <div class="mobile-lg:grid-col-auto">
-            <h3 class="usa-footer__logo-heading">ATO ASAP</h3>
+            <h3 class="usa-footer__logo-heading">OpenATO</h3>
           </div>
 
         </div>
@@ -332,7 +337,7 @@ <h3 class="usa-footer__logo-heading">ATO ASAP</h3>
             <div class="usa-footer__social-links grid-row grid-gap-1">
               <div class="grid-col-auto">
 
-                  <a class="usa-social-link usa-social-link--github" href="https://github.com/ato-asap">
+                  <a class="usa-social-link usa-social-link--github" href="https://github.com/OpenATO">
                     <span>GitHub</span>
                   </a>
 

_site/CNAME

@@ -1 +1 @@
-atoasap.org
+openato.org

_site/README.md

@@ -1,3 +1,3 @@
-# ATO ASAP
+# OpenATO
 
-The official website for ATO ASAP.
+The official website for OpenATO.

_site/about.html

@@ -5,11 +5,11 @@
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 
-<title>About | ATO ASAP</title>
+<title>About | OpenATO</title>
 
 
 
-<meta name="description" content="What ATO ASAP is and how we work.">
+<meta name="description" content="What OpenATO is and how we work.">
 
 
 
@@ -70,8 +70,13 @@
           href="/"
           title="Home">
 
+            <img
+              class="usa-logo-img"
+              src="/assets/img/logos/OpenATO.png"
+              alt="OpenATO">
+
           <em class="usa-logo__text">
-            ATO ASAP <sup>ALPHA</sup>
+            OpenATO <sup>ALPHA</sup>
           </em>
         </a>
       </div>
@@ -202,13 +207,15 @@
           <h1>About</h1>
 
 
-          <p class="lead">What ATO ASAP is and how we work.</p>
+          <p class="lead">What OpenATO is and how we work.</p>
 
-        <p>ATO ASAP is an <a href="open">open project and community</a>.</p>
+        <p>OpenATO is an <a href="open">open project and community</a>.</p>
+
+<p>With Compliance as Code as a base, a library of reusble and locally configurable component definitions can be created. These are best shared as Open Source so that experts across multiple domains can review and enhance as vulnerabilities are discovered and mitigated and the threat landscape changes.</p>
 
 <h2 id="our-work">Our work</h2>
 <ul>
-  <li><a href="https://github.com/ato-asap/website/projects/1">Project board</a></li>
+  <li><a href="https://github.com/openato/website/projects/1">Project board</a></li>
   <li><a href="join">Join us</a></li>
 </ul>
 
@@ -235,11 +242,11 @@ <h2 id="our-work">Our work</h2>
 
 
 
-<a href="https://github.com/ato-asap/website/edit/main/pages/about.md" class="usa-sidenav-edit" target="_blank">Help improve this page</a>
+<a href="https://github.com/openato/website/edit/main/pages/about.md" class="usa-sidenav-edit" target="_blank">Help improve this page</a>
 
 
 <!--  // Date not working
-     &nbsp; &middot; &nbsp; Last updated: March 03, 2024 at 01:08 PM 
+     &nbsp; &middot; &nbsp; Last updated: March 19, 2024 at 02:44 PM 
 -->
 
       </p>
@@ -331,7 +338,7 @@ <h2 id="our-work">Our work</h2>
 
 
           <div class="mobile-lg:grid-col-auto">
-            <h3 class="usa-footer__logo-heading">ATO ASAP</h3>
+            <h3 class="usa-footer__logo-heading">OpenATO</h3>
           </div>
 
         </div>
@@ -343,7 +350,7 @@ <h3 class="usa-footer__logo-heading">ATO ASAP</h3>
             <div class="usa-footer__social-links grid-row grid-gap-1">
               <div class="grid-col-auto">
 
-                  <a class="usa-social-link usa-social-link--github" href="https://github.com/ato-asap">
+                  <a class="usa-social-link usa-social-link--github" href="https://github.com/OpenATO">
                     <span>GitHub</span>
                   </a>