Skip to content

Commit

Permalink
Elb security policy tls13 1 2 fips 2023 04 (#2557)
Browse files Browse the repository at this point in the history 
* document use of FIPS ELBSecurityPolicy

* correct policy name

* update broken links
  • Loading branch information
@spgreenberg
spgreenberg authored Oct 22, 2024
1 parent 440c781 commit a670e46
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 48 deletions.
22 changes: 12 additions & 10 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@

# cloud.gov

This site uses the [cloud.gov Pages USWDS Jekyll template](https://github.com/cloud-gov/pages-uswds-jekyll). [cloud.gov Pages](https://cloud.gov/pages/) runs on cloud.gov and supports the development of this template. By leveraging this template cloud.gov get the benefits of a maintained template as well as a way to test out new functionality in the template.
This site uses the [cloud.gov Pages USWDS Jekyll template](https://github.com/cloud-gov/pages-uswds-jekyll). [cloud.gov Pages](https://cloud.gov/pages/) runs on cloud.gov and supports the development of this template. By leveraging this template cloud.gov get the benefits of a maintained template as well as a way to test out new functionality in the template.

This [Jekyll theme](https://jekyllrb.com/docs/themes/) uses the [U.S. Web Design System v 2.0](https://v2.designsystem.digital.gov) and provides developers a starter kit and reference implementation for cloud.gov Pages websites.

This code uses the [Jekyll](https://jekyllrb.com) site engine and built with Ruby. If you prefer to use Javascript, check out [pages-uswds-gatsby](https://github.com/cloud-gov/pages-uswds-gatsby), which uses [Gatsby](https://gatsbyjs.org) site engine.
This code uses the [Jekyll](https://jekyllrb.com) site engine and built with Ruby. If you prefer to use Javascript, check out [pages-uswds-gatsby](https://github.com/cloud-gov/pages-uswds-gatsby), which uses [Gatsby](https://gatsbyjs.com) site engine.

This site uses a customized [U.S. Web Design System](https://v2.designsystem.digital.gov) theme and strives to be compliant with requirements set by [21st Century IDEA Act](https://designsystem.digital.gov/website-standards/). The standards require that a website or digital service:

Expand All @@ -19,13 +18,14 @@ This site uses a customized [U.S. Web Design System](https://v2.designsystem.dig
- is mobile-friendly.

## Key Functionality

This repository contains the following examples and functionality:

Publish blog posts, press releases, announcements, etc. To modify this code, check out `blog/index.html`, which manages how the posts are listed. You should then check out `_layouts/post.html` to see how individual posts are structured.
✅ Publish blog posts, press releases, announcements, etc. To modify this code, check out `blog/index.html`, which manages how the posts are listed. You should then check out `_layouts/post.html` to see how individual posts are structured.

✅ Publish single one-off pages. Instead of creating lots of folders throughout the root directory, you should put single pages in `_pages` folder and change the `permalink` at the top of each page. Use sub-folders only when you really need to.

Publish data (for example: job listings, links, references), you can use the template `_layouts/data.html`. Just create a file in you `_pages` folder with the following options:
✅ Publish data (for example: job listings, links, references), you can use the template `_layouts/data.html`. Just create a file in you `_pages` folder with the following options:

```
---
Expand All @@ -38,7 +38,7 @@ datafile: collections

The reference to `datafile` referers to the name of the file in `_data/collections.yml` and loops through the values. Feel free to modify this as needed.

There are two different kinds of `pages`, one does not have a side bar navigation, and the other uses `_includes/sidenav.html`. You can enable this option by adding `sidenav: true` to your page front matter.
✅ There are two different kinds of `pages`, one does not have a side bar navigation, and the other uses `_includes/sidenav.html`. You can enable this option by adding `sidenav: true` to your page front matter.

```
---
Expand All @@ -62,7 +62,8 @@ searchgov:
```

## How to edit cloud.gov content
- Non-developers should focus on editing markdown content in the `_posts`, `_docs`, and `_pages` folder. Generally most of the cloud.gov content will be in the _docs file.

- Non-developers should focus on editing markdown content in the `_posts`, `_docs`, and `_pages` folder. Generally most of the cloud.gov content will be in the \_docs file.

- Pricing updates can go directly into `_data/pricing.yml` file and if any of the aws services need to be updated that can occur in the `_data/services.yml` file.

Expand All @@ -75,9 +76,10 @@ searchgov:
- To edit the look and feel of the site, you need to edit files in `_includes/` folder, which render key components, like the menu, side navigation, and logos.

- Some pages are styled to be `.html` rather than markdown you can find these in the `_layouts` folder.
- The `homepage` can be editted more directly by manipulating the `.html` in `home.html`
- The `pricing` page is mostly edited with the `pricing.html`
- The `getting-started` page is in the `_pages/sign-up.md` folder.

- The `homepage` can be editted more directly by manipulating the `.html` in `home.html`
- The `pricing` page is mostly edited with the `pricing.html`
- The `getting-started` page is in the `_pages/sign-up.md` folder.

- `_layouts/` may require the least amount of editing of all the files since they are primarily responsible for printing the content.

Expand Down
68 changes: 33 additions & 35 deletions _docs/compliance/compliance-community.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,26 +3,25 @@ parent: compliance
layout: docs
sidenav: true
title: Compliance community
summary: cloud.gov supports an email listserv for FedRAMP compliance practitioners
summary: cloud.gov supports an email listserv for FedRAMP compliance practitioners
weight: 50
---


## Cloud.gov and the compliance community

Part of the mission of cloud.gov is to improve cloud adoption across the U.S. government, irrespective of vendor. In that vein, we support the FedRAMP®️ Compliance Practitioner Community of Practice, an email listserv supported by GSA's [Digital.gov](https://digital.gov/).

The goal of the community is to bring together people working on FedRAMP compliance to address common questions and concerns. We strive to maintain an inclusive, professional community that engages in on-topic discussions. The community is not associated with the FedRAMP Program Management Office.
The goal of the community is to bring together people working on FedRAMP compliance to address common questions and concerns. We strive to maintain an inclusive, professional community that engages in on-topic discussions. The community is not associated with the FedRAMP Program Management Office.

By voluntarily participating in this community, you are agreeing to abide by these guidelines and the [TTS code of conduct](https://handbook.tts.gsa.gov/about-us/code-of-conduct/). If you do not agree, email us at [[email protected]](mailto:[email protected]), and we will unsubscribe you from the LISTSERV mailing list.

When GSA becomes aware of alleged violations of the guidelines or code of conduct, we will review and evaluate the incident and determine an appropriate course of action. In accordance with GSA’s policies and legal guidance, the cloud.gov team implements this process.

Courses of action include:

* taking no action,
* sending a reminder for infractions, and
* issuing a first or second notice for violations.
- taking no action,
- sending a reminder for infractions, and
- issuing a first or second notice for violations.

Severe or repeated violations may result in temporary or permanent removal from the community.

Expand All @@ -32,23 +31,23 @@ Email us at [[email protected]](mailto:[email protected]) to report an alleg

The community is open to:

* compliance staff at CSPs listed in the [FedRAMP Marketplace](https://marketplace.fedramp.gov) as authorized or in-process
* compliance staff at CSPs pursuing authorization per their public statements (website, pdf)
* contracted staff dedicated to supporting FedRAMP authorization for client CSPs
- compliance staff at CSPs listed in the [FedRAMP Marketplace](https://marketplace.fedramp.gov) as authorized or in-process
- compliance staff at CSPs pursuing authorization per their public statements (website, pdf)
- contracted staff dedicated to supporting FedRAMP authorization for client CSPs

The cloud.gov compliance team will approve memberships based on eligibility evidence.

## How to join?

Send an email to [[email protected]](mailto:[email protected]) providing:

* Your name and role
* CSP name and FedRAMP status
* Statement of interest (required if your CSP is not on the marketplace)
- Your name and role
- CSP name and FedRAMP status
- Statement of interest (required if your CSP is not on the marketplace)

## Your communications are not private

As a federal agency, GSA is subject to records access requests such as the Freedom of Information Act (FOIA). We must comply with requests for records made under FOIA. All communications made on the mailing lists are subject to release under FOIA, or potentially compromised by an adversary. We are not in a position to background check participants beyond a cursory CSP domain validation.
As a federal agency, GSA is subject to records access requests such as the Freedom of Information Act (FOIA). We must comply with requests for records made under FOIA. All communications made on the mailing lists are subject to release under FOIA, or potentially compromised by an adversary. We are not in a position to background check participants beyond a cursory CSP domain validation.

## Follow the ground rules

Expand All @@ -58,35 +57,34 @@ When dealing with sensitive topics or during disagreements, written statements c

Words matter. Choose words that create a safe, inclusive, respectful, and welcoming environment. Take a look at the following resources on inclusive language for additional information.

* [Inclusive language guidelines](https://www.apa.org/about/apa/equity-diversity-inclusion/language-guidelines) - American Psychological Association
* [Inclusive language](https://content-guide.18f.gov/our-style/inclusive-language/) - 18F Content Guide
* [Preferred terms for select population groups and communities](https://www.cdc.gov/healthcommunication/Preferred_Terms.html) - Centers for Disease Control and Prevention.

- [Inclusive language guidelines](https://www.apa.org/about/apa/equity-diversity-inclusion/language-guidelines) - American Psychological Association
- [Inclusive language](https://content-guide.18f.gov/our-style/inclusive-language/) - 18F Content Guide
- [Preferred terms for select population groups and communities](https://www.cdc.gov/health-communication/php/toolkit/preferred-terms.html) - Centers for Disease Control and Prevention.

### When participating in the community, community members must follow the ground rules for discussions

| Preferred behavior | Discouraged behavior |
| ------------------ | -------------------- |
| Understand that you are participating in a professional community. | Don’t conduct yourself in a way that’s unbecoming of your organization. |
| Respect your colleagues. Always assume the best of others. | Don’t make personal attacks. |
| Be patient. Understand that community members have various experience levels.| Don’t be condescending or talk down to other people. |
| Listen carefully and actively. Listen as much as you speak. | Don’t disrupt meetings, talks, or discussions, including mailing lists and chats. |
| Review your message before pressing send. | Don’t use inappropriate language, images, or emojis. Don’t reply-all if your message may clutter other members’ inboxes. |
| Share your objective experiences with tools or techniques| Don't endorse products or services or appear to recommend them in your professional capacity. |
| Keep the conversation relevant and stay on point. Start a new thread if needed. Give others the time and space to participate. | Don’t dominate conversations. Don’t interrupt or talk over other people. |
| Respect members’ real, lived experiences. Recognize that people face systemic discrimination in a multitude of ways. | Don’t belittle others to make your point. |
| Take legal questions to your organizations’s lawyers. | Don’t seek legal advice from the community. Don’t take conversations or shared experiences as interpretations of federal laws and policies. |
| Preferred behavior | Discouraged behavior |
| ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Understand that you are participating in a professional community. | Don’t conduct yourself in a way that’s unbecoming of your organization. |
| Respect your colleagues. Always assume the best of others. | Don’t make personal attacks. |
| Be patient. Understand that community members have various experience levels. | Don’t be condescending or talk down to other people. |
| Listen carefully and actively. Listen as much as you speak. | Don’t disrupt meetings, talks, or discussions, including mailing lists and chats. |
| Review your message before pressing send. | Don’t use inappropriate language, images, or emojis. Don’t reply-all if your message may clutter other members’ inboxes. |
| Share your objective experiences with tools or techniques | Don't endorse products or services or appear to recommend them in your professional capacity. |
| Keep the conversation relevant and stay on point. Start a new thread if needed. Give others the time and space to participate. | Don’t dominate conversations. Don’t interrupt or talk over other people. |
| Respect members’ real, lived experiences. Recognize that people face systemic discrimination in a multitude of ways. | Don’t belittle others to make your point. |
| Take legal questions to your organizations’s lawyers. | Don’t seek legal advice from the community. Don’t take conversations or shared experiences as interpretations of federal laws and policies. |
| Treat other people's identities and cultures with respect. Spell and say their name correctly and use their [pronouns](https://digital.gov/resources/an-introduction-to-pronouns/). | Don’t make derogatory comments on race, color, sex, sexual orientation, gender identity, religion, national origin, age, disability, genetic information, marital status, parental status, political affiliation, or appearance. |
| Ensure the community is free from harassment, including sexual harassment and sexual misconduct. | Don’t harass anyone. This includes, but is not limited to, retaliating against anyone who files a complaint. |
| Remember that everything you write on the mailing list is a federal record and subject to release under FOIA. | Don’t assume your communications are private. |
| Use <a href="https://www.plainlanguage.gov/" class="usa-link usa-link--external">plain language</a>. | Don’t use confusing or overly technical language. |

| Ensure the community is free from harassment, including sexual harassment and sexual misconduct. | Don’t harass anyone. This includes, but is not limited to, retaliating against anyone who files a complaint. |
| Remember that everything you write on the mailing list is a federal record and subject to release under FOIA. | Don’t assume your communications are private. |
| Use <a href="https://www.plainlanguage.gov/" class="usa-link usa-link--external">plain language</a>. | Don’t use confusing or overly technical language. |

## Manage your mailing list subscription

Email us at [[email protected]](mailto:[email protected]) and we’ll help you manage your LISTSERV subscription. The most common requests are to:
* receive a daily digest (instead of each individual message),
* access the mailing list archive, and
* unsubscribe.

- receive a daily digest (instead of each individual message),
- access the mailing list archive, and
- unsubscribe.

When you email us, please include the name of the community and what you’d like to update.
Loading

0 comments on commit a670e46

Please sign in to comment.