minor edits

18F · Mar 12, 2024 · 548b763 · 548b763
1 parent 46ca3b9
commit 548b763
Showing 1 changed file with 9 additions and 6 deletions.
diff --git a/pages/general-information-and-resources/tech-policies/gsa-pages.md b/pages/general-information-and-resources/tech-policies/gsa-pages.md
@@ -10,13 +10,12 @@ redirect_from:
 
 >This guide is for **GSA Employees** operating a GSA Website using [Cloud.gov Pages](https://pages.cloud.gov).
 
-"GSA Pages" is **GSA's internal "System"** with an Authority to Operate (ATO) of [Cloud.gov's FEDRAMP Authorization](https://marketplace.fedramp.gov/products/F1607067912) of their [Cloud.gov Pages](https://pages.cloud.gov) service. As such, it adds the Security Controls around the Source Code and Contents for the Website (e.g. Github). It provides **GSA employees** with a fast and secure approach to getting a Web Presence for your projects/programs. 
+"GSA Pages" is a **GSA only Authority to Operate (ATO)** of [Cloud.gov's FEDRAMP Authorization](https://marketplace.fedramp.gov/products/F1607067912) of their [Cloud.gov Pages](https://pages.cloud.gov) service. As such, it adds the Security Controls around the Source Code and Contents for the Website (e.g. Github). It provides **GSA employees** with a fast and secure approach to getting a Web Presence for your projects/programs. 
 
 >Follow this link for more information about [Cloud.gov Pages](tools/pages)
 
 ## Launching a [Cloud.gov Pages](http://pages.cloud.gov) Website at GSA
 
-
 - Identify a Federal GSA Employee as the **GSA Website Manager**
 
 > Note: **GSA Website Manager** is defined here [GSA's Digital.gov Program](https://digital.gov/2023/03/24/who-is-your-website-manager/) 
@@ -30,11 +29,11 @@ redirect_from:
 - Submit a Pull Request to add your Repository to our Github Configuration Scanner to [GSA](https://github.com/GSA/.allstar/blob/main/allstar.yaml) or [GSA-TTS](https://github.com/GSA-TTS/.allstar/blob/main/allstar.yaml)
 - Create a [`SECURITY.md` file](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository) - [Example](https://github.com/GSA-TTS/.allstar/blob/main/SECURITY.md)
 - Follow GSA's [Digital Lifecycle Program](https://insite.gsa.gov/employee-resources/communications/websites/strategy-policy-and-standards/digital-lifecycle-program?term=DLP) for the Website
-- Confirm your Website is listed on https://touchpoints.digital.gov
+- Confirm your Website is listed on [https://touchpoints.digital.gov](https://touchpoints.digital.gov)
   - if not Submit a [new website request](https://touchpoints.app.cloud.gov/admin/websites/new)
 
 ## Authority to Use (ATU) Review
-Submit an [Authority to Use (ATU) Request](https://github.com/GSA-TTS/gsa-pages/issues/new?)
+Submit an [Authority to Use (ATU) Request](https://github.com/GSA-TTS/gsa-pages/issues/new/choose)
 
 - Resolve any Critical or High security findings from Security Scanners
 
@@ -43,7 +42,7 @@ Once the ATU review is completed the **GSA Website Manager** will be sent an ATU
 ## Maintaining Approved Sites 
 Sites hosted on GSA Pages are required to have their URLs scanned in accordance with CIO-IT Security-06-30: Managing Enterprise Cybersecurity Risk and GSA’s parameter for National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, control RA-5, Vulnerability Scanning. 
 
->This is performed after the ATU request is submitted
+>This is performed after the ATU request is submitted, reviewed, and signed.
 
 ## Reassessment 
 A Site’s ATU will have to be reassessed and an ATU reissued if the Site is found `NOT` to be in conformity with the requirements.
@@ -59,7 +58,7 @@ Conditions/events that may require a reassessment of the ATU include:
 **GSA Website Manager** will be notified, the following steps are only in the event that the **GSA Website Manager** is none responsive.
 
 ## Failure to Maintain Site - Site Removal
-Sites that fail to maintain the ATU requirements will be issued a formal notice. The GSA Pages team may take steps to disable the site or remediate the vulnerabilities. ATU **GSA Website Manager** who hit certain triggers of overdue POA&Ms and/or failure to maintain alignment to ATU requirements will be required to provide a **Corrective Action Plan (CAP)** detailing the steps that will be taken to address the deficiencies. 
+Sites that fail to maintain the ATU requirements will be issued a formal notice. The GSA Pages team may take steps to disable the site or remediate the vulnerabilities. **GSA Website Manager** who hit certain triggers of overdue POA&Ms and/or failure to maintain alignment to ATU requirements will be required to provide a **Corrective Action Plan (CAP)** detailing the steps that will be taken to address the deficiencies. 
 
 The CAP must be approved by the **GSA Website Manager**, System Owner, ISSM, and IST Director. Sites or **GSA Website Managers** who fail to respond to a CAP or complete approved actions will be removed from the ATO boundary, and will no longer be authorized. The removal process steps are further described below: 
 - **Detailed Finding Review (DFR)** - **GSA Website Managers** will be issued a DFR upon failing to address a deficiency within the site or alignment with the ATU requirements.
@@ -78,8 +77,12 @@ The **GSA Website Manager** CAP must be approved by the GSA Pages system owner,
 - A Site Removal letter will be issued indicating that the site is no longer authorized to operate. 
 
 ## Incident Response
+> In the event of a security incident
+
 Follow [TTS Incident Response Plan](https://handbook.tts.gsa.gov/general-information-and-resources/tech-policies/security-incidents/)
 
 ## Contingency Plan
+> In the event of an outage
+
 1. Sign up for [Cloud.gov Pages Status](https://cloudgov.statuspage.io/) notifications
 1. Follow [Cloud.gov Contingency Plan](https://cloud.gov/docs/ops/contingency-plan/)