Merge pull request #636 from GSA/shivaalipour-patch-11

Shivaalipour patch 11

_layouts/home-new.html

@@ -7,14 +7,14 @@
 				<div class="desktop:grid-col-8">
 				<h2 class="text-white">Join the Team</h2>
 					<div class="margin-bottom-8 director-description desktop:padding-right-6">
-						<p class="text-white">We’re hiring a <a href="https://join.tts.gsa.gov/join/FedRAMP-Director-2024/">FedRAMP Director</a> to help lead the transformation of the program. Sign up to be notified when this position is open for applications.</p>
-							
-						<p class="text-white">Want to talk to us about other roles? Stop by our booth at the <a href="https://www.techtogov.org/events/virtual-forum-job-fair-focused-on-ai-ai-enabling-talent">Tech to Gov hiring fair</a> on April 18th. We are looking for talent that can help us build the data- and API-driven future of FedRAMP.</p>
+						<p class="text-white">We’re hiring a <a href="https://join.tts.gsa.gov/join/fedramp-technical-lead-2024/">Cyber Data Engineer</a> to lead in the development of intuitive data products to help the federal government make risk management decisions.</p>
+
+						<p class="text-white">We’re hiring a <a href="https://join.tts.gsa.gov/join/ttg-fedramp-cyberdata-analyst-2024/">Cyber Data Analyst</a> to play a key role in building the data- and API-driven FedRAMP of the future. </p>
 					</div>
 				</div>
 				<div class="desktop:grid-col-4 text-center">
 					<img class="home-director-icon margin-bottom-2" src="{{site.baseurl}}/assets/img/director-position.svg" alt=" ">
-					<p class="text-center"><a href="https://join.tts.gsa.gov/join/FedRAMP-Director-2024/" class="white-button">View the Position</a></p>
+					<p class="text-center"><a href="https://join.tts.gsa.gov/" class="white-button">View All Positions</a></p>
 				</div>
 		</div>
 	</div>

_layouts/rev5-transition.html

@@ -183,7 +183,7 @@ <h2>Documents</h2>
 						<td><a href="https://fedramp.gov/assets/resources/templates/FedRAMP-Laws-Regulations-Standards-and-Guidance-Reference.xlsx">FedRAMP Laws, Regulations, Standards and Guidance Reference</a></td>
 					  </tr>
 						<td><a href="{{site.baseurl}}/assets/resources/documents/rev4/REV_4_FedRAMP-POAM-Template.xlsm">FedRAMP Plan of Action and Milestones (POA&M) Template</a></td>
-						<td><a href="{{site.baseurl}}/assets/resources/templates/FedRAMP-POAM-Template.xlsm">FedRAMP Plan of Action and Milestones (POA&M) Template</a> <span style="color:#757575"><i>(updated 3/29/2024)</i></span></td>
+						<td><a href="{{site.baseurl}}/assets/resources/templates/FedRAMP-POAM-Template.xlsx">FedRAMP Plan of Action and Milestones (POA&M) Template</a> <span style="color:#757575"><i>(updated 3/29/2024)</i></span></td>
 					  </tr>	
 					  <tr>
 						<td><a href="{{site.baseurl}}/assets/resources/documents/rev4/REV_4_Agency_Guide_for_Multi-Agency_Continuous_Monitoring.pdf">FedRAMP Guide for Multi-Agency Continuous Monitoring</a></td>

_policy/2024-03-29-FedRAMP_POAM_Template.md

@@ -3,7 +3,7 @@ layout: policy
 title: FedRAMP Plan of Action and Milestones (POA&M) Template
 category: Authorization Phase
 weblink:
-filename: templates/FedRAMP-POAM-Template.xlsm
+filename: templates/FedRAMP-POAM-Template.xlsx
 filetype: excel
 fileinfo: excel - 74KB
 condition: update

_posts/2022-03-08-fedramp-bod-22-01-guidance.md

@@ -17,7 +17,7 @@ On November 3, 2021, DHS CISA issued
 
 FedRAMP, in accordance with <a href="https://www.cisa.gov/binding-operational-directive-22-01" target="_blank" rel="noopener noreferrer">Binding Operational Directive 22-01</a> and in consultation with the JAB and DHS CISA, emphasized that CSPs who maintain federal information fall within the scope defined by the BOD. All CSPs must review and implement the actions described within.
 
-FedRAMP notified all Authorized CSPs that in order to address the requirement, FedRAMP has updated <a href="https://www.fedramp.gov/assets/resources/templates/FedRAMP-POAM-Template.xlsm" target="_blank" rel="noopener noreferrer">the POA&M template</a> to accommodate tracking of vulnerabilities against the catalog of known exploited vulnerabilities. CSPs can track vulnerabilities in the new template or simply add a column (column AB, with the header ‘Binding Operational Directive 22-01 tracking’) in their current POA&M. This new column should be filled out with a ‘Yes’ or ‘No’ as to whether this POA&M item’s vulnerability is found in the catalog of known exploited vulnerabilities.  
+FedRAMP notified all Authorized CSPs that in order to address the requirement, FedRAMP has updated <a href="https://www.fedramp.gov/assets/resources/templates/FedRAMP-POAM-Template.xlsx" target="_blank" rel="noopener noreferrer">the POA&M template</a> to accommodate tracking of vulnerabilities against the catalog of known exploited vulnerabilities. CSPs can track vulnerabilities in the new template or simply add a column (column AB, with the header ‘Binding Operational Directive 22-01 tracking’) in their current POA&M. This new column should be filled out with a ‘Yes’ or ‘No’ as to whether this POA&M item’s vulnerability is found in the catalog of known exploited vulnerabilities.  
 
 CSPs should **only** include applicable vulnerabilities in their POA&M. They do not have to include a status for every known vulnerability on the CISA-managed catalog.
 

_posts/2022-06-28-update-poam-template.md

@@ -6,7 +6,7 @@ image: /assets/img/blog-images/FRblog_Doc-Updates.png
 author: FedRAMP
 layout: blog-page
 ---
-FedRAMP updated the <a href="https://www.fedramp.gov/assets/resources/templates/FedRAMP-POAM-Template.xlsm" target="_blank" rel="noopener noreferrer">Plan of Actions and Milestones (POA&M) template</a> to include two new columns. The additional columns were added at the behest of agency partners to help them track Cybersecurity and Infrastructure Security Agency (CISA) Binding Operational Directive (BOD) 22-01 findings, and the associated Common Vulnerabilities and Exposures (CVEs).
+FedRAMP updated the <a href="https://www.fedramp.gov/assets/resources/templates/FedRAMP-POAM-Template.xlsx" target="_blank" rel="noopener noreferrer">Plan of Actions and Milestones (POA&M) template</a> to include two new columns. The additional columns were added at the behest of agency partners to help them track Cybersecurity and Infrastructure Security Agency (CISA) Binding Operational Directive (BOD) 22-01 findings, and the associated Common Vulnerabilities and Exposures (CVEs).
 
 <h4>What’s New?</h4>
 - **Column ‘AC’:** Titled as the ‘Binding Operational Directive 22-01 Due Date’  should be used to track the due date of any BOD 22-01 vulnerability as the due date appears in the CISA <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" target="_blank" rel="noopener noreferrer">Known Exploited Vulnerabilities Catalog</a>. If the POA&M line item is not associated with any BOD 22-01 vulnerability, this cell should be left blank.