Demo

_includes/footer.html

@@ -34,7 +34,7 @@ <h4>Follow Us</h4>
 					</div>
 					<div class="footer-social">
 						<p><a target="_blank" href="https://twitter.com/fedramp?lang=en">
-						<img src="{{site.baseurl}}/assets/img/FedRAMP_twitter.svg" alt="twitter icon" style="margin: 0px 15px 0px 0px; position: relative; top: 8px;}"> Twitter
+						<img src="{{site.baseurl}}/assets/img/FedRAMP_twitter.svg" alt="x icon" style="margin: 0px 15px 0px 0px; position: relative; top: 8px;}"> X
 						</a></p>
 						<p><a target="_blank" href="https://www.youtube.com/c/FedRAMP?lang=en">
 						<img src="{{site.baseurl}}/assets/img/FedRAMP-youtube.svg" alt="youtube icon" style="margin: 0px 15px 0px 0px; position: relative; top: 8px;"> YouTube
@@ -97,7 +97,7 @@ <h4>Keep Up To Date</h4>
 		  <div class="usa-identifier__identity" aria-label="Agency description">
 			<p class="usa-identifier__identity-domain">FedRAMP.gov</p>
 			<p class="usa-identifier__identity-disclaimer">
-			  An official website of the GSA’s <a href="https://www.gsa.gov/about-us/organization/federal-acquisition-service/technology-transformation-services" class="gov-links">Technology Transformation Services</a>
+			           <span aria-hidden="true">An </span> official website of the GSA’s <a href="https://www.gsa.gov/about-us/organization/federal-acquisition-service/technology-transformation-services" class="gov-links">Technology Transformation Services</a>
 			</p>
 		  </div>
 		</div>
@@ -118,8 +118,8 @@ <h4>Keep Up To Date</h4>
 				  >
 				</li>
 				<li class="usa-identifier__required-links-item">
-				  <a href="https://www.gsa.gov/website-information/accessibility-aids" class="usa-identifier__required-link usa-link"
-					>Accessibility support</a
+				  <a href="https://www.gsa.gov/website-information/accessibility-statement" class="usa-identifier__required-link usa-link"
+					>Accessibility statement</a
 				  >
 				</li>
 				<li class="usa-identifier__required-links-item">
@@ -138,20 +138,20 @@ <h4>Keep Up To Date</h4>
 				  >
 				</li>
 				<li class="usa-identifier__required-links-item">
-				  <a href="https://www.gsa.gov/reference/gsa-plans-and-reports" class="usa-identifier__required-link usa-link"
+				  <a href="https://www.gsa.gov/reference/reports" class="usa-identifier__required-link usa-link"
 					>Performance reports</a
 				  >
 				</li>
 				<li class="usa-identifier__required-links-item">
-				  <a href="https://www.gsa.gov/website-information/website-policies" class="usa-identifier__required-link usa-link"
-					>GSA Privacy policy</a
+				  <a href="https://www.gsa.gov/reference/gsa-privacy-program" class="usa-identifier__required-link usa-link"
+					>GSA privacy policy</a
 				  >
 				</li>
 				  <li class="usa-identifier__required-links-item">
-				  <a href="https://www.gsa.gov/website-information/website-policies" class="usa-identifier__required-link usa-link"
-					>FedRAMP privacy policy</a
+				  <a href="https://www.gsa.gov/vulnerability-disclosure-policy" class="usa-identifier__required-link usa-link"
+					>Vulnerability disclosure policy</a
 				  >
-				</li>
+				</li>				  
 			  </ul>
 			</div>
 		  </nav>

_layouts/agency-authorization.html

@@ -167,7 +167,7 @@ <h3 class="margin-top-0">Full Security Assessment</h3>
 
 			<div class="full-col tablet:grid-col-7 authorization-information-col">
 				<h3 class="margin-top-0">Agency Authorization Process</h3>
-				<p>The next step is the Agency Authorization Process. During this step, the agency conducts a security authorization package review, which may include a SAR debrief with the FedRAMP PMO. Depending on the results of the agency’s review, CSP remediation may be required. Additionally, the agency will implement, test, and document customer responsible controls during this phase. Finally, the agency performs a risk analysis, accepts risk, and issues an ATO. This decision is based on the agency’s risk tolerance. Once an agency provides an ATO letter for the use of the CSO, the following actions take place to close out this step:</p>
+				<p>The next step is the Agency Authorization Process. During this step, the agency conducts a security authorization package review, which may include a SAR debrief. Depending on the results of the agency’s review, CSP remediation may be required. During this phase, the agency may implement, document, and test customer responsible controls. Alternatively, the agency may choose to perform these steps after issuing the ATO. Finally, the agency performs a risk analysis, accepts risk, and issues an ATO. This decision is based on the agency’s risk tolerance. Once an agency provides an ATO letter for the use of the CSO, the following actions take place to close out this step:</p>
 
 				<ul class="red-bullets">
 					<li>The CSP uploads the <em>Authorization Package Checklist</em> and the complete security package (SSP and attachments, POA&M, and Agency ATO letter), with exception of the security assessment material, to FedRAMP’s secure repository.</li>
@@ -245,17 +245,6 @@ <h3>Agency Authorization Playbook</h3>
 					</div>
 				</div>
 
-				<div class="full-row grid-row grid-gap auth-resources-row">
-					<div class="full-col tablet:grid-col-2 auth-pdf-download-img">
-							<img src="{{site.baseurl}}/assets/img/auth-pdf-download.svg" class="" alt="" />
-					</div>
-					<div class="full-col tablet:grid-col-10 padding-right-4">
-						<h3>Agency Authorization - Roles and Responsibilities for FedRAMP, CSPs, and Agencies</h3>
-						<p>This document provides a summary of the roles and responsibilities of the agency, CSP, and FedRAMP PMO during the Agency Authorization process.</p>
-						<p><a class="auth-resources-download"  href="https://www.fedramp.gov/assets/resources/documents/Agency_Authorization_Roles_and_Responsibilities_for_FedRAMP_CSPs_and_Agencies.pdf" target="_blank">Download [PDF - 933KB]</a></p>
-					</div>
-				</div>
-
 				<div class="full-row grid-row grid-gap auth-resources-row">
 					<div class="full-col tablet:grid-col-2 auth-pdf-download-img">
 							<img src="{{site.baseurl}}/assets/img/auth-pdf-download.svg" class="" alt="" />
@@ -272,9 +261,9 @@ <h3>FedRAMP Authorization Boundary Guidance</h3>
 							<img src="{{site.baseurl}}/assets/img/auth-pdf-download.svg" class="" alt="" />
 					</div>
 					<div class="full-col tablet:grid-col-10 padding-right-4">
-						<h3>FedRAMP Guide for Multi-Agency Continuous Monitoring</h3>
+						<h3>FedRAMP Colllaborative ConMon Quick Guide</h3>
 						<p>This document provides guidance to agencies and CSPs to assist with a framework for collaboration when managing Agency ATOs.</p>
-						<p><a class="auth-resources-download"  href="https://www.fedramp.gov/assets/resources/documents/Agency_Guide_for_Multi-Agency_Continuous_Monitoring.pdf" target="_blank">Download [PDF - 413KB]</a></p>
+						<p><a class="auth-resources-download"  href="https://www.fedramp.gov/assets/resources/documents/FedRAMP_Collaborative_ConMon_Quick_Guide.pdf" target="_blank">Download [PDF - 413KB]</a></p>
 					</div>
 				</div>
 
@@ -283,9 +272,9 @@ <h3>FedRAMP Guide for Multi-Agency Continuous Monitoring</h3>
 							<img src="{{site.baseurl}}/assets/img/auth-visit-site.svg" class="" alt="" />
 					</div>
 					<div class="full-col tablet:grid-col-10 padding-right-4">
-						<h3>FedRAMP Tailored Website</h3>
-						<p>Provides guidance and templates for FedRAMP Tailored, a simple, condensed approach to the Authorization process for Low-Impact Software-as-a-Service (LI-SaaS) applications.</p>
-						<p><a class="auth-resources-download"  href="https://tailored.fedramp.gov/" target="_blank">Visit Website</a></p>
+						<h3>FedRAMP Baselines</h3>
+						<p>This web page helps stakeholders understand the FedRAMP Baselines and Impact Levels for FedRAMP Authorizations</p>
+						<p><a class="auth-resources-download"  href="https://www.fedramp.gov/baselines/"_blank">Visit Website</a></p>
 					</div>
 				</div>
 			</div>

_layouts/assessor-page.html

@@ -19,7 +19,7 @@
 					<p>As independent third parties, they perform initial and periodic assessments of cloud systems based on federal security requirements. The federal government uses 3PAO assessments as the basis for making informed, risk-based authorization decisions for the use of cloud products and services. During FedRAMP assessments, 3PAOs produce a Readiness Assessment Report (RAR), which is required for the Joint Authorization Board (JAB) Authorization process and optional but highly recommended for the Agency Authorization process, and/or a Security Assessment Plan (SAP) and Security Assessment Report (SAR) that is submitted for authorization to a government Authorizing Official (AO).
 					</p>
 
-					<p>A list of FedRAMP recognized Third Party Assessment Organizations (3PAOs) can be found on the <a href="https://marketplace.fedramp.gov/#!/assessors?sort=assessorName" target="_blank" style="cursor: pointer; text-decoration: underline; color: #c71f25;" rel="noopener">FedRAMP Marketplace</a>.
+					<p>A list of FedRAMP recognized Third Party Assessment Organizations (3PAOs) can be found on the <a href="https://marketplace.fedramp.gov/assessors" target="_blank" style="cursor: pointer; text-decoration: underline; color: #c71f25;" rel="noopener">FedRAMP Marketplace</a>.
 					</p>
 				</div>	
 			</div>
@@ -73,10 +73,10 @@
 			<div class="tablet:grid-col-6">
 				<div class="partners-card padding-4 tablet:margin-right-2">
 					<h3 class="margin-top-0 margin-bottom-3">3PAO Obligations and Performance Standards</h3>
-					<p> The <em>3PAO Obligations and Performance Standards</em> provides guidance for 3PAOs on demonstrating the quality, independence, and FedRAMP knowledge required as they perform security assessments on cloud systems. </p>
+					<p> FedRAMP created a conformity assessment process to recognize third party assessment organizations (3PAOs) through accreditation by the American Association for Laboratory Accreditation (A2LA). This process ensures 3PAOs meet the necessary quality, independence, and FedRAMP knowledge requirements, to perform independent security assessments required by FedRAMP. To maintain recognition, 3PAOs must continue to demonstrate independence, quality, and FedRAMP knowledge as they perform security assessments on cloud systems.</p>
 					<p class="file-type">[File Info: PDF - 458KB]</p>
 					<div class="margin-top-4 margin-bottom-2">
-						<a class="partners-download policy-pdf" href="{{site.baseurl}}/assets/resources/documents/3PAO_Obligations_and_Performance_Guide.pdf" target="_blank">Download</a>
+						<a class="partners-download policy-pdf" href="{{site.baseurl}}/assets/resources/documents/3PAO_Obligations_and_Performance_Standards.pdf" target="_blank">Download</a>
 					</div>
 				</div>
 
@@ -85,8 +85,8 @@
 			<div class="tablet:grid-col-6 partners-card-mobile-row ">
 				<div class="partners-card padding-4 tablet:margin-left-2 mobile:margin-top-2 tablet:margin-top-0">
 
-					<h3 class="margin-top-0 margin-bottom-3"> FedRAMP Readiness Assessments: A Guide for 3PAOs </h3>
-					<p> The <em>FedRAMP Readiness Assessments: A Guide for 3PAOs</em> provides 3PAOs with guidance on how best to utilize the RAR. It provides a shared understanding of the RAR’s intent, process, and best practices.</p>
+					<h3 class="margin-top-0 margin-bottom-3"> 3PAO Readiness Assessment Report Guide</h3>
+					<p> FedRAMP created the Readiness Assessment Report Guide to assist 3PAOs and cloud service providers on how to best utilize the FedRAMP Readiness Assessment Report (RAR) templates to confirm the full implementation of the CSO’s technical capabilities, which is required for a FedRAMP Readiness Assessment to be successful. This also helps 3PAOs and CSPs understand the rigor that FedRAMP requires for assessments.</p>
 					<p class="file-type">[File Info: PDF - 342KB]</p>
 					<div class="margin-top-4 margin-bottom-2">
 						<a class="partners-download policy-pdf" href="{{site.baseurl}}/assets/resources/documents/3PAO_Readiness_Assessment_Report_Guide.pdf" target="_blank">Download</a>

_layouts/baselines.html

@@ -184,7 +184,7 @@ <h3 class="margin-top-0">High Impact Level</h3>
 	<div class="grid-container">
 		<div class="full-row grid-row">
 			<div class="full-col desktop:grid-col-12">
-				<p>CSPs should use the FedRAMP FIPS 199 Categorization Template (Attachment 10) in the SSP along with the guidance of <a href="http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v2r1.pdf" target="_blank">NIST Special Publication 800-60 volume 2 Revision 1</a> to correctly categorize their system based on the types of information processed, stored, and transmitted on their systems. Customer agencies are expected to perform a separate FIPS 199 analysis for their own data hosted in the CSP’s cloud environment.</p>
+				<p>CSPs should use the FedRAMP FIPS 199 Categorization Template (Appendix K) in the SSP along with the guidance of <a href="http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v2r1.pdf" target="_blank">NIST Special Publication 800-60 volume 2 Revision 1</a> to correctly categorize their system based on the types of information processed, stored, and transmitted on their systems. Customer agencies are expected to perform a separate FIPS 199 analysis for their own data hosted in the CSP’s cloud environment.</p>
 
 				<p>CSPs can achieve a FedRAMP Authorized designation via the Agency Path for any of the baselines (LI-SaaS, Low, Moderate, High). CSPs can only pursue a FedRAMP Authorized designation via the JAB Path for the Moderate and High baselines.</p>
 			</div>

_layouts/cloud-service-page.html

@@ -68,7 +68,7 @@
 					<p>The <em>CSP Authorization Playbook: Getting Started with FedRAMP</em> provides CSPs with an overview of how to develop an authorization strategy, the types of authorizations, and important considerations for their CSOs when working with FedRAMP.</p>
 					<p class="file-type">[File Info: PDF - 959KB]</p>
 					<div class="margin-top-4 margin-bottom-2">
-						<a class="partners-download policy-pdf" href="{{site.baseurl}}/assets/resources/documents/CSP_Authorization_Playbook_Getting_Started_with_FedRAMP.pdf" target="_blank">Download</a>
+						<a class="partners-download policy-pdf" href="{{site.baseurl}}/assets/resources/documents/CSP_Authorization_Playbook.pdf" target="_blank">Download</a>
 					</div>
 				</div>