Merge pull request #1164 from GSA/1009-not-so-small-updates

1009-not-so-small-updates
GSA · Oct 10, 2024 · 86f13f3 · 86f13f3
2 parents a10f50b + 3eeb375
commit 86f13f3
Show file tree

Hide file tree

Showing 3 changed files with 11,887 additions and 10,027 deletions.
diff --git a/_ficampmo/gsapkissp.md b/_ficampmo/gsapkissp.md
@@ -237,11 +237,15 @@ The Security Authorization provides organizational accountability by requiring a
 - If approved, the AO signs and issues an ATO.
 - The SSP performs risk management activities documented in the IT Security Procedural Guide: *Managing Enterprise Cybersecurity Risk CIO-IT Security-06-30 and the SSP Handbook.*
 
-<span style="color:red;">**NOTE:**</span> The ATO is not a governmentwide risk acceptance. Each federal agency must issue an ATO for its own use of the SSP services and review continuous monitoring deliverables to ensure the security posture remains sufﬁcient for their continued use.
-
-To avoid signiﬁcant delays, a SSP should not use their own versions of SA&A-related documents or templates. It is important for the SSP to consider the resources needed for ongoing risk management activities.
+<div class="usa-alert usa-alert--error" role="alert">
+  <div class="usa-alert__body">
+    <h4 class="usa-alert__heading"></h4>
+    <p class="usa-alert__text">
+      The ATO is not a governmentwide risk acceptance. Each federal agency must issue an ATO for its own use of the SSP services and review continuous monitoring deliverables to ensure the security posture remains sufﬁcient for their continued use. To avoid signiﬁcant delays, a SSP should not use their own versions of SA&A-related documents or templates. It is important for the SSP to consider the resources needed for ongoing risk management activities. Once a vendor receives an ATO, they apply to the GSA Multiple Award Schedule to complete the process and be recognized as a GSA PKI SSP.
+    </p>
+  </div>
+</div>
 
-Once a vendor receives an ATO, they apply to the GSA Multiple Award Schedule to complete the process and be recognized as a GSA PKI SSP.
 
 ### Step 5 -Apply to GSA MAS and Get Listed as an Identity Trusted Service
 
@@ -252,9 +256,15 @@ Upon receiving an ATO and being conﬁrmed as a GSA PKI SSP, the vendor is ready
 - Submit an Information Technology Package for GSA Special Item Number (SIN) 541519PKI on the GSA MAS. For assistance, please visit the GSA’s website: [https://www.gsa.gov/buy-through-us/purchasing-programs/multiple-award-schedule/help-with-mas-contracts-to-sell-to-government/roadmap-to-get-a-mas-contract](https://www.gsa.gov/buy-through-us/purchasing-programs/multiple-award-schedule/help-with-mas-contracts-to-sell-to-government/roadmap-to-get-a-mas-contract){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} 
 - Collaborate with the FAS to clarify or supplement the package for contract determination.
 
-<span style="color:red;">**NOTE:**</span> If the OCISO and SSP Program Ofﬁce believe the SAR will be favorable based on preliminary reviews and discussions, the SSP does not have to wait for the ATO letter to submit an Information Technology Package to FAS. These efforts can be worked in parallel to offer digital certiﬁcate services on the day of receiving the ATO letter.
+<div class="usa-alert usa-alert--error" role="alert">
+  <div class="usa-alert__body">
+      <h4 class="usa-alert__heading"></h4>
+      <p class="usa-alert__text">
+        If the OCISO and SSP Program Ofﬁce believe the SAR will be favorable based on preliminary reviews and discussions, the SSP does not have to wait for the ATO letter to submit an Information Technology Package to FAS. These efforts can be worked in parallel to offer digital certiﬁcate services on the day of receiving the ATO letter. After the vendor is listed on the GSA MAS, the vendor submits a business and technical point of contact to the GSA PKI SSP Program Ofﬁce. This information is publicly posted on <a href="{{site.baseurl}}/trust-services/#government-identity-services" target="_blank" rel="noopener noreferrer">idmanagement.gov under Government Identity Trust Service</a> to identify the vendor as a GSA PKI SSP and assist agencies in identifying federally-compliant PKI services. GSA will market the Multiple Award Schedule and vendors listed on it as the premier vehicle for Federal Government agencies to acquire federally-compliant PKI services.
+      </p>
+  </div>
+</div>
 
-After the vendor is listed on the GSA MAS, the vendor submits a business and technical point of contact to the GSA PKI SSP Program Ofﬁce. This information is publicly posted on [idmanagement.gov under Government Identity Trust Services]({{site.baseurl}}/trust-services/#government-identity-services){:target="_blank"}{:rel="noopener noreferrer"}  to identify the vendor as a GSA PKI SSP and assist agencies in identifying federally-compliant PKI services. GSA will market the Multiple Award Schedule and vendors listed on it as the premier vehicle for Federal Government agencies to acquire federally-compliant PKI services.
 
 ## Maintenance Activities
 

diff --git a/_implement/introduction.md b/_implement/introduction.md
@@ -13,7 +13,6 @@ subnav:
     href: '#icam-troubleshooting-tools'
   - text: Find Additional Guides
     href: '#find-additional-guides'
-
 ---
 
 <div class="usa-alert usa-alert--error" role="alert">
@@ -41,7 +40,7 @@ The majority of engineering guides are focused on helping agencies configure PIV
 
 2. Cloud Certificate-based Authentication Configuration
    1. [Cloud or Hybrid-Joined Azure Entra ID]({{site.baseurl}}/implement/cba-azure/)
-   2. Okta (Coming soon!)
+   2. [Okta Yubikey Implementation Guide]({{site.baseurl}}/implement/yubikey-guide/)
 
 3. FIDO2 Configuration
    1. [Windows Hello for Business]({{site.baseurl}}/implement/whfb)