chore: fix spelling errors #275

src/examples/ap/xml/ifa_assessment-plan-example.xml

@@ -52,7 +52,7 @@
                 </description>
             </step>
             <step uuid="3d0297de-e47b-4360-b9c3-cf5c425f86cd">
-                <title>Obtain Applcation Access Provided by Product Team</title>
+                <title>Obtain Application Access Provided by Product Team</title>
                 <description>
                     <p>The assessor will obtain non-privileged account credentials with the PAO
                         staff role to test this role in the application does not permit excessive

src/examples/ar/xml/ifa_assessment-results-example.xml

@@ -145,7 +145,7 @@
             <remarks>
                 <p>The assessor's security automation platform analyzed all roles specific to the
                     GoodRead Product Team, not those managed by the Office of Information
-                    Technology. The <code>IFA-GoodRead-SystemEnginer</code> role in their respective
+                    Technology. The <code>IFA-GoodRead-SystemEngineer</code> role in their respective
                     AwesomeCloud account permitted use of the following high-risk actions.</p>
                 <ul>
                     <li>awesomecloud:auditlog:DeleteAccountAuditLog</li>
@@ -188,7 +188,7 @@
                     Regardless of the extent and duration of a potential incident, such a
                     configuration greatly increases the risk of an insider threat if there were
                     likely to a potential insider threat in the GoodRead Product Team.</p>
-                <p>If such an insider threat existed and acted with this misconfigruatio, the
+                <p>If such an insider threat existed and acted with this misconfigruation, the
                     resulting event could cause significant financial and reputational risk to IFA's
                     Administrator, executive staff, and the agency overall.</p>
             </statement>

src/examples/poam/xml/ifa_plan-of-action-and-milestones.xml

@@ -38,7 +38,7 @@
         <remarks>
             <p>The assessor's security automation platform analyzed all roles specific to the
                 GoodRead Product Team, not those managed by the Office of Information Technology.
-                The <code>IFA-GoodRead-SystemEnginer</code> role in their respective AwesomeCloud
+                The <code>IFA-GoodRead-SystemEngineer</code> role in their respective AwesomeCloud
                 account permitted use of the following high-risk actions.</p>
             <ul>
                 <li>awesomecloud:auditlog:DeleteAccountAuditLog</li>
@@ -75,15 +75,15 @@
         <mitigating-factor uuid="401c15c9-ad6b-4d4a-a591-7d53a3abb3b6">
             <description>
                 <p>The GoodRead application is designed and implemented to only allow access to the
-                    administrative functions for those with PAO staff fole via the VPN via network
+                    administrative functions for those with PAO staff role via the VPN via network
                     configuration between the IFA Enterprise Support Systems and the GoodRead
                     AwesomeCloud account. Additionally, the load balanacer configuration only allows
                     access to view shortlinks from the public internet.</p>
             </description>
         </mitigating-factor>
         <deadline>2024-01-01T05:00:00-04:00</deadline>
         <response uuid="d28873f7-0a45-476d-9cd3-1d2ec0b8bca1" lifecycle="planned">
-            <title>IFA-GOODREAD-RISK1-RESPONSE: IFA GoodRead Prouct Team Response</title>
+            <title>IFA-GOODREAD-RISK1-RESPONSE: IFA GoodRead Product Team Response</title>
             <description>
                 <p>The GoodRead Product Team does not have sufficient personnel and budget to
                     implement the required changes in their use of the Django Framework and its
@@ -100,7 +100,7 @@
                 <description>
                     <p>The owner, ISSO, and product team of the GoodRead Project intend to complete
                         the necessary development between September 2023 and December 2023. Whether
-                        or not the necessary development for remedation is complete, the product
+                        or not the necessary development for remediation is complete, the product
                         team's project manager will submit the final annual report. They will
                         identify this work item and whether it has been completed.</p>
                 </description>
@@ -129,7 +129,7 @@
                 duration of a potential incident, such a configuration greatly increases the risk of
                 an insider threat if there were likely to a potential insider threat in the GoodRead
                 Product Team.</p>
-            <p>If such an insider threat existed and acted with this misconfigruatio, the resulting
+            <p>If such an insider threat existed and acted with this n, the resulting
                 event could cause significant financial and reputational risk to IFA's
                 Administrator, executive staff, and the agency overall.</p>
         </statement>
@@ -143,9 +143,9 @@
         </characterization>
         <deadline>2023-06-23T17:00:00-04:00</deadline>
         <response uuid="4676b126-ba6d-40cc-9dc8-f2aa677b03ee" lifecycle="planned">
-            <title>IFA-GOODREAD-RISK1-RESPONSE: IFA GoodRead Prouct Team Response</title>
+            <title>IFA-GOODREAD-RISK1-RESPONSE: IFA GoodRead Product Team Response</title>
             <description>
-                <p>The GoodRead Product Team does not have siginficant mitigations or compensating
+                <p>The GoodRead Product Team does not have significant mitigations or compensating
                     controls to counter this risk, even if likelihood is low. The IFA CISO has cited
                     ongoing guidance that potential insider threat risks be prioritized above
                     alternative categories of risk for this quarter. Additionally, there is
@@ -177,7 +177,7 @@
         <title>Update Django Framework Configuration to Disable Default Admin Panel</title>
         <description>
             <p>Budget and technical staff are needed to re-design and re-implement a part of the
-                GoodRead application's use of a web appplication programming framework to mitigate
+                GoodRead application's use of a web application programming framework to mitigate
                 the risk of low privilege users directly modifying the database of this application.
                 This application is a high-visibility service and integral to future operations of
                 the IFA Office of Public Affairs and its staff.</p>

src/examples/ssp/xml/ifa_ssp-example.xml

@@ -252,7 +252,7 @@
                     <p>The IFA GoodRead application and infrastructure are composed as designed and implemented with lease privilege for the elements of this system.</p>
                     <p>For the IFA GoodRead application, the custom application is designed and implemented on top of the Django Framework to enforce least privilege. The application has a role for IFA Public Affairs Officers and one for the developers for privileged permissions, respectively. Only the latter can access or change administrative and security configurations and related data.</p>
                     <p>The Django Framework and Django REST Framework (DRF), by default, allows any user with the <code>is_staff</code> role attribute to access administrative functions in an application using the framework. IFA GoodRead developers have disabled this behavior, relying on the custom roles identified in the relevant section.</p>
-                    <p>For the IFA GoodRead database, the system account and accredentials for the application to read and write to the system datastore has specific read and write authorization for specific tables. This database service account does not have full administrative permissions to add, modify, or delete all respective tables. For the production environment, only the IFA GoodRead developer has a dedicated account with equivalent permissions. Only local network socket access, within in the Linux server, is permitted by host firewall configuration. Remote access, privileged or unprivileged, is not allowed remotely and the system engineer must locally authenticate for access.</p>
+                    <p>For the IFA GoodRead database, the system account and credentials for the application to read and write to the system datastore has specific read and write authorization for specific tables. This database service account does not have full administrative permissions to add, modify, or delete all respective tables. For the production environment, only the IFA GoodRead developer has a dedicated account with equivalent permissions. Only local network socket access, within in the Linux server, is permitted by host firewall configuration. Remote access, privileged or unprivileged, is not allowed remotely and the system engineer must locally authenticate for access.</p>
                     <p>For the RedHat Linux server upon which the IFA GoodRead application is deployed in this system, only the system engineer has a non-privileged user to log in remotely via the SSH protocol to perform ad-hoc inspection, monthly log review as required by policy and procedure, and emergency debugging of the system. Privileged system administration operations may only be performed with the <code>sudo</code> subsystem which requires a password, two-factor authentication, and has enhanced logging of all commands executed. The system engineer must log in remotely and then use <code>sudo</code> to elevate privileges. Remote access with the privileged account is prohibited by configuration and attempts are logged.</p>
                     <p>For this remote SSH access, least privilege is additionally enforced by allowing this access via a specific network zone in the IFA GoodRead AwesomeCloud account accessible to only the system engineer via IFA's VPN solution, which requires the system engineer use a dedicated account with their own password and two-factor authentication token.</p>
                     <p>For cloud account and API access to reconfigure the Linux server and its load balancer, administrative access is only allowed for the system engineer via a special AwesomeCloud IAM role. The authentication and authorization for this role is controlled by an integration with the organization's single sign-on solution. This solution will only be accessible and correctly execute for them when they are on the VPN with their account with traffic forwarded to the appropriate network zone in the IFA GoodRead account in AwesomeCloud. It will not work the developer or any staff users of the application.</p>

src/examples/ssp/xml/oscal_leveraged-example_ssp.xml

@@ -180,7 +180,7 @@ Cust-A    Cust-B    Cust-C
                         <provided uuid="11111111-0000-4000-9009-002001001001">
                             <description>
                                 <p>Consumer-appropriate description of what a leveraging system may
-                                    inherite from THIS SYSTEM in the context of satisfying
+                                    inherit from THIS SYSTEM in the context of satisfying
                                     satisfaction of AC-2, part a.</p>
                             </description>
                             <responsible-role role-id="poc-for-customers">

src/examples/ssp/xml/oscal_leveraging-example_ssp.xml

@@ -155,7 +155,7 @@ Cust-A    Cust-B    Cust-C
       <component uuid="22222222-0000-4000-9001-000000000003" type="appliance">
          <title>Access Control Appliance</title>
          <description>
-            <p>An access control virtual appliance, wich performs XYZ functions.</p>
+            <p>An access control virtual appliance that performs XYZ functions.</p>
          </description>
          <prop name="implementation-point" value="internal" />
          <prop name="virtual" value="yes" />