From 7becd8d2958e57a9f9987973a586d4a3c1d3d6a2 Mon Sep 17 00:00:00 2001 From: James Hochadel Date: Tue, 21 Nov 2023 16:20:34 -0500 Subject: [PATCH] Platform operators should review engineering practices when onboarding Motivated by FedRAMP requirements for containers; see container section of linked documentation. --- .github/ISSUE_TEMPLATE/onboard-platform-ops.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md b/.github/ISSUE_TEMPLATE/onboard-platform-ops.md index a42b827..9ebf7f2 100644 --- a/.github/ISSUE_TEMPLATE/onboard-platform-ops.md +++ b/.github/ISSUE_TEMPLATE/onboard-platform-ops.md @@ -66,6 +66,7 @@ For the three trainings list at the top, your onboarding buddy will create a sep - [ ] Read the [Configuration Management Plan](https://cloud.gov/docs/ops/configuration-management/). - [ ] Read the [cloud.gov Security Policies and Procedures](https://github.com/cloud-gov/cg-compliance-docs). These documents explain the high-level policies and procedures we must comply with while running cloud.gov, sorted into security control "families" They explain that we follow GSA IT security policy, and they provide a summary of the procedures in our System Security Plan. - [ ] Review the System Security Plan (the latest version lives on [Google Drive](https://drive.google.com/drive/u/0/folders/0B6fPl5s12igNX3JwR2xFZVpmek0); look for "cloud.gov System Security Plan (SSP)" as a _.docx_ file). Of particular note for onboarding: Section 9 (System Description) and Section 10 (System Environment) +* [ ] Review the team's [Engineering Practices](https://github.com/cloud-gov/internal-docs/tree/main/docs/resources/Engineering-Practices). Some of these are mandatory because they fulfill FedRAMP requirements. ### Getting to know cloud.gov