From d3a82b76ca8dbd644bfde16ca65eb8a69f4a691f Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Wed, 24 Jan 2024 17:36:22 -0500
Subject: [PATCH 01/20] Remove outdated links, add more recent ones, and
 normalize link format

---
 PertinentLinks.md     | 66 ++++++++++++++++++-------------------------
 import_bookmarks.html | 35 +++++++++++++----------
 2 files changed, 48 insertions(+), 53 deletions(-)

diff --git a/PertinentLinks.md b/PertinentLinks.md
index e5e5d22..ad3c1d9 100644
--- a/PertinentLinks.md
+++ b/PertinentLinks.md
@@ -1,54 +1,44 @@
 # Pertinent links for the cloud.gov team
 
-As a highly motivated and distributed team, there are many links that we use to
-communicate effectively as a team. Below are a list of pertinent links that
-should be bookmarked and encouraged to check on a regular basis.
-For easy import of these bookmarks download and import [import_bookmarks.html](./import_bookmarks.html) in your browser. 
+As a highly motivated and distributed team, there are many links that we use to communicate effectively as a team. Below are a list of pertinent links that should be bookmarked and encouraged to check on a regular basis. For easy import of these bookmarks download and import [import_bookmarks.html](./import_bookmarks.html) in your browser.
 
-#### General cloud.gov items
+## Work and knowledge management
 
-- [Project board (project tracking)](https://github.com/orgs/cloud-gov/projects/2)
-- [cloud.gov Beta dashboard](https://dashboard-beta.fr.cloud.gov/) :lock:
-- [cloud.gov dashboard](https://dashboard.fr.cloud.gov/) :lock:
-- [cloud.gov Google Drive folder][cg-drive-folder] :lock:
-- [cloud.gov `cg-site` repository](https://github.com/cloud-gov/cg-site/)
+- [cloud.gov Roadmap GitHub Project](https://github.com/orgs/cloud-gov/projects/25) - public roadmap of epics, which are planned at a quarterly level
+- [cloud.gov Team GitHub Project](https://github.com/orgs/cloud-gov/projects/27) :lock: - private board for tracking individual work items, planned sprint-by-sprint
+- [cloud.gov All Staff Google Drive](https://drive.google.com/drive/folders/0ANH-Bql6mXGBUk9PVA) :lock:
+- [cloud.gov Federal Employees Google Drive](https://drive.google.com/drive/folders/0AE_c0OLGmVIgUk9PVA) :lock:
 
-#### Slack channels
-- [Program channel][slack-program] :lock:
-- [Support channel][slack-support] :lock:
-- [Business Development channel][slack-business] :lock:
-- [Compliance channel][slack-compliance] :lock:
-- [Platform Operations channel][slack-platform] :lock:
+## cloud.gov system links
 
-#### Platform Operations
+- [cloud.gov dashboard](https://dashboard.fr.cloud.gov/) :lock:
+- [cloud.gov logs](https://logs-platform.fr.cloud.gov/) :lock:
+- [cloud.gov Cloud Foundry API endpoint](http://api.fr.cloud.gov/) :lock: - Most requests require authentication, but the root returns some metadata.
 
-- [Developer Documentation GDrive](https://drive.google.com/drive/folders/1-JuCl9WmxjOMPNCUI49srHHuEtkA4BoE)
-- [ZenDesk support tickets](https://cloud-gov.zendesk.com/agent/dashboard) :lock: (SSO)
-- [AWS GovCloud console][aws-fr-console] :lock:
-- [Concourse GovCloud](https://ci.fr.cloud.gov/) :lock:
-- [cloud.gov repositories][github-cloud-gov-cg]
-- [cloud.gov deployment repositories][github-cloud-gov-cg-deploy]
+## Slack channels
 
-#### Business Development
+See onboarding ticket(s).
 
-- Add items here, if it's useful!
+## Engineering
 
-[slack-business]: https://gsa-tts.slack.com/channels/cg-business
-[slack-compliance]: https://gsa-tts.slack.com/channels/cg-compliance
-[slack-platform]: https://gsa-tts.slack.com/channels/cg-platform
-[slack-program]: https://gsa-tts.slack.com/channels/cg-program
-[slack-support]: https://gsa-tts.slack.com/channels/cg-support
-
-[aws-fr-console]: https://signin.amazonaws-us-gov.com/?region=us-gov-west-1
+- [Internal Documentation](https://github.com/cloud-gov/internal-docs) :lock:
+- [ZenDesk support tickets](https://cloud-gov.zendesk.com/agent/dashboard) :lock:
+- [AWS GovCloud console](https://signin.amazonaws-us-gov.com/?region=us-gov-west-1) :lock:
+- [Concourse, our CI/CD tool](https://ci.fr.cloud.gov/) :lock:
+- [cloud.gov git repositories](https://github.com/cloud-gov)
+- [cloud.gov deployment repositories](https://github.com/search?utf8=✓&q=org%3Acloud-gov+cg-deploy-&type=Repositories&ref=searchresults)
+- [cloud.gov `cg-site` repository](https://github.com/cloud-gov/cg-site/)
+- [Cloud Foundry API v3 reference](http://v3-apidocs.cloudfoundry.org/version/3.126.0/index.html)
+- [Control Freak, an unofficial reference for NIST 800-53 controls](https://controlfreak.risk-redux.io)
+- [GSA IT Software Approval standards](https://sites.google.com/a/gsa.gov/it_standards/software-approvals)
 
-[cg-dashboard]: https://dashboard.fr.cloud.gov/
-[cg-drive-folder]: https://drive.google.com/drive/folders/0Bx6EvBXVDWwheUtVckVnOE1pRzA
+## Business Development
 
-[github-cloud-gov-cg]: https://github.com/search?utf8=✓&q=org%3Acloud-gov+cg-&type=Repositories&ref=searchresults
-[github-cloud-gov-cg-deploy]: https://github.com/search?utf8=✓&q=org%3Acloud-gov+cg-deploy-&type=Repositories&ref=searchresults
+- Add items here, if it's useful!
 
-### Historical/context docs
+## Historical/context docs
 
 - ["cloud.gov: What is it?"](https://docs.google.com/presentation/d/1nCcti3dXG9TVGW3OqaWtnf96oXX8U8SBTM_WePFO_dg/edit#slide=id.p) a rundown of what cloud.gov is and does (specifically slides 1-37; the rest are somewhat outdated)
-- [January 2016 cloud.gov "Executive Business Case" document](https://docs.google.com/document/d/138OcG0Lt6gr9J0wM0TzzPNyTROmYAwfLIDujtweiwGw/edit#) greater context about cloud.gov's potential impact in government.
+- [January 2016 cloud.gov "Executive Business Case" document](https://docs.google.com/document/d/138OcG0Lt6gr9J0wM0TzzPNyTROmYAwfLIDujtweiwGw/edit) greater context about cloud.gov's potential impact in government.
 - [House Oversight and Government Reform Committee (July 12 2017) document](https://docs.google.com/document/d/1kDJdaPw7DSBPSa-XH-YsQpJVOmRKSK8sAghNhPFpegE/edit) official answers to important questions such as "Why would agencies use cloud.gov instead of building their own?"
+- [A collaborative combined cultural history of TTS](https://docs.google.com/document/d/1TZNX3G86G4zY56YVJCXW4L9GKL6_nfsTPSL-SDxmSVs/edit#heading=h.8y88hrufdsp)
diff --git a/import_bookmarks.html b/import_bookmarks.html
index d4a71d2..b5bc941 100644
--- a/import_bookmarks.html
+++ b/import_bookmarks.html
@@ -6,33 +6,38 @@
 <TITLE>Bookmarks</TITLE>
 <H1>Bookmarks</H1>
 <DL><p>
-    <DT><H3>Cloud.Gov</H3>
+    <DT><H3>cloud.gov</H3>
         <DL><p>
             <DT><H3>General Links</H3>
             <DL><p>
-                <DT><A HREF="https://github.com/orgs/cloud-gov/projects/2">Project Board</A>
+                <DT><A HREF="https://github.com/orgs/cloud-gov/projects/25">Roadmap Board</A>
+                <DT><A HREF="https://github.com/orgs/cloud-gov/projects/27">Team Board</A>
+                <DT><A HREF="https://drive.google.com/drive/folders/0ANH-Bql6mXGBUk9PVA">All Staff</A>
+                <DT><A HREF="https://drive.google.com/drive/folders/0AE_c0OLGmVIgUk9PVA">Fed Only</A>
                 <DT><A HREF="https://github.com/cloud-gov">Cloud.gov Github</A>
                 <DT><A HREF="https://login.fr.cloud.gov/login">prod-dashboard cloud.gov</A>
                 <DT><A HREF="https://dashboard-beta.fr.cloud.gov/" >beta-dashboard cloud.gov</A>
                 <DT><A HREF="https://github.com/cloud-gov/cg-site/">cloud.gov cg-site repo</A>
             </DL><p>
-            <DT><H3>Slack Channels</H3>
-                <DL><p>
-                    <DT><A HREF="https://gsa-tts.slack.com/channels/cg-program">Program Channel</A> #cg-support
-                    <DT><A HREF="https://gsa-tts.slack.com/channels/cg-support">Support Channel</A>
-                    <DT><A HREF="https://gsa-tts.slack.com/channels/cg-business">Business Development Channel</A>
-                    <DT><A HREF="https://gsa-tts.slack.com/channels/cg-compliance" >Compliance Channel </A>
-                    <DT><A HREF="https://gsa-tts.slack.com/channels/cg-platform">Platform Operations Channel</A>
-                </DL><p>
-            <DT><H3>Platform Operations</H3>
+            <DT><H3>cloud.gov system</H3>
+            <DL><p>
+                <DT><A HREF="https://dashboard.fr.cloud.gov/">Dashboard</A>
+                <DT><A HREF="https://logs-platform.fr.cloud.gov/">Logs</A>
+                <DT><A HREF="http://api.fr.cloud.gov/">API Endpoint</A>
+            </DL><p>
+            <DT><H3>Engineering</H3>
                 <DL><p>
-                    <DT><A HREF="https://drive.google.com/drive/folders/1-JuCl9WmxjOMPNCUI49srHHuEtkA4BoE"> Developer Documentation GDrive </A>
-                    <DT><A HREF="https://cloud-gov.zendesk.com/agent/dashboard">zendesk support tickets </A>
+                    <DT><A HREF="https://github.com/cloud-gov/internal-docs">Internal Documentation</A>
+                    <DT><A HREF="https://cloud-gov.zendesk.com/agent/dashboard">ZenDesk support tickets</A>
                     <DT><A HREF="https://signin.aws.amazon.com/console">AWS Commercial Console</A>  
                     <DT><A HREF="https://signin.amazonaws-us-gov.com/?region=us-gov-west-1">AWS GovCloud Console</A>
-                    <DT><A HREF="https://ci.fr.cloud.gov/">Concourse GovCloud </A>
-                    <DT><A HREF="https://github.com/search?utf8=%E2%9C%93&q=org%3Acloud-gov+cg-&type=Repositories&ref=searchresults">cloud.gov repositories </A>
+                    <DT><A HREF="https://ci.fr.cloud.gov/">Concourse CI</A>
+                    <DT><A HREF="https://github.com/cloud-gov">cloud.gov git repositories</A>
                     <DT><A HREF="https://github.com/search?utf8=%E2%9C%93&q=org%3Acloud-gov+cg-deploy-&type=Repositories&ref=searchresults">cloud.gov deployment repositories</A>           
+                    <DT><A HREF="https://github.com/cloud-gov/cg-site/">cg-site repository</A>
+                    <DT><A HREF="http://v3-apidocs.cloudfoundry.org/version/3.126.0/index.html">CF v3 API Reference</A>
+                    <DT><A HREF="https://controlfreak.risk-redux.io">Control Freak</A>
+                    <DT><A HREF="https://sites.google.com/a/gsa.gov/it_standards/software-approvals">IT Software Approvals</A>
                 </DL><p>
         </DL></p>
 </DL><p>

From 576949e08be4852b781a30953b3f6ff9d14b0894 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Thu, 25 Jan 2024 10:03:58 -0500
Subject: [PATCH 02/20] Factor out common onboarding steps from engineer
 onboarding

New staff will now be assigned two onboarding tickets: A general ticket that applies to all roles, and a role-specific ticket. Factoring out the common elements instead of having them duplicated across multiple templates will reduce drift, and replacing one large all-purpose ticket with two more-focused tickets will make onboarding easier.
---
 .github/ISSUE_TEMPLATE/onboard-engineer.md    | 133 ++-------------
 .github/ISSUE_TEMPLATE/onboard-team-member.md | 151 ++++++++++--------
 2 files changed, 104 insertions(+), 180 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index d38e486..618f7e9 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -21,48 +21,11 @@ assignees: ''
 
 ---
 
-In order to get `New Person` productively contributing to the cloud.gov team, `Buddy` should help `New Person` complete a prescribed set of tasks that will bring them up to speed and get them setup with cloud.gov.
-
-## Instructions
-
-1. Try to go through the checklists in order.
-2. If `Buddy` can’t complete any of the items on their checklist personally, _they are responsible for ensuring that someone with the correct access completes that item_.
-
-## Required items for all team members
-
-These items help us fulfill security and compliance requirements (including for FedRAMP). If you get stuck, or if these requirements are confusing, ask for help from your buddy or in a cloud.gov channel.
-
-- [ ] Take judicious notes on what about this onboarding process or cloud.gov is confusing or frustrating. If you notice a problem (especially with things like documentation), you are more than welcome to fix it! At the very least, please share this information with your onboarding buddy (or someone) at some point so we can make the team/platform better. (You can also file issues and pull requests on [the template Onboarding checklist](https://github.com/cloud-gov/product/blob/main/.github/ISSUE_TEMPLATE/onboard-platform-ops.md).
-- [ ] Be sure to introduce yourself and follow up with your onboarding buddy (they should have reached out to you at this point; if they haven't, please let the team know) and make sure this issue is assigned to them in our [Github Project Planning Board](https://github.com/orgs/cloud-gov/projects/27/views/1). We use this board to organize, prioritize, and track our work.
-
-### Pre-requisites
-
-- [ ] Complete [GSA OLU](https://gsaolu.gsa.gov/) IT Security & Privacy Awareness Training, which includes accepting the GSA IT Rules of Behavior. This is required before we can give you access to any cloud.gov systems. If you joined GSA more than two months ago, you've already completed this task and can check the box.
-
-### Fulfill security and compliance requirements (including for FedRAMP) - Completed by onboarding buddy
-
-- [ ] Make sure they're in the [Team Roster](https://docs.google.com/spreadsheets/d/187663k5MYJBNlKExLu_nhuovcZQfIbqYCu2n4noNY1o/edit#gid=0).
-- [ ] Add their name, whether they're Cloud Operations, and the date they joined the team to the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0).
-  - Copy the formulas for the due dates from an existing row (grab the "corner" of the cells and pull down).
-  - As they complete training, fill out their completion dates in the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0).
-- [ ] Add them to the @cloud-gov-team [in Slack’s Team Directory](https://get.slack.help/hc/en-us/articles/212906697-User-Groups#edit-a-user-group).
-- [ ] Inform them of recurring cloud.gov meetings that are relevant for them in [the team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&amp;ctz=America/Los_Angeles) (they will get access to this when added to the cloud.gov Team Google Group).
-- [ ] Add them on GitHub to the [`cloud-gov-team`](https://github.com/orgs/cloud-gov/teams/cloud-gov-team) team, which will automatically invite them to our [`cloud-gov`](https://github.com/orgs/cloud-gov/people) organization.
-
-### Complete cloud.gov trainings
-
-Onboarding buddy: Contact the compliance team in [#cg-compliance](https://gsa.enterprise.slack.com/archives/C0A1Z7L2U) to schedule training(s).
-
-All team members:
-
-- [ ] Coordinate with your onboarding buddy to schedule [nonpublic information training](https://docs.google.com/presentation/d/1uB4MlGCu8ZYUxjKVZKwicQ95MvLxaT4Mh93y6w79GPw/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following documents, which you should also review before or after training:
-  - [ ] Review the [cloud.gov open source policy guidance about protecting sensitive information](https://github.com/18F/open-source-policy/blob/master/practice.md#protecting-sensitive-information).
-  - [ ] Read our [sharing secret keys](https://cloud.gov/docs/ops/secrets/#sharing-secret-keys) policy.
-  - [ ] Review the [TTS requirements for password management](https://handbook.tts.gsa.gov/general-information-and-resources/tech-policies/password-requirements/).
+## Complete additional cloud.gov trainings
 
 <details>
   <summary>
-    Federal employees and staff contractors, expand this section:
+    Federal employees and staff contractors, expand this section. Not applicable to project contractors.
   </summary>
 
 Engineers who are federal employees and staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following:
@@ -74,10 +37,11 @@ Engineers who are federal employees and staff contractors have a Contingency Pla
 
 </details>
 
-### Learn more policies and procedures
+### Learn our policies and procedures
 
 In addition to the topics in [the trainings section](#complete-cloudgov-trainings), review the following documents:
 
+- [ ] Review the [cloud.gov open source policy guidance about protecting sensitive information](https://github.com/18F/open-source-policy/blob/master/practice.md#protecting-sensitive-information).
 - [ ] Read the [Continuous Monitoring Strategy](https://cloud.gov/docs/ops/continuous-monitoring/), particularly the [cloud.gov team responsibilities](https://cloud.gov/docs/ops/continuous-monitoring/#cloud-gov-team).
 - [ ] Read the [Configuration Management Plan](https://cloud.gov/docs/ops/configuration-management/).
 - [ ] Read the [cloud.gov Security Policies and Procedures](https://github.com/cloud-gov/cg-compliance-docs). These documents explain the high-level policies and procedures we must comply with while running cloud.gov, sorted into security control "families" They explain that we follow GSA IT security policy, and they provide a summary of the procedures in our System Security Plan.
@@ -86,14 +50,9 @@ In addition to the topics in [the trainings section](#complete-cloudgov-training
 
 ### Getting to know cloud.gov
 
-These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc.  While you should take the time to go through them, please do not try and tackle it all in one shot!  It can become overwhelming very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work.
-
 Resources on cloud.gov:
 
 - [ ] View the video: [A Technical Overview of cloud.gov](https://youtu.be/lwQCDeIm1Es)
-- [ ] Read [the team onboarding document](https://github.com/cloud-gov/product/blob/master/Onboarding.md) for more context about cloud.gov.
-- [ ] Bookmark the [pertinent links listed here](https://github.com/cloud-gov/product/blob/master/PertinentLinks.md).
-- [ ] Read through [the Overview section of our site](https://cloud.gov/docs/overview/what-is-cloudgov/) for a broader understanding of cloud.gov, especially how we present it to potential customers and users.
 - [ ] Read the [Delivery Process document](https://github.com/cloud-gov/product/blob/master/StoryLifecycle.md) to learn about how we work.
 - [ ] Read our [service disruption guide](https://cloud.gov/docs/ops/service-disruption-guide/) to learn how we handle customer-facing service disruptions.
 
@@ -109,37 +68,8 @@ Getting hands-on with cloud.gov:
 - [ ] [Sign up for a cloud.gov sandbox](https://cloud.gov/sign-up/#get-trial-access-and-a-free-sandbox-space) using your GSA email address and start experimenting to get familiar with the basics of the PaaS from a user's perspective.
   - This is also required in order to make you a platform admin once you've completed the Cybersecurity and Privacy training.
 
-Team resources:
-
-You will automatically be added to one or more Google Drives: the [Cloud.gov All Staff Drive](https://drive.google.com/drive/folders/0ANH-Bql6mXGBUk9PVA) and, for federal employees, the [Cloud.gov Federal Employees Drive](https://drive.google.com/drive/folders/0AE_c0OLGmVIgUk9PVA). Put all documents related to cloud.gov in the appropriate shared drive so the team can access them and meet federal records requirements. Each drive contains a folder for each squad, and each squad folder contains a "wiki" that explains how the sub-folders are structured.
-
-<details>
-  <summary>
-    Federal employees and staff contractors, expand this section:
-  </summary>
-
-- [ ] Subscribe to [the cloud.gov team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&amp;ctz=America/Los_Angeles) (click the + in the bottom right) so you know when assorted team meetings are happening in the various squads. Tip: When you plan Out of Office time, make a calendar event for that on the cloud.gov calendar so that your teammates know you'll be away
-
-</details>
-
 ### Slack channels
 
-The following cloud.gov channels are public and all team members are welcome to join:
-
-- [ ] `#cg-aws-status` - bots post announcements about AWS service outages/incidents
-- [ ] `#cg-business` - business development (if applicable)
-- [ ] `#cg-compliance` - compliance-related information and discussion
-- [ ] `#cg-customer-success` - customer success squad channel
-- [ ] `#cg-general` - program-level information and discussion
-- [ ] `#cg-offtopic` - off-topic team sharing
-- [ ] `#cg-platform-news` (🗣️) - bots post platform alerts (mostly CI job notifications)
-- [ ] `#cg-platform` - platform operations
-- [ ] `#cg-support` (🗣️) - support requests and assistance within TTS
-- [ ] `#cg-supportstream` (🗣️) - stream of activity on Zendesk tickets
-- [ ] `#cloud-gov` (🗣️) - bots post announcements here
-
-Channels marked with (🗣️) receive a lot of messages, either from customers or bots, and you may want to mute them.
-
 Project contractors: Your buddy will add you to the private channel for your project.
 
 <details>
@@ -158,8 +88,6 @@ Your onboarding buddy will add you to these Slack channels:
 
 Lastly, for federal employees only:
 
-- [ ] `#cg-priv-gov` - may contain discussion of contracting-related or other private, federal-employee-only comms
-
 </details>
 
 ## Engineering-specific items
@@ -191,32 +119,10 @@ AWS user names should be identical across accounts so that permissions can be co
 
 Your onboarding buddy will create a separate ticket tied to this one to track the AWS accounts being granted full admin access.
 
-### Google Groups and Spaces
+## Google Groups and Spaces
 
-We manage calendar invites and Google Drive access using Google Groups. Some groups can also receive message from outside emails.
-
-- [ ] Project contractors: Add them to the [cloud.gov Project Contractors Google Group]() for access to the All Staff Google Drive.
-
-<details>
-  <summary>
-    Federal employees and staff contractors, expand this section:
-  </summary>
-
-Add them to the following Google Groups:
-
-- [ ] [cloud.gov Team](https://groups.google.com/a/gsa.gov/forum/?hl=en#!forum/cloud-gov) so they can participate in team-wide internal communication.
 - [ ] Business Unit Only - Add them to the [cloud.gov inquiries Google Group](https://groups.google.com/a/gsa.gov/forum/#!forum/cloud-gov-inquiries) so they can keep apprised of prospective new clients.
 
-And the following Google Space:
-
-- [ ] [CG-PRIV](https://mail.google.com/mail/u/0/#chat/space/AAAAr60JXAc), a fallback team communication channel in the event Slack is down.
-
-Lastly, for federal employees only:
-
-- [ ] [cloud.gov Federal Employees](https://groups.google.com/a/gsa.gov/g/cloud-gov-federal-employees/members)
-
-</details>
-
 ### Additional compliance setup/review
 
 - [ ] Install `caulking` git leak prevention by following the [README](https://github.com/cloud-gov/caulking/blob/master/README.md)
@@ -258,30 +164,23 @@ Project contractors: Check in with your project lead about first tasks.
 
 <details>
   <summary>
-    Federal employees and staff contractors, expand this for instructions.
+    Federal employees and staff contractors, expand this for instructions:
   </summary>
 
-Please work with your onboarding buddy and your squad to determine a platform component to work on first. Once you've identified the component you're going to focus on, your onboarding buddy will introduce you to someone who can onboard you to that project in specific. For the next few sprints, work on features, bugs, and improvements on this component. Reach out to your onboarding buddy or anyone else on the team if you need any help. Here are some easily-separated pieces to consider:
+The engineering team currently contains the following squads, each with their own projects:
 
-- S3 broker (Golang, Open Service Broker API)
-- Aws broker (Golang, Open Service Broker API)
-- Domain brokers and friends (New stuff is all python + Open Service Broker API):
-  - External-domain broker
-  - legacy domain broker
-  - cdn broker
-- Logging stack (BOSH, ELK)
-- Prometheus (BOSH)
-- Stratos (golang + js)
-- uaa-extras (python + OIDC)
-- shibboleth (Java, OIDC)
+* Assurance, which focuses on security and compliance
+* Platform, which maintains and improves cloud.gov, focusing on internals like our AWS architecture and Cloud Foundry
+* Customer Success, which focuses on customer-facing features like service brokers and observability tools
 
-</details>
+If you are not already assigned to a particular squad, work with your onboarding buddy to join squad standups and learn what each squad is working on.
 
+</details>
 
-## Compliance items
+## Assurance-specific items
 
-These are items that are only necessary for someone stepping into a compliance role, but you can still subscribe to the alerts and mailing lists if you're interested:
+These items are only mandatory for someone stepping into an Assurance squad role, but you are welcome to subscribe even if you are on another squad:
 
-- [ ] Subscribe to CISA alerts/updates: <https://www.cisa.gov/about/contact-us/subscribe-updates-cisa>
-- [ ] Subscribe to FedRAMP mailing lists: <https://public.govdelivery.com/accounts/USGSA/subscriber/topics?qsp=USGSA_2224>
+- [ ] Subscribe to CISA alerts/updates: https://www.cisa.gov/about/contact-us/subscribe-updates-cisa
+- [ ] Subscribe to FedRAMP mailing lists: https://public.govdelivery.com/accounts/USGSA/subscriber/topics?qsp=USGSA_2224
 - [ ] Read Compliance Lead documents at root of the [Google Drive Security and Compliance](https://drive.google.com/drive/u/0/folders/1_vAXZsdVFYssR1DRCaavBCoDE_uxQCI5) folder
diff --git a/.github/ISSUE_TEMPLATE/onboard-team-member.md b/.github/ISSUE_TEMPLATE/onboard-team-member.md
index 5e3f44d..2d97c3e 100644
--- a/.github/ISSUE_TEMPLATE/onboard-team-member.md
+++ b/.github/ISSUE_TEMPLATE/onboard-team-member.md
@@ -1,7 +1,7 @@
 ---
 name: Onboard New cloud.gov Team Member
 title: Checklist for Onboarding a New Team Member
-about: This is the checklist and requirements for onboarding a new team member to the cloud.gov team
+about: Onboarding checklist that applies to all team members. Paired with a role-specific checklist.
 labels: ''
 assignees: ''
 
@@ -13,94 +13,119 @@ assignees: ''
 
 - **Do not create this issue until the System Owner has formally authorized and requested it.**. You can get that OK by one of two ways:
   - A:
-    - [ ] A: System Owner creates this issue.
+    - [ ] A: System Owner creates this issue
   - B:
-    - [ ] B.1: System owner emails cloud-gov-compliance@gsa.gov and cloud-gov-operations@gsa.gov with their authorization.
+    - [ ] B.1: System owner emails cloud-gov-compliance@gsa.gov and cloud-gov-operations@gsa.gov with their authorization
     - [ ] B.2: An operator adds a link to the Google Group conversation that includes the authorizing email.
+      - (link here)
 - **Please only use first names.**
 
 ---
 
 In order to get `New Person` productively contributing to the cloud.gov team, `Buddy` should help `New Person` complete a prescribed set of tasks that will bring them up to speed and get them setup with cloud.gov.
 
+## Role-Specific Onboarding
+
+This onboarding ticket must be completed by all new cloud.gov team members. It must be paired with a role-specific onboarding ticket. Your onboarding buddy will create both. Paste a link to that ticket here for reference:
+
 ## Instructions
 
+Your onboarding buddy should reach out and introduce themselves to you. If you have not heard from them after a day or two, please let the team know.
+
 1. Try to go through the checklists in order.
-2. If `Buddy` can’t complete any of the items on their checklist personally, _they are responsible for ensuring that someone with the correct access completes that item_.
+1. Make sure this issue is assigned you and your buddy in our [Github Project Planning Board](https://github.com/orgs/cloud-gov/projects/27/views/1). We use this board to organize, prioritize, and track our work.
+1. If `Buddy` cannot complete any of the items on their checklist personally, _they are responsible for ensuring that someone with the correct access completes that item_.
+1. Take notes on this onboarding process. If you notice a problem, let your buddy know by leaving a comment on this issue, or submit a fix yourself! You can propose a change to any documentation in GitHub using a pull request. The onboarding issue templates, including for this issue, are [here](https://github.com/cloud-gov/product/blob/main/.github/ISSUE_TEMPLATE).
 
-## Onboarding Checklist
+## Pre-requisites
 
-### Required items for all team members
+- [ ] Complete [GSA OLU](https://gsaolu.gsa.gov/) IT Security & Privacy Awareness Training, which includes accepting the GSA IT Rules of Behavior. This is required before we can give you access to any cloud.gov systems. If you joined GSA more than two months ago, you've already completed this task and can check the box.
 
-These items help us fulfill security and compliance requirements (including for FedRAMP). If you get stuck, or if these requirements are confusing, ask for help from your buddy or in a cloud.gov channel.
+## Fulfill security and compliance requirements - Completed by onboarding buddy
 
-- [ ] Take judicious notes on what about this onboarding process or cloud.gov is confusing or frustrating. If you notice a problem (especially with things like documentation), you are more than welcome to fix it! At the very least, please share this information with your onboarding buddy (or someone) at some point so we can make the team/platform better. (You can also file issues and pull requests on [the template Onboarding checklist](https://github.com/cloud-gov/product/blob/main/.github/ISSUE_TEMPLATE/onboard-team-member.md).
-- [ ] Be sure to introduce yourself and follow up with your onboarding buddy (they should have reached out to you at this point; if they haven't, please let the team know) and make sure this issue is assigned to them in our [Github Project Planning Board](https://github.com/orgs/cloud-gov/projects/2). We use this board to organize, prioritize, and track our work.
+- [ ] Make sure they're in the [Team Roster](https://docs.google.com/spreadsheets/d/187663k5MYJBNlKExLu_nhuovcZQfIbqYCu2n4noNY1o/edit#gid=0).
+- [ ] Add their name, whether they're Cloud Operations, and the date they joined the team to the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0).
+  - All engineers who are federal employees or staff contractors are part of Cloud Operations. Project contractors are not.
+  - Copy the formulas for the due dates from an existing row (grab the "corner" of the cells and pull down).
+  - As they complete training, fill out their completion dates in the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0).
+- [ ] Add them to the @cloud-gov-team [in Slack’s Team Directory](https://get.slack.help/hc/en-us/articles/212906697-User-Groups#edit-a-user-group).
+- [ ] Add them on GitHub to the [`cloud-gov-team`](https://github.com/orgs/cloud-gov/teams/cloud-gov-team) team, which will automatically invite them to our [`cloud-gov`](https://github.com/orgs/cloud-gov/people) organization.
 
-#### Pre-requisites
+## Complete cloud.gov trainings
 
-- [ ] Complete [GSA OLU](https://gsaolu.gsa.gov/) GSA Mandatory Cyber Security and Privacy Training, including accepting the GSA IT Rules of Behavior, which is required before we can give you access to any cloud.gov systems. If you joined GSA more than two months ago, you've already completed this task and can just check the box.
+Onboarding buddy: Contact the compliance team in [#cg-compliance](https://gsa.enterprise.slack.com/archives/C0A1Z7L2U) to schedule training(s).
 
-#### Fulfill security and compliance requirements (including for FedRAMP) - Completed by onboarding buddy
+- [ ] Coordinate with your onboarding buddy to schedule [nonpublic information training](https://docs.google.com/presentation/d/1uB4MlGCu8ZYUxjKVZKwicQ95MvLxaT4Mh93y6w79GPw/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following documents, which you should also review before or after training:
+  - [ ] Read our [sharing secret keys](https://cloud.gov/docs/ops/secrets/#sharing-secret-keys) policy.
+  - [ ] Review the [TTS requirements for password management](https://handbook.tts.gsa.gov/general-information-and-resources/tech-policies/password-requirements/).
+
+## Getting to know cloud.gov
+
+These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you should take the time to go through them, please do not try and tackle it all in one shot! It can become overwhelming very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work.
 
-- [ ] Make sure they're in [the list of people working on the project](https://docs.google.com/spreadsheets/d/187663k5MYJBNlKExLu_nhuovcZQfIbqYCu2n4noNY1o/edit#gid=0).
-- [ ] Add their name, whether they're Cloud Ops (Platform), and the date they joined the team to the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0). Copy the formulas for the due dates from an existing row (grab the "corner" of the cells and pull down).
-- [ ] As they complete training, fill out their completion dates in the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0).
-- [ ] Add them to the @cloud-gov-team [in Slack’s Team Directory](https://get.slack.help/hc/en-us/articles/212906697-User-Groups#edit-a-user-group).
-- [ ] Review the recurring cloud.gov meetings that are relevant for them in [the team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&amp;ctz=America/Los_Angeles) (they will get access to this when added to the cloud.gov Team Google Group).
-- [ ] Add them to the [`cloud-gov`](https://github.com/orgs/cloud-gov/people) organization in GitHub, and the [`cloud-gov-team`](https://github.com/orgs/cloud-gov/teams/cloud-gov-team) team.
-
-#### Learn our policies and procedures
-
-For the three trainings list at the top, your onboarding buddy will create a separate ticket to track the trainings once scheduling has been finished.  This will help consolidate trainings for multiple new members to the team and prevent them from blocking progress on this onboarding ticket.  Once the trainings are scheduled, they can be marked as complete here.
-
-* [ ] Coordinate with your onboarding buddy to go through Contingency Planning training within 60 days (and annually after that). This will cover the following document, which you should also review before or after training:
-  * [ ] Read the [Contingency Plan](https://cloud.gov/docs/ops/contingency-plan/).
-* [ ] Coordinate with your onboarding buddy to go through [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training:
-  * [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/).
-* [ ] Coordinate with your onboarding buddy to go through [nonpublic information training](https://docs.google.com/presentation/d/1uB4MlGCu8ZYUxjKVZKwicQ95MvLxaT4Mh93y6w79GPw/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following documents, which you should also review before or after training:
-  * [ ] Review the [cloud.gov open source policy guidance about protecting sensitive information](https://github.com/18F/open-source-policy/blob/master/practice.md#protecting-sensitive-information).
-  * [ ] Read our [sharing secret keys](https://cloud.gov/docs/ops/secrets/#sharing-secret-keys) policy.
-  * [ ] Review the [TTS requirements for password management](https://handbook.tts.gsa.gov/general-information-and-resources/tech-policies/password-requirements/).
-* [ ] Read the [Continuous Monitoring Strategy](https://cloud.gov/docs/ops/continuous-monitoring/), particularly the [cloud.gov team responsibilities](https://cloud.gov/docs/ops/continuous-monitoring/#cloud-gov-team).
-* [ ] Read the [Configuration Management Plan](https://cloud.gov/docs/ops/configuration-management/).
-* [ ] Read the [cloud.gov Security Policies and Procedures](https://github.com/cloud-gov/cg-compliance-docs). These documents explain the high-level policies and procedures we must comply with while running cloud.gov, sorted into security control "families" They explain that we follow GSA IT security policy, and they provide a summary of the procedures in our System Security Plan.
-* [ ] Review the System Security Plan (the latest version lives on [Google Drive](https://drive.google.com/drive/u/0/folders/0B6fPl5s12igNX3JwR2xFZVpmek0); look for "cloud.gov System Security Plan (SSP)" as a *.docx* file). Of particular note for onboarding: Section 9 (System Description) and Section 10 (System Environment)
-
-### Getting to know cloud.gov
-
-These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc.  While you
-should take the time to go through them, please do not try and tackle it all in one shot!  It can become overwhelming
-very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work.
-
-- [ ] Read [the team onboarding document](https://github.com/cloud-gov/product/blob/master/Onboarding.md) for more context about cloud.gov.
-- [ ] Bookmark the [pertinent links listed here](https://github.com/cloud-gov/product/blob/master/PertinentLinks.md).
 - [ ] Read through [the Overview section of our site](https://cloud.gov/docs/overview/what-is-cloudgov/) for a broader understanding of cloud.gov, especially how we present it to potential customers and users.
-- [ ] [Sign up for a cloud.gov sandbox](https://cloud.gov/sign-up/#get-trial-access-and-a-free-sandbox-space) using your GSA email address and start experimenting to get familiar with the basics of the PaaS from a user's perspective.
-  - This is also required in order to make you a platform admin once you've completed the Cybersecurity and Privacy training.
-- [ ] Read the [Delivery Process document](https://github.com/cloud-gov/product/blob/master/StoryLifecycle.md) to learn about how we work.
-- [ ] Read our [service disruption guide](https://cloud.gov/docs/ops/service-disruption-guide/) to learn how we handle customer-facing service disruptions.
-- [ ] Add the [cloud.gov Google Drive folder](https://drive.google.com/drive/folders/0Bx6EvBXVDWwheUtVckVnOE1pRzA) to your Google Drive -- that's where we put cloud.gov docs. If you create or move a doc there, it'll get the right access permissions for team members to be able to view and edit it.
-- [ ] Subscribe to [the cloud.gov team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&amp;ctz=America/Los_Angeles) (click the + in the bottom right) so you know when assorted team meetings are happening in the various squads. Tip: When you plan Out of Office time, make a calendar event for that on the cloud.gov calendar so that your teammates know you'll be away
+- [ ] Read [the team onboarding document](https://github.com/cloud-gov/product/blob/main/Onboarding.md) for more context about cloud.gov.
+- [ ] Bookmark the [pertinent links listed here](https://github.com/cloud-gov/product/blob/main/PertinentLinks.md).
 
-### Slack channels
+## Team resources
 
-Your onboarding buddy will add you to these Slack channels:
+You will automatically be added to one or more Google Drives: the [Cloud.gov All Staff Drive](https://drive.google.com/drive/folders/0ANH-Bql6mXGBUk9PVA) and, for federal employees, the [Cloud.gov Federal Employees Drive](https://drive.google.com/drive/folders/0AE_c0OLGmVIgUk9PVA). Put all documents related to cloud.gov in the appropriate shared drive so the team can access them and meet federal records requirements. Each drive contains a folder for each squad, and each squad folder contains a "wiki" that explains how the sub-folders are structured.
 
-- [ ] `#cloud-gov` - bots post announcements here
-- [ ] `#cg-billing` - private business development channel (if applicable)
+<details>
+  <summary>
+    Federal employees and staff contractors, expand this section:
+  </summary>
+
+- [ ] Subscribe to [the cloud.gov team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&amp;ctz=America/Los_Angeles) (click the + in the bottom right) so you know when assorted team meetings are happening in the various squads. Tip: When you plan Out of Office time, make a calendar event for that on the cloud.gov calendar so that your teammates know you'll be away.
+
+</details>
+
+## Slack Channels
+
+The following cloud.gov channels are public and all team members are welcome to join:
+
+- [ ] `#cg-aws-status` - bots post announcements about AWS service outages/incidents
 - [ ] `#cg-business` - business development (if applicable)
 - [ ] `#cg-compliance` - compliance-related information and discussion
+- [ ] `#cg-customer-success` - customer success squad channel
+- [ ] `#cg-general` - program-level information and discussion
 - [ ] `#cg-offtopic` - off-topic team sharing
+- [ ] `#cg-platform-news` (🗣️) - bots post platform alerts (mostly CI job notifications)
 - [ ] `#cg-platform` - platform operations
-- [ ] `#cg-platform-news` - bots post platform alerts
-- [ ] `#cg-general` - program-level information and discusion
-- [ ] `#cg-support` - support requests and assistance within TTS
-- [ ] `#cg-incidents` - private channel for incident response
-- [ ] `#cg-priv-all` - private channel for in-team discussion
-- [ ] `#cg-priv-gov` (Federal employees only) - may contain discussion of contracting-related or other private, federal-employee-only comms
+- [ ] `#cg-support` (🗣️) - support requests and assistance within TTS
+- [ ] `#cg-supportstream` (🗣️) - stream of activity on Zendesk tickets
+- [ ] `#cloud-gov` (🗣️) - bots post announcements here
+
+Channels marked with (🗣️) receive a lot of messages, either from customers or bots, and you may want to mute them.
+
+* [ ] Project contractors: Your buddy will add you to the private channel for your project.
+
+For federal employees only:
+
+- [ ] `#cg-priv-gov` - may contain discussion of contracting-related or other private, federal-employee-only comms
+
+## Google Groups and Spaces
+
+We manage calendar invites and Google Drive access using Google Groups. Some groups can also receive message from outside emails.
+
+- [ ] Project contractors: Add them to the [cloud.gov Project Contractors Google Group]() for access to the All Staff Google Drive.
+
+<details>
+  <summary>
+    Federal employees and staff contractors, expand this section:
+  </summary>
+
+Add them to the following Google Groups:
+
+- [ ] [cloud.gov Team](https://groups.google.com/a/gsa.gov/forum/?hl=en#!forum/cloud-gov) so they can participate in team-wide internal communication.
+
+And the following Google Space:
+
+- [ ] [CG-PRIV](https://mail.google.com/mail/u/0/#chat/space/AAAAr60JXAc), a fallback team communication channel in the event Slack is down.
+
+Lastly, for federal employees only:
+
+- [ ] [cloud.gov Federal Employees](https://groups.google.com/a/gsa.gov/g/cloud-gov-federal-employees/members)
 
-Once you're added to these channels, you probably want to mute these channels until you're on support rotation:
+</details>
 
-- [ ] `#cg-support` - support requests and assistance within TTS
-- [ ] `#cg-platform-news` - platform alerts

From 8af11ce8490ba05e60e0a76013a3c1b2bb293a53 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Thu, 25 Jan 2024 10:23:30 -0500
Subject: [PATCH 03/20] Put team-comms-related items earlier and gate Cloud Ops
 admin accounts

---
 .github/ISSUE_TEMPLATE/onboard-engineer.md | 78 ++++++++++++----------
 1 file changed, 43 insertions(+), 35 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index 618f7e9..580eedd 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -37,7 +37,33 @@ Engineers who are federal employees and staff contractors have a Contingency Pla
 
 </details>
 
-### Learn our policies and procedures
+## Slack channels
+
+Project contractors: Your buddy will add you to the private channel for your project.
+
+<details>
+  <summary>
+    Federal employees and staff contractors, expand this section:
+  </summary>
+
+Your onboarding buddy will add you to these Slack channels:
+
+- [ ] `#cg-aws-security` - private channel where bots post security notices
+- [ ] `#cg-billing` - private business development channel (if applicable)
+- [ ] `#cg-incidents` - private channel for incident response
+- [ ] `#cg-ops-banter` - private channel for operations/engineering banter
+- [ ] `#cg-priv-all` - private channel for in-team discussion
+- [ ] `#cg-priv-compliance` - private channel for security and compliance discussions
+
+Lastly, for federal employees only:
+
+</details>
+
+## Google Groups and Spaces
+
+- [ ] Business Unit Only - Add them to the [cloud.gov inquiries Google Group](https://groups.google.com/a/gsa.gov/forum/#!forum/cloud-gov-inquiries) so they can keep apprised of prospective new clients.
+
+## Learn our policies and procedures
 
 In addition to the topics in [the trainings section](#complete-cloudgov-trainings), review the following documents:
 
@@ -48,7 +74,7 @@ In addition to the topics in [the trainings section](#complete-cloudgov-training
 - [ ] Review the System Security Plan (the latest version lives on [Google Drive](https://drive.google.com/drive/u/0/folders/0B6fPl5s12igNX3JwR2xFZVpmek0); look for "cloud.gov System Security Plan (SSP)" as a _.docx_ file). Of particular note for onboarding: Section 9 (System Description) and Section 10 (System Environment)
 - [ ] Review the team's [Engineering Practices](https://github.com/cloud-gov/internal-docs/tree/main/docs/resources/Engineering-Practices). Some of these are mandatory because they fulfill FedRAMP requirements.
 
-### Getting to know cloud.gov
+## Getting to know cloud.gov
 
 Resources on cloud.gov:
 
@@ -68,35 +94,13 @@ Getting hands-on with cloud.gov:
 - [ ] [Sign up for a cloud.gov sandbox](https://cloud.gov/sign-up/#get-trial-access-and-a-free-sandbox-space) using your GSA email address and start experimenting to get familiar with the basics of the PaaS from a user's perspective.
   - This is also required in order to make you a platform admin once you've completed the Cybersecurity and Privacy training.
 
-### Slack channels
-
-Project contractors: Your buddy will add you to the private channel for your project.
-
-<details>
-  <summary>
-    Federal employees and staff contractors, expand this section:
-  </summary>
-
-Your onboarding buddy will add you to these Slack channels:
-
-- [ ] `#cg-aws-security` - private channel where bots post security notices
-- [ ] `#cg-billing` - private business development channel (if applicable)
-- [ ] `#cg-incidents` - private channel for incident response
-- [ ] `#cg-ops-banter` - private channel for operations/engineering banter
-- [ ] `#cg-priv-all` - private channel for in-team discussion
-- [ ] `#cg-priv-compliance` - private channel for security and compliance discussions
-
-Lastly, for federal employees only:
-
-</details>
-
 ## Engineering-specific items
 
 ### Machine admin rights
 
-In order to install development tools on your Mac, you will need to request local admin rights by [submitting a ServiceDesk ticket](https://docs.google.com/document/d/1xepZsh83lxPDykrb1NXoeHxj8m78qsdW-9KqzO_CHOQ/edit) using [this justification](https://docs.google.com/document/d/1YGid3pTji5W_M9RuF1GDf614BVkLIRDmSrt1tDbej-o/edit). If you're unable to create a ticket for yourself, your onboarding buddy can create one for you.
+* [ ] In order to install development tools on your Mac, you will need to request local admin rights by [submitting a ServiceDesk ticket](https://docs.google.com/document/d/1xepZsh83lxPDykrb1NXoeHxj8m78qsdW-9KqzO_CHOQ/edit) using [this justification](https://docs.google.com/document/d/1YGid3pTji5W_M9RuF1GDf614BVkLIRDmSrt1tDbej-o/edit). If you're unable to create a ticket for yourself, your onboarding buddy can create one for you.
 
-### Cloud Operations account management
+### Engineering account management
 
 Before starting this section, you must complete:
 
@@ -108,8 +112,16 @@ AWS user names should be identical across accounts so that permissions can be co
 - [ ] Create [AWS Accounts](https://cloud.gov/docs/ops/aws-onboarding/) by following [these instructions](https://github.com/cloud-gov/aws-admin/blob/main/docs/user_mgmt.md). These accounts should be setup as read-only at the start, and once the 3 mandatory cloud.gov trainings are complete they will be switched to full admin accounts and added to the [audit input file](https://github.com/cloud-gov/cg-compliance/blob/master/audit/inputs.yml):
   - [ ] AWS Commercial accounts
   - [ ] AWS GovCloud accounts
-  - [ ] Ensure new person has 60-day Google Calendar reminder to reset passwords 
+  - [ ] Ensure new person has 60-day Google Calendar reminder to reset passwords
 - [ ] Add them to Nessus Manager via the GUI
+
+<details>
+  <summary>
+    Federal employees and staff contractors, expand this section:
+  </summary>
+
+You are a member of the Cloud Operations team, which means you have additional administrative permissions:
+
 - [ ] [Make them an admin](https://cloud.gov/docs/ops/managing-users/#managing-admins) of the platform.
 - [ ] Add them to the [`platform-ops`](https://github.com/orgs/cloud-gov/teams/platform-ops) team in GitHub.
 - [ ] Add them as an admin on the cg-django-uaa [docs](https://readthedocs.org/projects/cg-django-uaa/)
@@ -117,11 +129,7 @@ AWS user names should be identical across accounts so that permissions can be co
 - [ ] Add them as an `agent` to the cloud.gov support Zendesk (Ask a cloud.gov member with admin access to Zendesk to add them).
 - [ ] Add them as Technical users to [Ubuntu Advantage](https://ubuntu.com/pro/users) (Admin users for leads and supervisors) 
 
-Your onboarding buddy will create a separate ticket tied to this one to track the AWS accounts being granted full admin access.
-
-## Google Groups and Spaces
-
-- [ ] Business Unit Only - Add them to the [cloud.gov inquiries Google Group](https://groups.google.com/a/gsa.gov/forum/#!forum/cloud-gov-inquiries) so they can keep apprised of prospective new clients.
+</details>
 
 ### Additional compliance setup/review
 
@@ -134,14 +142,14 @@ Your onboarding buddy will create a separate ticket tied to this one to track th
 > **Note:** Make sure you have followed the instructions in [Machine admin rights](#machine-admin-rights) at the top of this section to get local admin rights on your machine before moving forward
 
 - [ ] Install [Homebrew (`brew`)](https://brew.sh/)
-- [ ] Install [CloudFoundry for mac per their docs](https://docs.cloudfoundry.org/cf-cli/install-go-cli.html#pkg-mac):
+- [ ] Install [CloudFoundry for Mac per their docs](https://docs.cloudfoundry.org/cf-cli/install-go-cli.html#pkg-mac):
   - `brew tap cloudfoundry/tap`
   - `brew install cf-cli@8`
   - `brew install openssl`
-- [ ] Verify CloudFoundry Installation via the CLI (once an existing cloud.gov teammate has [made your cloud.gov admin account](https://cloud.gov/docs/ops/managing-users/#creating-admins))
+- [ ] Verify CloudFoundry installation via the CLI (once an existing cloud.gov teammate has [made your cloud.gov admin account](https://cloud.gov/docs/ops/managing-users/#creating-admins))
   - `cf login -a api.fr.cloud.gov --sso`
   - `cf orgs`
-    - As a cloud.gov team member, you should have a very giant list of organizations
+    - As a cloud.gov team member, you should have a long list of organizations
     - If you have none or one (e.g. sandbox) org, please reach out to your onboarding buddy
 - [ ] Install the [Bosh CLI using their instructions for MacOS](https://bosh.io/docs/cli-v2-install/#using-homebrew-on-macos)
   - `brew install cloudfoundry/tap/bosh-cli`

From 30d41905070ee6245494b17d0cd1e54fefb879e6 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Thu, 25 Jan 2024 10:27:25 -0500
Subject: [PATCH 04/20] Clarify two-issue system in description, since it shows
 in GitHub UI

---
 .github/ISSUE_TEMPLATE/onboard-engineer.md    | 2 +-
 .github/ISSUE_TEMPLATE/onboard-team-member.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index 580eedd..cdbff7f 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -1,7 +1,7 @@
 ---
 name: Onboard New cloud.gov Engineer
 title: Checklist for Onboarding a New Engineer
-about: This is the checklist and requirements for onboarding a new Engineer to the cloud.gov team
+about: Onboarding checklist for engineers. Pairs with a general onboarding checklist.
 labels: ''
 assignees: ''
 
diff --git a/.github/ISSUE_TEMPLATE/onboard-team-member.md b/.github/ISSUE_TEMPLATE/onboard-team-member.md
index 2d97c3e..371d27d 100644
--- a/.github/ISSUE_TEMPLATE/onboard-team-member.md
+++ b/.github/ISSUE_TEMPLATE/onboard-team-member.md
@@ -1,7 +1,7 @@
 ---
 name: Onboard New cloud.gov Team Member
 title: Checklist for Onboarding a New Team Member
-about: Onboarding checklist that applies to all team members. Paired with a role-specific checklist.
+about: Onboarding checklist that applies to all team members. Pairs with a role-specific checklist.
 labels: ''
 assignees: ''
 

From 983dfe12774ae6cfe252a9d167499d8985123b00 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Fri, 26 Jan 2024 13:41:18 -0500
Subject: [PATCH 05/20] Remove common elements from support onboarding template

---
 .github/ISSUE_TEMPLATE/onboard-support.md | 105 ++++++----------------
 1 file changed, 27 insertions(+), 78 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-support.md b/.github/ISSUE_TEMPLATE/onboard-support.md
index 0d96088..6b41859 100644
--- a/.github/ISSUE_TEMPLATE/onboard-support.md
+++ b/.github/ISSUE_TEMPLATE/onboard-support.md
@@ -2,121 +2,70 @@
 name: Onboard New cloud.gov Support Team Member
 title: Checklist for Onboarding a cloud.gov Support Team Member
 about: This is the checklist and requirements for onboarding a new support team member to the cloud.gov team
-labels: ''
-assignees: ''
-
+labels: ""
+assignees: ""
 ---
 
 # New Support Team Member Onboarding Checklist
 
 ## Special Notes
 
-- **Do not create this issue until the System Owner has formally authorized and requested it.**. You can get that OK by one of two ways:
-  - A:
-    - [ ] A: System Owner creates this issue
-  - B:
-    - [ ] B.1: System owner emails cloud-gov-compliance@gsa.gov and cloud-gov-operations@gsa.gov with their authorization
-    - [ ] B.2: An operator adds a link to the Google Group conversation that includes the authorizing email.
-- **Please only use first names.**
+- [ ] Paste a link to the general onboarding ticket, which includes the onboarding authorization, here:
 
 ---
 
-In order to get `New Person` productively contributing to the cloud.gov team, `Buddy` should help `New Person` complete a prescribed set of tasks that will bring them up to speed and get them setup with cloud.gov.
-
-## Instructions
-
-1. Try to go through the checklists in order.
-2. If `Buddy` can’t complete any of the items on their checklist personally, _they are responsible for ensuring that someone with the correct access completes that item_.
-
-## Onboarding Checklist
-
-### Required items for all team members
+## Complete additional cloud.gov trainings
 
-These items help us fulfill security and compliance requirements (including for FedRAMP). If you get stuck, or if these requirements are confusing, ask for help from your buddy or in a cloud.gov channel.
+<details>
+  <summary>
+    Federal employees and staff contractors, expand this section. Not applicable to project contractors.
+  </summary>
 
-- [ ] Take judicious notes on what about this onboarding process or cloud.gov is confusing or frustrating. If you notice a problem (especially with things like documentation), you are more than welcome to fix it! At the very least, please share this information with your onboarding buddy (or someone) at some point so we can make the team/platform better. (You can also file issues and pull requests on [the template Onboarding checklist](https://github.com/cloud-gov/product/blob/main/.github/ISSUE_TEMPLATE/onboard-support.md).
-- [ ] Be sure to introduce yourself and follow up with your onboarding buddy (they should have reached out to you at this point; if they haven't, please let the team know) and make sure this issue is assigned to them in our [Github Project Planning Board](https://github.com/orgs/cloud-gov/projects/2). We use this board to organize, prioritize, and track our work.
+Engineers who are federal employees or staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following:
 
-#### Pre-requisites
+- [ ] Coordinate with your onboarding buddy to schedule Contingency Planning training within 60 days. (and annually after that). This will cover the following document, which you should also review before or after training:
+  - [ ] Read the [Contingency Plan](https://docs.cloud.gov/ops/contingency-plan/).
+- [ ] Coordinate with your onboarding buddy to schedule [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training:
+  - [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/).
 
-- [ ] Complete [GSA OLU](https://gsaolu.gsa.gov/) GSA Mandatory Cyber Security and Privacy Training, including accepting the GSA IT Rules of Behavior, which is required before we can give you access to any cloud.gov systems. If you joined GSA more than two months ago, you've already completed this task and can just check the box.
-
-#### Fulfill security and compliance requirements (including for FedRAMP) - Completed by onboarding buddy
-
-- [ ] Make sure they're in [the list of people working on the project](https://docs.google.com/spreadsheets/d/187663k5MYJBNlKExLu_nhuovcZQfIbqYCu2n4noNY1o/edit#gid=0).
-- [ ] Add their name, whether they're Cloud Ops (Platform), and the date they joined the team to the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0). Copy the formulas for the due dates from an existing row (grab the "corner" of the cells and pull down).
-- [ ] As they complete training, fill out their completion dates in the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0).
-- [ ] Add them to the @cloud-gov-team [in Slack’s Team Directory](https://get.slack.help/hc/en-us/articles/212906697-User-Groups#edit-a-user-group).
-- [ ] Review the recurring cloud.gov meetings that are relevant for them in [the team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&amp;ctz=America/Los_Angeles) (they will get access to this when added to the cloud.gov Team Google Group).
-- [ ] Add them to the [`cloud-gov`](https://github.com/orgs/cloud-gov/people) organization in GitHub, and the [`cloud-gov-team`](https://github.com/orgs/cloud-gov/teams/cloud-gov-team) team.
+</details>
 
 #### Learn our policies and procedures
 
-For the three trainings list at the top, your onboarding buddy will create a separate ticket to track the trainings once scheduling has been finished.  This will help consolidate trainings for multiple new members to the team and prevent them from blocking progress on this onboarding ticket.  Once the trainings are scheduled, they can be marked as complete here.
-
-* [ ] Coordinate with your onboarding buddy to go through Contingency Planning training within 60 days (and annually after that). This will cover the following document, which you should also review before or after training:
-  * [ ] Read the [Contingency Plan](https://docs.cloud.gov/ops/contingency-plan/).
-* [ ] Coordinate with your onboarding buddy to go through [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training:
-  * [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/).
-* [ ] Coordinate with your onboarding buddy to go through [nonpublic information training](https://docs.google.com/presentation/d/1uB4MlGCu8ZYUxjKVZKwicQ95MvLxaT4Mh93y6w79GPw/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following documents, which you should also review before or after training:
-  * [ ] Review the [cloud.gov open source policy guidance about protecting sensitive information](https://github.com/18F/open-source-policy/blob/master/practice.md#protecting-sensitive-information).
-  * [ ] Read our [sharing secret keys](https://cloud.gov/docs/ops/secrets/#sharing-secret-keys) policy.
-  * [ ] Review the [TTS requirements for password management](https://handbook.tts.gsa.gov/general-information-and-resources/tech-policies/password-requirements/).
-* [ ] Read the [Continuous Monitoring Strategy](https://cloud.gov/docs/ops/continuous-monitoring/), particularly the [cloud.gov team responsibilities](https://cloud.gov/docs/ops/continuous-monitoring/#cloud-gov-team).
-* [ ] Read the [Configuration Management Plan](https://cloud.gov/docs/ops/configuration-management/).
-* [ ] Read the [cloud.gov Security Policies and Procedures](https://github.com/cloud-gov/cg-compliance-docs). These documents explain the high-level policies and procedures we must comply with while running cloud.gov, sorted into security control "families" They explain that we follow GSA IT security policy, and they provide a summary of the procedures in our System Security Plan.
-* [ ] Review the System Security Plan (the latest version lives on [Google Drive](https://drive.google.com/drive/u/0/folders/0B6fPl5s12igNX3JwR2xFZVpmek0); look for "cloud.gov System Security Plan (SSP)" as a *.docx* file). Of particular note for onboarding: Section 9 (System Description) and Section 10 (System Environment)
+- [ ] Review the [cloud.gov open source policy guidance about protecting sensitive information](https://github.com/18F/open-source-policy/blob/master/practice.md#protecting-sensitive-information).
+- [ ] Read the [Continuous Monitoring Strategy](https://cloud.gov/docs/ops/continuous-monitoring/), particularly the [cloud.gov team responsibilities](https://cloud.gov/docs/ops/continuous-monitoring/#cloud-gov-team).
+- [ ] Read the [Configuration Management Plan](https://cloud.gov/docs/ops/configuration-management/).
+- [ ] Read the [cloud.gov Security Policies and Procedures](https://github.com/cloud-gov/cg-compliance-docs). These documents explain the high-level policies and procedures we must comply with while running cloud.gov, sorted into security control "families" They explain that we follow GSA IT security policy, and they provide a summary of the procedures in our System Security Plan.
+- [ ] Review the System Security Plan (the latest version lives on [Google Drive](https://drive.google.com/drive/u/0/folders/0B6fPl5s12igNX3JwR2xFZVpmek0); look for "cloud.gov System Security Plan (SSP)" as a _.docx_ file). Of particular note for onboarding: Section 9 (System Description) and Section 10 (System Environment)
 
 ### Getting to know cloud.gov
 
-These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc.  While you
-should take the time to go through them, please do not try and tackle it all in one shot!  It can become overwhelming
+These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you
+should take the time to go through them, please do not try and tackle it all in one shot! It can become overwhelming
 very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work.
 
-- [ ] Read [the team onboarding document](https://github.com/cloud-gov/product/blob/master/Onboarding.md) for more context about cloud.gov.
-- [ ] Bookmark the [pertinent links listed here](https://github.com/cloud-gov/product/blob/master/PertinentLinks.md).
-- [ ] Read through [the Overview section of our site](https://cloud.gov/docs/overview/what-is-cloudgov/) for a broader understanding of cloud.gov, especially how we present it to potential customers and users.
 - [ ] [Sign up for a cloud.gov sandbox](https://cloud.gov/sign-up/#get-trial-access-and-a-free-sandbox-space) using your GSA email address and start experimenting to get familiar with the basics of the PaaS from a user's perspective.
-  - This is also required in order to make you a platform admin once you've completed the Cybersecurity and Privacy training.
-- [ ] Read the [Delivery Process document](https://github.com/cloud-gov/product/blob/master/StoryLifecycle.md) to learn about how we work.
 - [ ] Read our [service disruption guide](https://cloud.gov/docs/ops/service-disruption-guide/) to learn how we handle customer-facing service disruptions.
-- [ ] Add the [cloud.gov Google Drive folder](https://drive.google.com/drive/folders/0Bx6EvBXVDWwheUtVckVnOE1pRzA) to your Google Drive -- that's where we put cloud.gov docs. If you create or move a doc there, it'll get the right access permissions for team members to be able to view and edit it.
-- [ ] Subscribe to [the cloud.gov team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&amp;ctz=America/Los_Angeles) (click the + in the bottom right) so you know when assorted team meetings are happening in the various squads. Tip: When you plan Out of Office time, make a calendar event for that on the cloud.gov calendar so that your teammates know you'll be away
 
 ### Slack channels
 
 Your onboarding buddy will add you to these Slack channels:
 
-- [ ] `#cloud-gov` - bots post announcements here
-- [ ] `#cg-billing` - private business development channel (if applicable)
-- [ ] `#cg-business` - business development (if applicable)
-- [ ] `#cg-compliance` - compliance-related information and discussion
-- [ ] `#cg-offtopic` - off-topic team sharing
-- [ ] `#cg-platform` - platform operations
-- [ ] `#cg-platform-news` - bots post platform alerts
-- [ ] `#cg-general` - program-level information and discusion
-- [ ] `#cg-support` - support requests and assistance within TTS
 - [ ] `#cg-incidents` - private channel for incident response
+- [ ] `#cg-ops-banter` - private channel for operations/engineering banter
 - [ ] `#cg-priv-all` - private channel for in-team discussion
-- [ ] `#cg-priv-gov` (Federal employees only) - may contain discussion of contracting-related or other private, federal-employee-only comms
 
-Once you're added to these channels, you probably want to mute these channels until you're on support rotation:
-
-- [ ] `#cg-support` - support requests and assistance within TTS
-- [ ] `#cg-platform-news` - platform alerts
+You will want to keep `#cg-support` unmuted so you are aware of requests from TTS-internal customers of cloud.gov.
 
 ## Support-specific items
 
-You should already have admin rights on your machine as a part of its original setup.  If for whatever reason you don't,
-Please let your onboarding buddy know and they will help you request [local admin rights](https://docs.google.com/document/d/1xepZsh83lxPDykrb1NXoeHxj8m78qsdW-9KqzO_CHOQ/edit) on your GFE Mac using [this justification](https://docs.google.com/document/d/1YGid3pTji5W_M9RuF1GDf614BVkLIRDmSrt1tDbej-o/edit).
-
-Your onboarding buddy will create a separate ticket tied to this one to track the AWS accounts being granted full admin access.
+- [ ] In order to install development tools on your Mac, you will need to request local admin rights by [submitting a ServiceDesk ticket](https://docs.google.com/document/d/1xepZsh83lxPDykrb1NXoeHxj8m78qsdW-9KqzO_CHOQ/edit) using [this justification](https://docs.google.com/document/d/1YGid3pTji5W_M9RuF1GDf614BVkLIRDmSrt1tDbej-o/edit). If you're unable to create a ticket for yourself, your onboarding buddy can create one for you.
 
 ### Additional compliance setup/review
 
-* [ ] Install `caulking` git leak prevention by following the [README](https://github.com/cloud-gov/caulking/blob/master/README.md)
-* [ ] Verify `caulking` by running `make audit` and pasting a screenshot as a comment on this GitHub issue
-* [ ] Set GPG signing set up for GitHub (instructions [here](https://docs.google.com/document/d/11UDxvfkhncyLEs-NUCniw2u54j4uQBqsR2SBiLYPUZc/edit))
+- [ ] Install `caulking` git leak prevention by following the [README](https://github.com/cloud-gov/caulking/blob/master/README.md)
+- [ ] Verify `caulking` by running `make audit` and pasting a screenshot as a comment on this GitHub issue
+- [ ] Set GPG signing set up for GitHub (instructions [here](https://docs.google.com/document/d/11UDxvfkhncyLEs-NUCniw2u54j4uQBqsR2SBiLYPUZc/edit))
 
 ### Install a development environment for cloud.gov
 

From 12b20f0e2ecbf69842d727c22ae1528648800117 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Fri, 26 Jan 2024 13:41:54 -0500
Subject: [PATCH 06/20] Format with Prettier and improve cross-linking

---
 .github/ISSUE_TEMPLATE/onboard-engineer.md    | 25 +++++++------------
 .github/ISSUE_TEMPLATE/onboard-team-member.md | 12 ++++-----
 2 files changed, 14 insertions(+), 23 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index cdbff7f..76f4525 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -2,22 +2,15 @@
 name: Onboard New cloud.gov Engineer
 title: Checklist for Onboarding a New Engineer
 about: Onboarding checklist for engineers. Pairs with a general onboarding checklist.
-labels: ''
-assignees: ''
-
+labels: ""
+assignees: ""
 ---
 
 # New Engineer Onboarding Checklist
 
 ## Special Notes
 
-- **Do not create this issue until the System Owner has formally authorized and requested it.**. You can get that OK by one of two ways:
-  - A:
-    - [ ] A: System Owner creates this issue
-  - B:
-    - [ ] B.1: System owner emails cloud-gov-compliance@gsa.gov and cloud-gov-operations@gsa.gov with their authorization
-    - [ ] B.2: An operator adds a link to the Google Group conversation that includes the authorizing email.
-- **Please only use first names.**
+- [ ] Paste a link to the general onboarding ticket, which includes the onboarding authorization, here:
 
 ---
 
@@ -28,7 +21,7 @@ assignees: ''
     Federal employees and staff contractors, expand this section. Not applicable to project contractors.
   </summary>
 
-Engineers who are federal employees and staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following:
+Engineers who are federal employees or staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following:
 
 - [ ] Coordinate with your onboarding buddy to schedule Contingency Planning training within 60 days. (and annually after that). This will cover the following document, which you should also review before or after training:
   - [ ] Read the [Contingency Plan](https://docs.cloud.gov/ops/contingency-plan/).
@@ -98,7 +91,7 @@ Getting hands-on with cloud.gov:
 
 ### Machine admin rights
 
-* [ ] In order to install development tools on your Mac, you will need to request local admin rights by [submitting a ServiceDesk ticket](https://docs.google.com/document/d/1xepZsh83lxPDykrb1NXoeHxj8m78qsdW-9KqzO_CHOQ/edit) using [this justification](https://docs.google.com/document/d/1YGid3pTji5W_M9RuF1GDf614BVkLIRDmSrt1tDbej-o/edit). If you're unable to create a ticket for yourself, your onboarding buddy can create one for you.
+- [ ] In order to install development tools on your Mac, you will need to request local admin rights by [submitting a ServiceDesk ticket](https://docs.google.com/document/d/1xepZsh83lxPDykrb1NXoeHxj8m78qsdW-9KqzO_CHOQ/edit) using [this justification](https://docs.google.com/document/d/1YGid3pTji5W_M9RuF1GDf614BVkLIRDmSrt1tDbej-o/edit). If you're unable to create a ticket for yourself, your onboarding buddy can create one for you.
 
 ### Engineering account management
 
@@ -127,7 +120,7 @@ You are a member of the Cloud Operations team, which means you have additional a
 - [ ] Add them as an admin on the cg-django-uaa [docs](https://readthedocs.org/projects/cg-django-uaa/)
 - [ ] Add them to [our dockerhub org](https://hub.docker.com/orgs/cloudgov) and ensure we're not over our license count
 - [ ] Add them as an `agent` to the cloud.gov support Zendesk (Ask a cloud.gov member with admin access to Zendesk to add them).
-- [ ] Add them as Technical users to [Ubuntu Advantage](https://ubuntu.com/pro/users) (Admin users for leads and supervisors) 
+- [ ] Add them as Technical users to [Ubuntu Advantage](https://ubuntu.com/pro/users) (Admin users for leads and supervisors)
 
 </details>
 
@@ -177,9 +170,9 @@ Project contractors: Check in with your project lead about first tasks.
 
 The engineering team currently contains the following squads, each with their own projects:
 
-* Assurance, which focuses on security and compliance
-* Platform, which maintains and improves cloud.gov, focusing on internals like our AWS architecture and Cloud Foundry
-* Customer Success, which focuses on customer-facing features like service brokers and observability tools
+- Assurance, which focuses on security and compliance
+- Platform, which maintains and improves cloud.gov, focusing on internals like our AWS architecture and Cloud Foundry
+- Customer Success, which focuses on customer-facing features like service brokers and observability tools
 
 If you are not already assigned to a particular squad, work with your onboarding buddy to join squad standups and learn what each squad is working on.
 
diff --git a/.github/ISSUE_TEMPLATE/onboard-team-member.md b/.github/ISSUE_TEMPLATE/onboard-team-member.md
index 371d27d..435893b 100644
--- a/.github/ISSUE_TEMPLATE/onboard-team-member.md
+++ b/.github/ISSUE_TEMPLATE/onboard-team-member.md
@@ -2,9 +2,8 @@
 name: Onboard New cloud.gov Team Member
 title: Checklist for Onboarding a New Team Member
 about: Onboarding checklist that applies to all team members. Pairs with a role-specific checklist.
-labels: ''
-assignees: ''
-
+labels: ""
+assignees: ""
 ---
 
 # New Team Member Onboarding Checklist
@@ -26,7 +25,7 @@ In order to get `New Person` productively contributing to the cloud.gov team, `B
 
 ## Role-Specific Onboarding
 
-This onboarding ticket must be completed by all new cloud.gov team members. It must be paired with a role-specific onboarding ticket. Your onboarding buddy will create both. Paste a link to that ticket here for reference:
+This onboarding ticket must be completed by all new cloud.gov team members. It must be paired with a role-specific onboarding ticket. Your onboarding buddy will create both.
 
 ## Instructions
 
@@ -76,7 +75,7 @@ You will automatically be added to one or more Google Drives: the [Cloud.gov All
     Federal employees and staff contractors, expand this section:
   </summary>
 
-- [ ] Subscribe to [the cloud.gov team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&amp;ctz=America/Los_Angeles) (click the + in the bottom right) so you know when assorted team meetings are happening in the various squads. Tip: When you plan Out of Office time, make a calendar event for that on the cloud.gov calendar so that your teammates know you'll be away.
+- [ ] Subscribe to [the cloud.gov team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&ctz=America/Los_Angeles) (click the + in the bottom right) so you know when assorted team meetings are happening in the various squads. Tip: When you plan Out of Office time, make a calendar event for that on the cloud.gov calendar so that your teammates know you'll be away.
 
 </details>
 
@@ -98,7 +97,7 @@ The following cloud.gov channels are public and all team members are welcome to
 
 Channels marked with (🗣️) receive a lot of messages, either from customers or bots, and you may want to mute them.
 
-* [ ] Project contractors: Your buddy will add you to the private channel for your project.
+- [ ] Project contractors: Your buddy will add you to the private channel for your project.
 
 For federal employees only:
 
@@ -128,4 +127,3 @@ Lastly, for federal employees only:
 - [ ] [cloud.gov Federal Employees](https://groups.google.com/a/gsa.gov/g/cloud-gov-federal-employees/members)
 
 </details>
-

From 61fa275994f3a371643cd8c60911de39537659ac Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Fri, 26 Jan 2024 13:45:02 -0500
Subject: [PATCH 07/20] Fix heading levels

---
 .github/ISSUE_TEMPLATE/onboard-support.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-support.md b/.github/ISSUE_TEMPLATE/onboard-support.md
index 6b41859..e32e875 100644
--- a/.github/ISSUE_TEMPLATE/onboard-support.md
+++ b/.github/ISSUE_TEMPLATE/onboard-support.md
@@ -30,7 +30,7 @@ Engineers who are federal employees or staff contractors have a Contingency Plan
 
 </details>
 
-#### Learn our policies and procedures
+## Learn our policies and procedures
 
 - [ ] Review the [cloud.gov open source policy guidance about protecting sensitive information](https://github.com/18F/open-source-policy/blob/master/practice.md#protecting-sensitive-information).
 - [ ] Read the [Continuous Monitoring Strategy](https://cloud.gov/docs/ops/continuous-monitoring/), particularly the [cloud.gov team responsibilities](https://cloud.gov/docs/ops/continuous-monitoring/#cloud-gov-team).
@@ -38,7 +38,7 @@ Engineers who are federal employees or staff contractors have a Contingency Plan
 - [ ] Read the [cloud.gov Security Policies and Procedures](https://github.com/cloud-gov/cg-compliance-docs). These documents explain the high-level policies and procedures we must comply with while running cloud.gov, sorted into security control "families" They explain that we follow GSA IT security policy, and they provide a summary of the procedures in our System Security Plan.
 - [ ] Review the System Security Plan (the latest version lives on [Google Drive](https://drive.google.com/drive/u/0/folders/0B6fPl5s12igNX3JwR2xFZVpmek0); look for "cloud.gov System Security Plan (SSP)" as a _.docx_ file). Of particular note for onboarding: Section 9 (System Description) and Section 10 (System Environment)
 
-### Getting to know cloud.gov
+## Getting to know cloud.gov
 
 These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you
 should take the time to go through them, please do not try and tackle it all in one shot! It can become overwhelming
@@ -47,7 +47,7 @@ very quickly, so your onboarding buddy will walk through this list with you at a
 - [ ] [Sign up for a cloud.gov sandbox](https://cloud.gov/sign-up/#get-trial-access-and-a-free-sandbox-space) using your GSA email address and start experimenting to get familiar with the basics of the PaaS from a user's perspective.
 - [ ] Read our [service disruption guide](https://cloud.gov/docs/ops/service-disruption-guide/) to learn how we handle customer-facing service disruptions.
 
-### Slack channels
+## Slack channels
 
 Your onboarding buddy will add you to these Slack channels:
 

From 7720a6986a274d75ef291555901915242b5fc6aa Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Fri, 26 Jan 2024 13:46:50 -0500
Subject: [PATCH 08/20] Remove fragment from general onboarding ticket

---
 .github/ISSUE_TEMPLATE/onboard-engineer.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index 76f4525..ffd074e 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -48,8 +48,6 @@ Your onboarding buddy will add you to these Slack channels:
 - [ ] `#cg-priv-all` - private channel for in-team discussion
 - [ ] `#cg-priv-compliance` - private channel for security and compliance discussions
 
-Lastly, for federal employees only:
-
 </details>
 
 ## Google Groups and Spaces

From 0c63a09301014765b94132ac836895c41eb93748 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Fri, 26 Jan 2024 13:51:10 -0500
Subject: [PATCH 09/20] Improve titles for faster recognition and so general
 issue appears first in the list

---
 .github/ISSUE_TEMPLATE/onboard-engineer.md    | 2 +-
 .github/ISSUE_TEMPLATE/onboard-support.md     | 2 +-
 .github/ISSUE_TEMPLATE/onboard-team-member.md | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index ffd074e..3c3b8b9 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -1,6 +1,6 @@
 ---
 name: Onboard New cloud.gov Engineer
-title: Checklist for Onboarding a New Engineer
+title: Engineering Checklist for Onboarding (first name here)
 about: Onboarding checklist for engineers. Pairs with a general onboarding checklist.
 labels: ""
 assignees: ""
diff --git a/.github/ISSUE_TEMPLATE/onboard-support.md b/.github/ISSUE_TEMPLATE/onboard-support.md
index e32e875..2b6c8b4 100644
--- a/.github/ISSUE_TEMPLATE/onboard-support.md
+++ b/.github/ISSUE_TEMPLATE/onboard-support.md
@@ -1,6 +1,6 @@
 ---
 name: Onboard New cloud.gov Support Team Member
-title: Checklist for Onboarding a cloud.gov Support Team Member
+title: Support Checklist for Onboarding (first name here)
 about: This is the checklist and requirements for onboarding a new support team member to the cloud.gov team
 labels: ""
 assignees: ""
diff --git a/.github/ISSUE_TEMPLATE/onboard-team-member.md b/.github/ISSUE_TEMPLATE/onboard-team-member.md
index 435893b..b830476 100644
--- a/.github/ISSUE_TEMPLATE/onboard-team-member.md
+++ b/.github/ISSUE_TEMPLATE/onboard-team-member.md
@@ -1,6 +1,6 @@
 ---
-name: Onboard New cloud.gov Team Member
-title: Checklist for Onboarding a New Team Member
+name: Onboard Any New cloud.gov Team Member
+title: General Checklist for Onboarding (first name here)
 about: Onboarding checklist that applies to all team members. Pairs with a role-specific checklist.
 labels: ""
 assignees: ""

From cb5ddc3b7c3ff34a74b2ee3084c0471d00131755 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Fri, 26 Jan 2024 13:55:57 -0500
Subject: [PATCH 10/20] Drop outdated and redundant onboarding instructions
 from supplemental doc

---
 Onboarding.md | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

diff --git a/Onboarding.md b/Onboarding.md
index dfc730e..25e2a73 100644
--- a/Onboarding.md
+++ b/Onboarding.md
@@ -4,15 +4,7 @@ cloud.gov helps government teams attack core impediments to smooth, iterative de
 
 ## Instructions
 
-When someone new joins the cloud.gov team:
-
-1. The System Owner (Director or Deputy Director) creates a new issue in the [cg-product Github repo](https://github.com/cloud-gov/product/issues) called "Authorize Onboarding for [NewPerson]".  This constitutes 'formal approval' by leadership.
-  - The System Owner must do this step. An assignee can add the checklist afterward if the System Owner hasn't already.
-  - Use of an issue that only the System Owner is authorized to create before onboarding can proceed helps us satisfy the AC-2 control.
-2. The cloud.gov Director or Deputy Director adds the new team member to the `cloud-gov` team in GitHub.
-3. The System Owner or an assignee creates a new issue in the [cg-product Github repo](https://github.com/cloud-gov/product/issues) called `System Owner Authorization for Onboarding a New Team Member`
-4. The System Owner or the person who bravely volunteered to be the new person's Onboarding Buddy can then proceed to create the onboarding checklist issue for the new person
-5. Put the onboarding checklist issue into the _Doing_ column in our [project board](https://github.com/orgs/cloud-gov/projects/2).
+See the first section of your general onboarding ticket for instructions about authorizing and onboarding a new team member.
 
 ## Onboarding
 
@@ -34,7 +26,7 @@ Several tools are used for project management, but the main one you will probabl
 
 As a service offered to other federal agencies, cloud.gov must hold itself to a rigorous security standard in both our technical work and our team operations. We follow a formal set of security requirements as part of our FedRAMP P-ATO process. ([FedRAMP](https://www.fedramp.gov/) is a GSA-run program that assesses cloud services for government use, and we participate in this program.)
 
-* When you log into our cloud.gov CLI or dashboard for cloud.gov work, such as to work on a component that sits on cloud.gov as an application (for example the dashboard or the website), and GSA SecureAuth prompts you for multi-factor authentication (MFA), pick an MFA option that isn't email — use the phone/text/app MFA option. This helps us comply with our FedRAMP requirements.
+- When you log into our cloud.gov CLI or dashboard for cloud.gov work, such as to work on a component that sits on cloud.gov as an application (for example the dashboard or the website), and GSA SecureAuth prompts you for multi-factor authentication (MFA), pick an MFA option that isn't email — use the phone/text/app MFA option. This helps us comply with our FedRAMP requirements.
 
 ## Things we maintain
 
@@ -47,7 +39,7 @@ As a service offered to other federal agencies, cloud.gov must hold itself to a
 - a [Google Drive folder](https://drive.google.com/a/gsa.gov/folderview?id=0Bx6EvBXVDWwheUtVckVnOE1pRzA&usp=sharing) full of artifacts related to design, user research, etc (also expected to move to GitHub in time)
 - [The cloud.gov support Google Group](https://groups.google.com/a/gsa.gov/forum/?hl=en#!forum/cloud-gov-support), where we currently wrangle inquiries from various agencies, and some support.
 
-We liberally make upstream pull requests for stuff we use. We try to transfer broadly-useful Cloud Foundry-related projects to [the Cloud Foundry community GitHub organization](https://github.com/cloudfoundry-community/). 
+We liberally make upstream pull requests for stuff we use. We try to transfer broadly-useful Cloud Foundry-related projects to [the Cloud Foundry community GitHub organization](https://github.com/cloudfoundry-community/).
 
 ## Important terminology and context
 
@@ -73,13 +65,13 @@ We liberally make upstream pull requests for stuff we use. We try to transfer br
 - InfoSec – information security.
 - PaaS – platform as a service. We use Cloud Foundry to run the cloud.gov PaaS.
 - [Pivotal](https://pivotal.io/) – the company that originally started Cloud Foundry.
-- UAA - UAA is the User Authentication and Authorization hub for Cloud Foundry. It can delegate identity management via common standards such as LDAP/Active Directory, SAML, OAuth/OpenID Connect, and so forth. UAA is deployed as part of cloud.gov. 
+- UAA - UAA is the User Authentication and Authorization hub for Cloud Foundry. It can delegate identity management via common standards such as LDAP/Active Directory, SAML, OAuth/OpenID Connect, and so forth. UAA is deployed as part of cloud.gov.
 
-Also see [the Cloud Foundry glossary](http://docs.cloudfoundry.org/concepts/glossary.html) for  terms that are specific to the technology powering our platform.
+Also see [the Cloud Foundry glossary](http://docs.cloudfoundry.org/concepts/glossary.html) for terms that are specific to the technology powering our platform.
 
-# Joining the Federalist team
+# Joining the Pages team
 
-Federalist is a platform to build, launch, and manage static web sites for government agencies. The team develops, operates, and supports the platform so that we can offer it to agencies as a service.
+cloud.gov Pages is a platform to build, launch, and manage static web sites for government agencies. The team develops, operates, and supports the platform so that we can offer it to agencies as a service.
 
 ## Onboarding
 

From 729508c312f972a017c5d7d84dcff29a897d4720 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Fri, 26 Jan 2024 15:53:22 -0500
Subject: [PATCH 11/20] Install cloud.gov standard CLI tools all at once with a
 Brewfile

---
 .github/ISSUE_TEMPLATE/onboard-compliance.md | 31 ++++----------------
 .github/ISSUE_TEMPLATE/onboard-engineer.md   | 22 +++-----------
 Brewfile                                     | 15 ++++++++++
 3 files changed, 25 insertions(+), 43 deletions(-)
 create mode 100644 Brewfile

diff --git a/.github/ISSUE_TEMPLATE/onboard-compliance.md b/.github/ISSUE_TEMPLATE/onboard-compliance.md
index 7f7ba7c..d7a5105 100644
--- a/.github/ISSUE_TEMPLATE/onboard-compliance.md
+++ b/.github/ISSUE_TEMPLATE/onboard-compliance.md
@@ -150,40 +150,21 @@ Your onboarding buddy will create a separate ticket tied to this one to track th
 
 ### Additional compliance setup/review
 
-- [ ] Install `caulking` git leak prevention by following the [README](https://github.com/cloud-gov/caulking/blob/master/README.md)
+- [ ] Install `caulking` git leak prevention by following the [README](https://github.com/cloud-gov/caulking/blob/main/README.md)
 - [ ] Verify `caulking` by running `make audit` and pasting a screenshot as a comment on this GitHub issue
 - [ ] Set GPG signing set up for GitHub (instructions [here](https://docs.google.com/document/d/11UDxvfkhncyLEs-NUCniw2u54j4uQBqsR2SBiLYPUZc/edit))
 
 ### Install a development environment for cloud.gov
 
 - [ ] Install [Homebrew (`brew`)](https://brew.sh/)
-- [ ] Install [CloudFoundry for mac per their docs](https://docs.cloudfoundry.org/cf-cli/install-go-cli.html#pkg-mac):
-  - `brew tap cloudfoundry/tap`
-  - `brew install cf-cli@8`
-  - `brew install openssl`
-- [ ] Verify CloudFoundry Installation via the CLI (once an existing cloud.gov teammate has [made your cloud.gov admin account](https://cloud.gov/docs/ops/managing-users/#creating-admins))
+- [ ] Clone [the product repo](https://github.com/cloud-gov/product), `cd` into it, and run `brew bundle install` to install everything in `Brewfile`.
+- [ ] Verify CloudFoundry installation via the CLI (once an existing cloud.gov teammate has [made your cloud.gov admin account](https://cloud.gov/docs/ops/managing-users/#creating-admins))
   - `cf login -a api.fr.cloud.gov --sso`
   - `cf orgs`
-    - As a cloud.gov compliance team member, you should have a very giant list of organizations
+    - As a cloud.gov team member, you should have a long list of organizations
     - If you have none or one (e.g. sandbox) org, please reach out to your onboarding buddy
-- [ ] Install the [Bosh CLI using their instructions for MacOS](https://bosh.io/docs/cli-v2-install/#using-homebrew-on-macos)
-  - `brew install cloudfoundry/tap/bosh-cli`
-  - [ ] Verify the installation by running `bosh -v` in the command line
-- [ ] Install Terraform and other tools per [cg-provision](https://github.com/cloud-gov/cg-provision)
-  - `brew install terraform`
-  - `brew install awscli`
-  - `brew install jq`
-  - [ ] Verify Terraform installed and is in your path: run `terraform` and helper text should display
-  - [ ] Verify AWS CLI installed and is in your path: run `aws` and helper text should display
-- [ ] Install and configure `aws-vault` by [following our directions](https://cloud.gov/docs/ops/secrets/#aws-credentials)
-- [ ] Install the Concourse `fly` CLI
-  - Download the `fly` binary zip for MacOS from https://concourse-ci.org/
-  - Extract the binary and move it to `/usr/local/bin/fly` so it's in your path
-    - `cd ~/Downloads`
-    - `mv fly /usr/local/bin/fly`
-  - [ ] Verify by running `fly -h` in your command line
-    - This may fail due to app security policy on your mac rejecting apps from unidentified developers.
-    - You can try the procedure [here](https://www.imore.com/how-open-apps-anywhere-macos-catalina-and-mojave) to change the app's security settings.
+- [ ] Configure `aws-vault` by [following our directions](https://cloud.gov/docs/ops/secrets/#aws-credentials)
+- [ ] Fix `fly`, the Concourse CLI, by running `xattr -d com.apple.quarantine /opt/homebrew/bin/fly`. Concourse does not sign `fly` with an Apple Developer account, so you must use `xattr` to manually remove the binary from quarantine. Verify by running `fly -h` in your command line.
 - [ ] Install cloud.gov dev tools by cloning the [`cg-scripts` repo](https://github.com/cloud-gov/cg-scripts/): run `git clone https://github.com/cloud-gov/cg-scripts.git` in your command line
 
 These are items that are only necessary for someone stepping into a compliance role, but you can still subscribe to the alerts and mailing lists if you're interested:
diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index 3c3b8b9..cc431cf 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -124,7 +124,7 @@ You are a member of the Cloud Operations team, which means you have additional a
 
 ### Additional compliance setup/review
 
-- [ ] Install `caulking` git leak prevention by following the [README](https://github.com/cloud-gov/caulking/blob/master/README.md)
+- [ ] Install `caulking` git leak prevention by following the [README](https://github.com/cloud-gov/caulking/blob/main/README.md)
 - [ ] Verify `caulking` by running `make audit` and pasting a screenshot as a comment on this GitHub issue
 - [ ] Set GPG signing set up for GitHub (instructions [here](https://docs.google.com/document/d/11UDxvfkhncyLEs-NUCniw2u54j4uQBqsR2SBiLYPUZc/edit)) and paste the output of `git config commit.gpgsign` as a comment on this GitHub issue
 
@@ -133,28 +133,14 @@ You are a member of the Cloud Operations team, which means you have additional a
 > **Note:** Make sure you have followed the instructions in [Machine admin rights](#machine-admin-rights) at the top of this section to get local admin rights on your machine before moving forward
 
 - [ ] Install [Homebrew (`brew`)](https://brew.sh/)
-- [ ] Install [CloudFoundry for Mac per their docs](https://docs.cloudfoundry.org/cf-cli/install-go-cli.html#pkg-mac):
-  - `brew tap cloudfoundry/tap`
-  - `brew install cf-cli@8`
-  - `brew install openssl`
+- [ ] Clone [the product repo](https://github.com/cloud-gov/product), `cd` into it, and run `brew bundle install` to install everything in `Brewfile`.
 - [ ] Verify CloudFoundry installation via the CLI (once an existing cloud.gov teammate has [made your cloud.gov admin account](https://cloud.gov/docs/ops/managing-users/#creating-admins))
   - `cf login -a api.fr.cloud.gov --sso`
   - `cf orgs`
     - As a cloud.gov team member, you should have a long list of organizations
     - If you have none or one (e.g. sandbox) org, please reach out to your onboarding buddy
-- [ ] Install the [Bosh CLI using their instructions for MacOS](https://bosh.io/docs/cli-v2-install/#using-homebrew-on-macos)
-  - `brew install cloudfoundry/tap/bosh-cli`
-  - [ ] Verify the installation by running `bosh -v` in the command line
-- [ ] Install Terraform and other tools per [cg-provision](https://github.com/cloud-gov/cg-provision)
-  - `brew install terraform`
-  - `brew install awscli`
-  - `brew install jq`
-  - [ ] Verify Terraform installed and is in your path: run `terraform` and helper text should display
-  - [ ] Verify AWS CLI installed and is in your path: run `aws` and helper text should display
-- [ ] Install and configure `aws-vault` by [following our directions](https://cloud.gov/docs/ops/secrets/#aws-credentials)
-- [ ] Install the Concourse `fly` CLI. Concourse does not sign `fly` with an Apple Developer account, so you must use `xattr` to manually remove the binary from quarantine:
-  - `brew install fly && xattr -d com.apple.quarantine /opt/homebrew/bin/fly`.
-  - [ ] Verify by running `fly -h` in your command line
+- [ ] Configure `aws-vault` by [following our directions](https://cloud.gov/docs/ops/secrets/#aws-credentials)
+- [ ] Fix `fly`, the Concourse CLI, by running `xattr -d com.apple.quarantine /opt/homebrew/bin/fly`. Concourse does not sign `fly` with an Apple Developer account, so you must use `xattr` to manually remove the binary from quarantine. Verify by running `fly -h` in your command line.
 - [ ] Install cloud.gov dev tools by cloning the [`cg-scripts` repo](https://github.com/cloud-gov/cg-scripts/): run `git clone https://github.com/cloud-gov/cg-scripts.git` in your command line
 
 ### Figure out your first tasks
diff --git a/Brewfile b/Brewfile
new file mode 100644
index 0000000..7093831
--- /dev/null
+++ b/Brewfile
@@ -0,0 +1,15 @@
+tap "cloudfoundry/tap"
+tap "hashicorp/tap"
+tap "homebrew/bundle"
+tap "homebrew/cask-versions"
+tap "homebrew/services"
+brew "aws-vault"
+brew "awscli"
+brew "docker"
+brew "gnupg"
+brew "jq"
+brew "terraform"
+brew "yq"
+brew "cloudfoundry/tap/bosh-cli"
+brew "cloudfoundry/tap/cf-cli@8"
+cask "fly"

From 753b5b63ffb1787ce772717c24fca3123aa0bd03 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Fri, 26 Jan 2024 15:54:15 -0500
Subject: [PATCH 12/20] Remove common elements from Compliance onboarding

---
 .github/ISSUE_TEMPLATE/onboard-compliance.md | 132 +++++++------------
 1 file changed, 47 insertions(+), 85 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-compliance.md b/.github/ISSUE_TEMPLATE/onboard-compliance.md
index d7a5105..5487804 100644
--- a/.github/ISSUE_TEMPLATE/onboard-compliance.md
+++ b/.github/ISSUE_TEMPLATE/onboard-compliance.md
@@ -1,124 +1,87 @@
 ---
 name: Onboard New cloud.gov Compliance Team Member
-title: Checklist for Onboarding a New Compliance Team Member
+title: Compliance Checklist for Onboarding (first name here)
 about: This is the checklist and requirements for onboarding a new compliance team member to the cloud.gov team
-labels: ''
-assignees: ''
-
+labels: ""
+assignees: ""
 ---
 
 # New Compliance Team Member Onboarding Checklist
 
 ## Special Notes
 
-- **Do not create this issue until the System Owner has formally authorized and requested it.**. You can get that OK by one of two ways:
-  - A:
-    - [ ] A: System Owner creates this issue
-  - B:
-    - [ ] B.1: System owner emails <cloud-gov-compliance@gsa.gov> and <cloud-gov-operations@gsa.gov> with their authorization
-    - [ ] B.2: An operator adds a link to the Google Group conversation that includes the authorizing email.
-- **Please only use first names.**
+- [ ] Paste a link to the general onboarding ticket, which includes the onboarding authorization, here:
 
 ---
 
-In order to get `New Person` productively contributing to the cloud.gov team, `Buddy` should help `New Person` complete a prescribed set of tasks that will bring them up to speed and get them setup with cloud.gov.
-
-## Instructions
-
-1. Try to go through the checklists in order.
-2. If `Buddy` can’t complete any of the items on their checklist personally, _they are responsible for ensuring that someone with the correct access completes that item_.
-
-## Onboarding Checklist
+## Complete additional cloud.gov trainings
 
-### Required items for all team members
+<details>
+  <summary>
+    Federal employees and staff contractors, expand this section. Not applicable to project contractors.
+  </summary>
 
-These items help us fulfill security and compliance requirements (including for FedRAMP). If you get stuck, or if these requirements are confusing, ask for help from your buddy or in a cloud.gov channel.
+Engineers who are federal employees or staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following:
 
-- [ ] Take judicious notes on what about this onboarding process or cloud.gov is confusing or frustrating. If you notice a problem (especially with things like documentation), you are more than welcome to fix it! At the very least, please share this information with your onboarding buddy (or someone) at some point so we can make the team/platform better. (You can also file issues and pull requests on [the template Onboarding checklist](https://github.com/cloud-gov/product/blob/main/.github/ISSUE_TEMPLATE/onboard-compliance.md).
-- [ ] Be sure to introduce yourself and follow up with your onboarding buddy (they should have reached out to you at this point; if they haven't, please let the team know) and make sure this issue is assigned to them in our [Github Project Planning Board](https://github.com/orgs/cloud-gov/projects/2). We use this board to organize, prioritize, and track our work.
-
-#### Pre-requisites
-
-- [ ] Complete [GSA OLU](https://gsaolu.gsa.gov/) GSA Mandatory Cyber Security and Privacy Training, including accepting the GSA IT Rules of Behavior, which is required before we can give you access to any cloud.gov systems. If you joined GSA more than two months ago, you've already completed this task and can just check the box.
-
-#### Fulfill security and compliance requirements (including for FedRAMP) - Completed by onboarding buddy
+- [ ] Coordinate with your onboarding buddy to schedule Contingency Planning training within 60 days. (and annually after that). This will cover the following document, which you should also review before or after training:
+  - [ ] Read the [Contingency Plan](https://docs.cloud.gov/ops/contingency-plan/).
+- [ ] Coordinate with your onboarding buddy to schedule [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training:
+  - [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/).
 
-- [ ] Make sure they're in [the list of people working on the project](https://docs.google.com/spreadsheets/d/187663k5MYJBNlKExLu_nhuovcZQfIbqYCu2n4noNY1o/edit#gid=0).
-- [ ] Add their name, whether they're Cloud Ops (Platform), and the date they joined the team to the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0). Copy the formulas for the due dates from an existing row (grab the "corner" of the cells and pull down).
-- [ ] As they complete training, fill out their completion dates in the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0).
-- [ ] Add them to the @cloud-gov-team [in Slack’s Team Directory](https://get.slack.help/hc/en-us/articles/212906697-User-Groups#edit-a-user-group).
-- [ ] Review the recurring cloud.gov meetings that are relevant for them in [the team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&amp;ctz=America/Los_Angeles) (they will get access to this when added to the cloud.gov Team Google Group).
-- [ ] Add them to the [`cloud-gov`](https://github.com/orgs/cloud-gov/people) organization in GitHub, and the [`cloud-gov-team`](https://github.com/orgs/cloud-gov/teams/cloud-gov-team) team.
+</details>
 
 #### Learn our policies and procedures
 
-For the three trainings list at the top, your onboarding buddy will create a separate ticket to track the trainings once scheduling has been finished.  This will help consolidate trainings for multiple new members to the team and prevent them from blocking progress on this onboarding ticket.  Once the trainings are scheduled, they can be marked as complete here.
-
-- [ ] Coordinate with the compliance team to go through Contingency Planning training within 60 days (and annually after that). This will cover the following document, which you should also review before or after training:
-  - [ ] Read the [Contingency Plan](https://cloud.gov/docs/ops/contingency-plan/).
-- [ ] Coordinate with the compliance team to go through [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training:
-  - [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/).
-- [ ] Coordinate with the compliance team to go through [nonpublic information training](https://docs.google.com/presentation/d/1uB4MlGCu8ZYUxjKVZKwicQ95MvLxaT4Mh93y6w79GPw/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following documents, which you should also review before or after training:
-  - [ ] Review the [cloud.gov open source policy guidance about protecting sensitive information](https://github.com/18F/open-source-policy/blob/master/practice.md#protecting-sensitive-information).
-  - [ ] Read our [sharing secret keys](https://cloud.gov/docs/ops/secrets/#sharing-secret-keys) policy.
-  - [ ] Review the [TTS requirements for password management](https://handbook.tts.gsa.gov/general-information-and-resources/tech-policies/password-requirements/).
+- [ ] Review the [cloud.gov open source policy guidance about protecting sensitive information](https://github.com/18F/open-source-policy/blob/master/practice.md#protecting-sensitive-information).
 - [ ] Read the [Continuous Monitoring Strategy](https://cloud.gov/docs/ops/continuous-monitoring/), particularly the [cloud.gov team responsibilities](https://cloud.gov/docs/ops/continuous-monitoring/#cloud-gov-team).
 - [ ] Read the [Configuration Management Plan](https://cloud.gov/docs/ops/configuration-management/).
 - [ ] Read the [cloud.gov Security Policies and Procedures](https://github.com/cloud-gov/cg-compliance-docs). These documents explain the high-level policies and procedures we must comply with while running cloud.gov, sorted into security control "families" They explain that we follow GSA IT security policy, and they provide a summary of the procedures in our System Security Plan.
 - [ ] Review the System Security Plan (the latest version lives on [Google Drive](https://drive.google.com/drive/u/0/folders/0B6fPl5s12igNX3JwR2xFZVpmek0); look for "cloud.gov System Security Plan (SSP)" as a _.docx_ file). Of particular note for onboarding: Section 9 (System Description) and Section 10 (System Environment)
 
-### Getting to know cloud.gov
+## Slack channels
 
-These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc.  While you
-should take the time to go through them, please do not try and tackle it all in one shot!  It can become overwhelming
-very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work.
-
-- [ ] Read [the team onboarding document](https://github.com/cloud-gov/product/blob/master/Onboarding.md) for more context about cloud.gov.
-- [ ] Bookmark the [pertinent links listed here](https://github.com/cloud-gov/product/blob/master/PertinentLinks.md).
-- [ ] Read through [the Overview section of our site](https://cloud.gov/docs/overview/what-is-cloudgov/) for a broader understanding of cloud.gov, especially how we present it to potential customers and users.
-- [ ] [Sign up for a cloud.gov sandbox](https://cloud.gov/sign-up/#get-trial-access-and-a-free-sandbox-space) using your GSA email address and start experimenting to get familiar with the basics of the PaaS from a user's perspective.
-  - This is also required in order to make you a platform admin once you've completed the Cybersecurity and Privacy training.
-- [ ] Read the [Delivery Process document](https://github.com/cloud-gov/product/blob/master/StoryLifecycle.md) to learn about how we work.
-- [ ] Read our [service disruption guide](https://cloud.gov/docs/ops/service-disruption-guide/) to learn how we handle customer-facing service disruptions.
-- [ ] Add the [cloud.gov Google Drive folder](https://drive.google.com/drive/folders/0Bx6EvBXVDWwheUtVckVnOE1pRzA) to your Google Drive -- that's where we put cloud.gov docs. If you create or move a doc there, it'll get the right access permissions for team members to be able to view and edit it.
-- [ ] Subscribe to [the cloud.gov team calendar](https://calendar.google.com/calendar/embed?src=gsa.gov_0samf7guodi7o2jhdp0ec99aks@group.calendar.google.com&amp;ctz=America/Los_Angeles) (click the + in the bottom right) so you know when assorted team meetings are happening in the various squads. Tip: When you plan Out of Office time, make a calendar event for that on the cloud.gov calendar so that your teammates know you'll be away
+Project contractors: Your buddy will add you to the private channel for your project.
 
-### Slack channels
+<details>
+  <summary>
+    Federal employees and staff contractors, expand this section:
+  </summary>
 
 Your onboarding buddy will add you to these Slack channels:
 
+- [ ] `#cg-aws-security` - private channel where bots post security notices
 - [ ] `#cg-billing` - private business development channel (if applicable)
 - [ ] `#cg-incidents` - private channel for incident response
+- [ ] `#cg-ops-banter` - private channel for operations/engineering banter
 - [ ] `#cg-priv-all` - private channel for in-team discussion
-- [ ] `#cg-priv-gov` (Federal employees only) - may contain discussion of contracting-related or other private, federal-employee-only comms
-- [ ] `#cg-aws-security` - channel for alerts posted by automation about possible AWS security issues
-
-You can add yourself to these channels:
-
-- [ ] `#cg-ask-aws` - channel to communicate with representations from AWS
-- [ ] `#cg-business` - business development (if applicable)
-- [ ] `#cg-compliance` - compliance-related information and discussion
-- [ ] `#cg-offtopic` - off-topic team sharing
-- [ ] `#cg-platform` - platform operations
-- [ ] `#cg-platform-news` - bots post platform alerts
-- [ ] `#cg-general` - program-level information and discusion
-- [ ] `#cg-support` - support requests and assistance within TTS
+- [ ] `#cg-priv-compliance` - private channel for security and compliance discussions
 
-You probably want to mute these channels:
-
-- [ ] `#cg-support` - support requests and assistance within TTS
-- [ ] `#cg-platform-news` - platform alerts
-- [ ] `#cloud-gov` - bots post announcements here
+</details>
 
 You might also be interested in these channels:
 
 - [ ] `#g-security-compliance` - Channel for the Security & Compliance guild
 - [ ] `#dev` - general chat for all TTS engineers
 
+### Getting to know cloud.gov
+
+These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you
+should take the time to go through them, please do not try and tackle it all in one shot! It can become overwhelming
+very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work.
+
+- [ ] Read [the team onboarding document](https://github.com/cloud-gov/product/blob/main/Onboarding.md) for more context about cloud.gov.
+- [ ] Bookmark the [pertinent links listed here](https://github.com/cloud-gov/product/blob/main/PertinentLinks.md).
+- [ ] Read through [the Overview section of our site](https://cloud.gov/docs/overview/what-is-cloudgov/) for a broader understanding of cloud.gov, especially how we present it to potential customers and users.
+- [ ] [Sign up for a cloud.gov sandbox](https://cloud.gov/sign-up/#get-trial-access-and-a-free-sandbox-space) using your GSA email address and start experimenting to get familiar with the basics of the PaaS from a user's perspective.
+  - This is also required in order to make you a platform admin once you've completed the Cybersecurity and Privacy training.
+- [ ] Read the [Delivery Process document](https://github.com/cloud-gov/product/blob/main/StoryLifecycle.md) to learn about how we work.
+- [ ] Read our [service disruption guide](https://cloud.gov/docs/ops/service-disruption-guide/) to learn how we handle customer-facing service disruptions.
+
 ## Compliance-role specific items
 
-You should already have admin rights on your machine as a part of its original setup.  If for whatever reason you don't,
-Please let your onboarding buddy know and they will help you request [local admin rights](https://docs.google.com/document/d/1xepZsh83lxPDykrb1NXoeHxj8m78qsdW-9KqzO_CHOQ/edit) on your GFE Mac using [this justification](https://docs.google.com/document/d/1YGid3pTji5W_M9RuF1GDf614BVkLIRDmSrt1tDbej-o/edit).
+### Machine admin rights
+
+- [ ] In order to install development tools on your Mac, you will need to request local admin rights by [submitting a ServiceDesk ticket](https://docs.google.com/document/d/1xepZsh83lxPDykrb1NXoeHxj8m78qsdW-9KqzO_CHOQ/edit) using [this justification](https://docs.google.com/document/d/1YGid3pTji5W_M9RuF1GDf614BVkLIRDmSrt1tDbej-o/edit). If you're unable to create a ticket for yourself, your onboarding buddy can create one for you.
 
 ### Other tooling and access for compliance
 
@@ -129,8 +92,8 @@ Please let your onboarding buddy know and they will help you request [local admi
 
 Before starting this section, you must complete:
 
-1. GSA Mandatory Cyber Security and Privacy Training
-1. Role-based trainings listed under "Learn our policies and procedures"
+1. GSA IT Security & Privacy Awareness Training
+1. Role-based trainings listed under [Learn our policies and procedures](#learn-our-policies-and-procedures)
 
 AWS user names should be identical across accounts so that permissions can be correctly managed by Terraform.
 
@@ -138,13 +101,12 @@ AWS user names should be identical across accounts so that permissions can be co
   - [ ] AWS Commercial accounts
   - [ ] AWS GovCloud accounts
 - [ ] Add them to Nessus Manager via the GUI
+  - [ ] Add them to the ScanAdmins team in Settings > Groups
 - [ ] [Make them an admin](https://cloud.gov/docs/ops/managing-users/#managing-admins) of the platform.
 - [ ] Add them to the [`platform-ops`](https://github.com/orgs/cloud-gov/teams/platform-ops) team in GitHub.
 - [ ] Add them to [the cloud.gov team Google Group](https://groups.google.com/a/gsa.gov/forum/?hl=en#!forum/cloud-gov) so they can participate in team-wide internal communication.
 - [ ] Add them to the `cloud-gov-assurance-team` Google Group for meeting invites and communications
 - [ ] Add them to [our dockerhub org](https://hub.docker.com/orgs/cloudgov) and ensure we're not over our license count
-- [ ] **If necessary:** Add them as an admin on the cg-django-uaa [docs](https://readthedocs.org/projects/cg-django-uaa/)
-- [ ] Business Unit Only - Add them to the [cloud.gov inquiries Google Group](https://groups.google.com/a/gsa.gov/forum/#!forum/cloud-gov-inquiries) so they can keep apprised of prospective new clients.
 
 Your onboarding buddy will create a separate ticket tied to this one to track the AWS accounts being granted full admin access.
 
@@ -167,7 +129,7 @@ Your onboarding buddy will create a separate ticket tied to this one to track th
 - [ ] Fix `fly`, the Concourse CLI, by running `xattr -d com.apple.quarantine /opt/homebrew/bin/fly`. Concourse does not sign `fly` with an Apple Developer account, so you must use `xattr` to manually remove the binary from quarantine. Verify by running `fly -h` in your command line.
 - [ ] Install cloud.gov dev tools by cloning the [`cg-scripts` repo](https://github.com/cloud-gov/cg-scripts/): run `git clone https://github.com/cloud-gov/cg-scripts.git` in your command line
 
-These are items that are only necessary for someone stepping into a compliance role, but you can still subscribe to the alerts and mailing lists if you're interested:
+## Security and Compliance News
 
 - [ ] Subscribe to CISA alerts/updates: <https://www.cisa.gov/about/contact-us/subscribe-updates-cisa>
 - [ ] Subscribe to FedRAMP mailing lists: <https://public.govdelivery.com/accounts/USGSA/subscriber/topics?qsp=USGSA_2224>

From 965700a689ad616a121252fb54347b0676092063 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Fri, 26 Jan 2024 15:56:00 -0500
Subject: [PATCH 13/20] Fix header levels and other inconsistencies

---
 .github/ISSUE_TEMPLATE/onboard-compliance.md | 4 ++--
 .github/ISSUE_TEMPLATE/onboard-engineer.md   | 5 +++--
 .github/ISSUE_TEMPLATE/onboard-support.md    | 4 +++-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-compliance.md b/.github/ISSUE_TEMPLATE/onboard-compliance.md
index 5487804..067ae99 100644
--- a/.github/ISSUE_TEMPLATE/onboard-compliance.md
+++ b/.github/ISSUE_TEMPLATE/onboard-compliance.md
@@ -30,7 +30,7 @@ Engineers who are federal employees or staff contractors have a Contingency Plan
 
 </details>
 
-#### Learn our policies and procedures
+## Learn our policies and procedures
 
 - [ ] Review the [cloud.gov open source policy guidance about protecting sensitive information](https://github.com/18F/open-source-policy/blob/master/practice.md#protecting-sensitive-information).
 - [ ] Read the [Continuous Monitoring Strategy](https://cloud.gov/docs/ops/continuous-monitoring/), particularly the [cloud.gov team responsibilities](https://cloud.gov/docs/ops/continuous-monitoring/#cloud-gov-team).
@@ -63,7 +63,7 @@ You might also be interested in these channels:
 - [ ] `#g-security-compliance` - Channel for the Security & Compliance guild
 - [ ] `#dev` - general chat for all TTS engineers
 
-### Getting to know cloud.gov
+## Getting to know cloud.gov
 
 These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you
 should take the time to go through them, please do not try and tackle it all in one shot! It can become overwhelming
diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index cc431cf..895fb58 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -95,8 +95,8 @@ Getting hands-on with cloud.gov:
 
 Before starting this section, you must complete:
 
-1. GSA Mandatory Cyber Security and Privacy Training
-1. Role-based trainings listed under "Learn our policies and procedures"
+1. GSA IT Security & Privacy Awareness Training
+1. Role-based trainings listed under [Learn our policies and procedures](#learn-our-policies-and-procedures)
 
 AWS user names should be identical across accounts so that permissions can be correctly managed by Terraform.
 
@@ -105,6 +105,7 @@ AWS user names should be identical across accounts so that permissions can be co
   - [ ] AWS GovCloud accounts
   - [ ] Ensure new person has 60-day Google Calendar reminder to reset passwords
 - [ ] Add them to Nessus Manager via the GUI
+  - [ ] Add them to the ScanAdmins team in Settings > Groups
 
 <details>
   <summary>
diff --git a/.github/ISSUE_TEMPLATE/onboard-support.md b/.github/ISSUE_TEMPLATE/onboard-support.md
index 2b6c8b4..a75d36f 100644
--- a/.github/ISSUE_TEMPLATE/onboard-support.md
+++ b/.github/ISSUE_TEMPLATE/onboard-support.md
@@ -59,11 +59,13 @@ You will want to keep `#cg-support` unmuted so you are aware of requests from TT
 
 ## Support-specific items
 
+### Machine admin rights
+
 - [ ] In order to install development tools on your Mac, you will need to request local admin rights by [submitting a ServiceDesk ticket](https://docs.google.com/document/d/1xepZsh83lxPDykrb1NXoeHxj8m78qsdW-9KqzO_CHOQ/edit) using [this justification](https://docs.google.com/document/d/1YGid3pTji5W_M9RuF1GDf614BVkLIRDmSrt1tDbej-o/edit). If you're unable to create a ticket for yourself, your onboarding buddy can create one for you.
 
 ### Additional compliance setup/review
 
-- [ ] Install `caulking` git leak prevention by following the [README](https://github.com/cloud-gov/caulking/blob/master/README.md)
+- [ ] Install `caulking` git leak prevention by following the [README](https://github.com/cloud-gov/caulking/blob/main/README.md)
 - [ ] Verify `caulking` by running `make audit` and pasting a screenshot as a comment on this GitHub issue
 - [ ] Set GPG signing set up for GitHub (instructions [here](https://docs.google.com/document/d/11UDxvfkhncyLEs-NUCniw2u54j4uQBqsR2SBiLYPUZc/edit))
 

From a23c9214084f3319a24a8589159b899c3d0408fc Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Fri, 26 Jan 2024 16:17:46 -0500
Subject: [PATCH 14/20] Add recently suggested note about saving OLU
 certificates

---
 .github/ISSUE_TEMPLATE/onboard-team-member.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/ISSUE_TEMPLATE/onboard-team-member.md b/.github/ISSUE_TEMPLATE/onboard-team-member.md
index b830476..f99546d 100644
--- a/.github/ISSUE_TEMPLATE/onboard-team-member.md
+++ b/.github/ISSUE_TEMPLATE/onboard-team-member.md
@@ -39,6 +39,7 @@ Your onboarding buddy should reach out and introduce themselves to you. If you h
 ## Pre-requisites
 
 - [ ] Complete [GSA OLU](https://gsaolu.gsa.gov/) IT Security & Privacy Awareness Training, which includes accepting the GSA IT Rules of Behavior. This is required before we can give you access to any cloud.gov systems. If you joined GSA more than two months ago, you've already completed this task and can check the box.
+  - OLU has sometimes lost course completion data. We recommend downloading the PDF certificate of completion for each training and saving it to your Google Drive.
 
 ## Fulfill security and compliance requirements - Completed by onboarding buddy
 

From 432443f113ee7cdbe9efaeebdbba0c48f7999c29 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Fri, 26 Jan 2024 17:04:27 -0500
Subject: [PATCH 15/20] Add Google Group memberships for roles

---
 .github/ISSUE_TEMPLATE/onboard-compliance.md  |  4 ++++
 .github/ISSUE_TEMPLATE/onboard-engineer.md    | 10 ++++++++--
 .github/ISSUE_TEMPLATE/onboard-team-member.md | 11 +++++++++--
 3 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-compliance.md b/.github/ISSUE_TEMPLATE/onboard-compliance.md
index 067ae99..a95f3be 100644
--- a/.github/ISSUE_TEMPLATE/onboard-compliance.md
+++ b/.github/ISSUE_TEMPLATE/onboard-compliance.md
@@ -63,6 +63,10 @@ You might also be interested in these channels:
 - [ ] `#g-security-compliance` - Channel for the Security & Compliance guild
 - [ ] `#dev` - general chat for all TTS engineers
 
+## Google Groups
+
+- [ ] [cloud.gov Compliance](https://groups.google.com/a/gsa.gov/g/cloud-gov-compliance/members) (external-facing email address for communications with FedRAMP and others)
+
 ## Getting to know cloud.gov
 
 These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you
diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index 895fb58..7c7f00e 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -50,9 +50,15 @@ Your onboarding buddy will add you to these Slack channels:
 
 </details>
 
-## Google Groups and Spaces
+## Google Groups
 
-- [ ] Business Unit Only - Add them to the [cloud.gov inquiries Google Group](https://groups.google.com/a/gsa.gov/forum/#!forum/cloud-gov-inquiries) so they can keep apprised of prospective new clients.
+- [ ] [cloud.gov AWS](https://groups.google.com/a/gsa.gov/g/cloud-gov-aws/members)
+- [ ] [cloud.gov Notifications](https://groups.google.com/a/gsa.gov/g/cloud-gov-notifications/members) (🗣️)
+- [ ] [cloud.gov Operations](https://groups.google.com/a/gsa.gov/g/cloud-gov-operations/members)
+- [ ] [cloud.gov Security](https://groups.google.com/a/gsa.gov/g/cloud-gov-security/members)
+- [ ] [cloud.gov Support](https://groups.google.com/a/gsa.gov/g/cloud-gov-support/members) (🗣️)
+
+Channels marked with (🗣️) receive a lot of messages, either from customers or bots, and you may want to mute them.
 
 ## Learn our policies and procedures
 
diff --git a/.github/ISSUE_TEMPLATE/onboard-team-member.md b/.github/ISSUE_TEMPLATE/onboard-team-member.md
index f99546d..19f6f51 100644
--- a/.github/ISSUE_TEMPLATE/onboard-team-member.md
+++ b/.github/ISSUE_TEMPLATE/onboard-team-member.md
@@ -108,7 +108,7 @@ For federal employees only:
 
 We manage calendar invites and Google Drive access using Google Groups. Some groups can also receive message from outside emails.
 
-- [ ] Project contractors: Add them to the [cloud.gov Project Contractors Google Group]() for access to the All Staff Google Drive.
+- [ ] Project contractors: Add them to the [cloud.gov Project Contractors Google Group](https://groups.google.com/a/gsa.gov/g/cloud-gov-project-contractors/members) as the "Member" role. This grants them Commenter access to the All Staff Google Drive. If they are working on a project in a specific folder, you can grant them greater access to that folder.
 
 <details>
   <summary>
@@ -117,12 +117,19 @@ We manage calendar invites and Google Drive access using Google Groups. Some gro
 
 Add them to the following Google Groups:
 
-- [ ] [cloud.gov Team](https://groups.google.com/a/gsa.gov/forum/?hl=en#!forum/cloud-gov) so they can participate in team-wide internal communication.
+- [ ] [cloud.gov Team](https://groups.google.com/a/gsa.gov/g/cloud-gov/members) so they can participate in team-wide internal communication.
+- [ ] Business Unit Only - Add them to the [cloud.gov inquiries Google Group](https://groups.google.com/a/gsa.gov/g/cloud-gov-inquiries/members) so they can keep apprised of prospective new clients.
 
 And the following Google Space:
 
 - [ ] [CG-PRIV](https://mail.google.com/mail/u/0/#chat/space/AAAAr60JXAc), a fallback team communication channel in the event Slack is down.
 
+They may need added to one or more of these team-specific groups:
+
+- [ ] [cloud.gov Assurance Team](https://groups.google.com/a/gsa.gov/g/cloud-gov-assurance/members)
+- [ ] [cloud.gov Compliance](https://groups.google.com/a/gsa.gov/g/cloud-gov-compliance/members) (external email accepted)
+- [ ] [cloud.gov Customer Success Team](https://groups.google.com/a/gsa.gov/g/cloud-gov-customer-success/members)
+
 Lastly, for federal employees only:
 
 - [ ] [cloud.gov Federal Employees](https://groups.google.com/a/gsa.gov/g/cloud-gov-federal-employees/members)

From 0070e3580f920c7c4bf6dec267a8a92dc7aabfe4 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Mon, 29 Jan 2024 10:30:43 -0500
Subject: [PATCH 16/20] CG-PRIV Space membership now managed by Google Group

Also format offboarding template with Prettier
---
 .../ISSUE_TEMPLATE/offboard-team-member.md    | 27 ++++++++++---------
 .github/ISSUE_TEMPLATE/onboard-team-member.md |  5 ++--
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/offboard-team-member.md b/.github/ISSUE_TEMPLATE/offboard-team-member.md
index f3ecdb4..ffe4f9f 100644
--- a/.github/ISSUE_TEMPLATE/offboard-team-member.md
+++ b/.github/ISSUE_TEMPLATE/offboard-team-member.md
@@ -2,9 +2,8 @@
 name: Offboard cloud.gov Team Member
 title: Checklist for Offboarding a Team Member
 about: This is the checklist and requirements for offboarding a team member from the cloud.gov team
-labels: ''
-assignees: ''
-
+labels: ""
+assignees: ""
 ---
 
 # Team Member Offboarding Checklist
@@ -13,8 +12,8 @@ assignees: ''
 
 We must offboard a team member when they are:
 
-* Absent for 30 or more days, or about to be. For example, team members on detail or extended leave.
-* Permanently separating from the team. For example, terminated or reassigned.
+- Absent for 30 or more days, or about to be. For example, team members on detail or extended leave.
+- Permanently separating from the team. For example, terminated or reassigned.
 
 See our [AC Policy](https://github.com/cloud-gov/cg-compliance-docs/blob/main/AC-Policy.md), "When a privileged team member has been absent...".
 
@@ -22,18 +21,21 @@ See our [AC Policy](https://github.com/cloud-gov/cg-compliance-docs/blob/main/AC
 
 - **Do not create this issue until the System Owner has formally authorized and requested it.** You can obtain that OK by one of two ways:
   A:
+
   - [ ] A: System Owner creates this issue
 
   B:
+
   - [ ] B.1: System owner emails cloud-gov-compliance@gsa.gov and cloud-gov-operations@gsa.gov with their authorization
   - [ ] B.2: An operator adds links to the email archive of the authorizing email.
+
 - **Please only use first names.**
 
 ---
 
 ## Instructions
 
-* [ ] Assign this ticket to the person currently staffing the maintenance rotation.
+- [ ] Assign this ticket to the person currently staffing the maintenance rotation.
 
 In order to complete `Existing Person`'s exit from the cloud.gov team, the assignee should complete a prescribed set of tasks that will remove any special access.
 
@@ -52,14 +54,14 @@ If the person offboarding is a contractor, reach out to the COR to ensure any of
 - [ ] Remove their access to [StatusPage](https://manage.statuspage.io/organizations/btc69fwyvjh7/team)
 - [ ] Remove their agent access to Zendesk - [switch their role to "end user"](https://cloud-gov.zendesk.com/agent/admin/people)
 - [ ] Remove them from `@cg-team`, `@cg-operators`, and any other `@cg-` teams in the Slack Team Directory [using the three-dot menu (instructions)](https://get.slack.help/hc/en-us/articles/212906697-User-Groups)
-  * Check one of the following:
-    * [ ] Temporary federal departure: Remove them all private cloud.gov Slack channels, except `#cg-priv-gov`, so they may continue to receive essential team communications.
-    * [ ] Permanent departure: If the person is leaving permanently, they will be removed from all channels automatically.
+  - Check one of the following:
+    - [ ] Temporary federal departure: Remove them all private cloud.gov Slack channels, except `#cg-priv-gov`, so they may continue to receive essential team communications.
+    - [ ] Permanent departure: If the person is leaving permanently, they will be removed from all channels automatically.
 - [ ] Remove them from the [team roster](https://docs.google.com/spreadsheets/d/187663k5MYJBNlKExLu_nhuovcZQfIbqYCu2n4noNY1o/edit#gid=0)
 - [ ] Remove them from the [squad list](https://github.com/cloud-gov/product/blob/main/DeliveryProcess.md#squads)
 - [ ] In the [training tracker](https://docs.google.com/spreadsheets/d/1hqU6cNeEB293OT0j3OvbdAFRkrf2zDOrPVxGfnr4sSw/edit#gid=0): if they're staying at TTS, move them to the "former teammates" tab; if they're leaving TTS, delete them from the spreadsheet
 - [ ] Remove them as invitees for any meetings on the cloud.gov calendar where they are specifically named
-    - Invites where they are listed as part of the `cloud.gov` invitee group will be removed when they are removed from that group by the System Owner
+  - Invites where they are listed as part of the `cloud.gov` invitee group will be removed when they are removed from that group by the System Owner
 - [ ] Remove them from [our dockerhub org](https://hub.docker.com/orgs/cloudgov)
 
 ## System Owner (or person delegated by System Owner)
@@ -79,7 +81,6 @@ The following do not directly impact cloud.gov security & operations and can hap
 
 - [ ] Remove them from [Nessus](https://nessus.fr.cloud.gov/#/settings/users)
 - [ ] Remove them from [Tenable (if Compliance Team)](https://community.tenable.com/s/contacts]
-- [ ] Remove them from the [CG-PRIV Space](https://mail.google.com/mail/u/0/#chat/space/AAAAr60JXAc)
 - [ ] Remove them from the [Cloud Foundry Community GitHub org cloud.gov team](https://github.com/orgs/cloudfoundry-community/teams/cloud-gov/members)
 - [ ] Remove them from [the cloud.gov operations Google Group](https://groups.google.com/a/gsa.gov/forum/#!managemembers/cloud-gov-operations/members/active)
 - [ ] Remove them from [the cloud.gov compliance team Google Group](https://groups.google.com/a/gsa.gov/forum/?hl=en#!managemembers/cloud-gov-compliance/members/active)
@@ -95,12 +96,12 @@ The following do not directly impact cloud.gov security & operations and can hap
 
 **The following steps must be conducted and documented within 24 hours of departure**:
 
-* [ ] Not a member of Engineering
+- [ ] Not a member of Engineering
 
 -- or --
 
 - [ ] Delete the user in all cloud.gov AWS accounts by submitting a PR to [`aws-admin`](https://github.com/cloud-gov/aws-admin)
 - [ ] [Remove their access as an admin](https://cloud.gov/docs/ops/managing-users/#managing-admins) on the platform
 - [ ] Remove any privileges that their cloud.gov account has due to membership in the cloud.gov team (even if not in Cloud Ops), such as `admin_ui.user` and `scim.read`
-    - [ ] Verify these permissions have been removed using the [cg-scripts validate-admins.sh](https://github.com/18F/cg-scripts/blob/master/validate-admins.sh) run from a jumpbox
+  - [ ] Verify these permissions have been removed using the [cg-scripts validate-admins.sh](https://github.com/18F/cg-scripts/blob/master/validate-admins.sh) run from a jumpbox
 - [ ] Remove any Org or Space roles that their cloud.gov account holds due to membership in the cloud.gov team (for example, remove them from the `cloud-gov` and `cloud-gov-operators` organizations)
diff --git a/.github/ISSUE_TEMPLATE/onboard-team-member.md b/.github/ISSUE_TEMPLATE/onboard-team-member.md
index 19f6f51..2d0e44d 100644
--- a/.github/ISSUE_TEMPLATE/onboard-team-member.md
+++ b/.github/ISSUE_TEMPLATE/onboard-team-member.md
@@ -120,9 +120,7 @@ Add them to the following Google Groups:
 - [ ] [cloud.gov Team](https://groups.google.com/a/gsa.gov/g/cloud-gov/members) so they can participate in team-wide internal communication.
 - [ ] Business Unit Only - Add them to the [cloud.gov inquiries Google Group](https://groups.google.com/a/gsa.gov/g/cloud-gov-inquiries/members) so they can keep apprised of prospective new clients.
 
-And the following Google Space:
-
-- [ ] [CG-PRIV](https://mail.google.com/mail/u/0/#chat/space/AAAAr60JXAc), a fallback team communication channel in the event Slack is down.
+You will automatically be added to the Google Space [CG-PRIV](https://mail.google.com/mail/u/0/#chat/space/AAAAr60JXAc), a fallback team communication channel in the event Slack is down.
 
 They may need added to one or more of these team-specific groups:
 
@@ -133,5 +131,6 @@ They may need added to one or more of these team-specific groups:
 Lastly, for federal employees only:
 
 - [ ] [cloud.gov Federal Employees](https://groups.google.com/a/gsa.gov/g/cloud-gov-federal-employees/members)
+- [ ] Make them a Space Manager in [CG-PRIV](https://mail.google.com/mail/u/0/#chat/space/AAAAr60JXAc).
 
 </details>

From 59438b89664cb635899f01b91dcc54ab2c2f5c9f Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Mon, 29 Jan 2024 10:36:10 -0500
Subject: [PATCH 17/20] Shorten password reminder window so they don't expire
 before reminder

---
 .github/ISSUE_TEMPLATE/onboard-engineer.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index 7c7f00e..1178903 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -109,7 +109,7 @@ AWS user names should be identical across accounts so that permissions can be co
 - [ ] Create [AWS Accounts](https://cloud.gov/docs/ops/aws-onboarding/) by following [these instructions](https://github.com/cloud-gov/aws-admin/blob/main/docs/user_mgmt.md). These accounts should be setup as read-only at the start, and once the 3 mandatory cloud.gov trainings are complete they will be switched to full admin accounts and added to the [audit input file](https://github.com/cloud-gov/cg-compliance/blob/master/audit/inputs.yml):
   - [ ] AWS Commercial accounts
   - [ ] AWS GovCloud accounts
-  - [ ] Ensure new person has 60-day Google Calendar reminder to reset passwords
+  - [ ] Ensure new person creates a 55-day Google Calendar reminder to update passwords, which expire every 60 days
 - [ ] Add them to Nessus Manager via the GUI
   - [ ] Add them to the ScanAdmins team in Settings > Groups
 

From 942808ce3f6c6f15fc3f4c020811db762e790fa2 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Mon, 29 Jan 2024 10:43:38 -0500
Subject: [PATCH 18/20] Fix broken contingency plan link

---
 .github/ISSUE_TEMPLATE/onboard-compliance.md | 2 +-
 .github/ISSUE_TEMPLATE/onboard-engineer.md   | 2 +-
 .github/ISSUE_TEMPLATE/onboard-support.md    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-compliance.md b/.github/ISSUE_TEMPLATE/onboard-compliance.md
index a95f3be..090e95f 100644
--- a/.github/ISSUE_TEMPLATE/onboard-compliance.md
+++ b/.github/ISSUE_TEMPLATE/onboard-compliance.md
@@ -24,7 +24,7 @@ assignees: ""
 Engineers who are federal employees or staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following:
 
 - [ ] Coordinate with your onboarding buddy to schedule Contingency Planning training within 60 days. (and annually after that). This will cover the following document, which you should also review before or after training:
-  - [ ] Read the [Contingency Plan](https://docs.cloud.gov/ops/contingency-plan/).
+  - [ ] Read the [Contingency Plan](https://cloud.gov/docs/ops/contingency-plan/).
 - [ ] Coordinate with your onboarding buddy to schedule [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training:
   - [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/).
 
diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index 1178903..6fad395 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -24,7 +24,7 @@ assignees: ""
 Engineers who are federal employees or staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following:
 
 - [ ] Coordinate with your onboarding buddy to schedule Contingency Planning training within 60 days. (and annually after that). This will cover the following document, which you should also review before or after training:
-  - [ ] Read the [Contingency Plan](https://docs.cloud.gov/ops/contingency-plan/).
+  - [ ] Read the [Contingency Plan](https://cloud.gov/docs/ops/contingency-plan/).
 - [ ] Coordinate with your onboarding buddy to schedule [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training:
   - [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/).
 
diff --git a/.github/ISSUE_TEMPLATE/onboard-support.md b/.github/ISSUE_TEMPLATE/onboard-support.md
index a75d36f..cf42652 100644
--- a/.github/ISSUE_TEMPLATE/onboard-support.md
+++ b/.github/ISSUE_TEMPLATE/onboard-support.md
@@ -24,7 +24,7 @@ assignees: ""
 Engineers who are federal employees or staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following:
 
 - [ ] Coordinate with your onboarding buddy to schedule Contingency Planning training within 60 days. (and annually after that). This will cover the following document, which you should also review before or after training:
-  - [ ] Read the [Contingency Plan](https://docs.cloud.gov/ops/contingency-plan/).
+  - [ ] Read the [Contingency Plan](https://cloud.gov/docs/ops/contingency-plan/).
 - [ ] Coordinate with your onboarding buddy to schedule [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training:
   - [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/).
 

From 0e9d355a30bc75bb728ade7d6a297c11134070cd Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Mon, 29 Jan 2024 13:01:11 -0500
Subject: [PATCH 19/20] Remove link to AWS onboarding page with outdated
 information

---
 .github/ISSUE_TEMPLATE/onboard-compliance.md | 2 +-
 .github/ISSUE_TEMPLATE/onboard-engineer.md   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-compliance.md b/.github/ISSUE_TEMPLATE/onboard-compliance.md
index 090e95f..9c65b5b 100644
--- a/.github/ISSUE_TEMPLATE/onboard-compliance.md
+++ b/.github/ISSUE_TEMPLATE/onboard-compliance.md
@@ -101,7 +101,7 @@ Before starting this section, you must complete:
 
 AWS user names should be identical across accounts so that permissions can be correctly managed by Terraform.
 
-- [ ] Create [AWS Accounts](https://cloud.gov/docs/ops/aws-onboarding/) via the AWS web console (not Terraform) and provide one-time credentials - these will be setup with read-only/auditor permissions, and once the 3 mandatory cloud.gov trainings are complete they will be added to the [audit input file](https://github.com/cloud-gov/cg-compliance/blob/master/audit/inputs.yml):
+- [ ] Create AWS Accounts via the AWS web console (not Terraform) and provide one-time credentials - these will be setup with read-only/auditor permissions, and once the 3 mandatory cloud.gov trainings are complete they will be added to the [audit input file](https://github.com/cloud-gov/cg-compliance/blob/master/audit/inputs.yml):
   - [ ] AWS Commercial accounts
   - [ ] AWS GovCloud accounts
 - [ ] Add them to Nessus Manager via the GUI
diff --git a/.github/ISSUE_TEMPLATE/onboard-engineer.md b/.github/ISSUE_TEMPLATE/onboard-engineer.md
index 6fad395..fd629df 100644
--- a/.github/ISSUE_TEMPLATE/onboard-engineer.md
+++ b/.github/ISSUE_TEMPLATE/onboard-engineer.md
@@ -106,7 +106,7 @@ Before starting this section, you must complete:
 
 AWS user names should be identical across accounts so that permissions can be correctly managed by Terraform.
 
-- [ ] Create [AWS Accounts](https://cloud.gov/docs/ops/aws-onboarding/) by following [these instructions](https://github.com/cloud-gov/aws-admin/blob/main/docs/user_mgmt.md). These accounts should be setup as read-only at the start, and once the 3 mandatory cloud.gov trainings are complete they will be switched to full admin accounts and added to the [audit input file](https://github.com/cloud-gov/cg-compliance/blob/master/audit/inputs.yml):
+- [ ] Create AWS Accounts by following [these instructions](https://github.com/cloud-gov/aws-admin/blob/main/docs/user_mgmt.md). These accounts should be setup as read-only at the start, and once the 3 mandatory cloud.gov trainings are complete they will be switched to full admin accounts and added to the [audit input file](https://github.com/cloud-gov/cg-compliance/blob/master/audit/inputs.yml):
   - [ ] AWS Commercial accounts
   - [ ] AWS GovCloud accounts
   - [ ] Ensure new person creates a 55-day Google Calendar reminder to update passwords, which expire every 60 days

From 4e416a19ce97ef32ef91620342ad38cb5d65df52 Mon Sep 17 00:00:00 2001
From: James Hochadel <james.hochadel@gsa.gov>
Date: Tue, 30 Jan 2024 10:05:34 -0500
Subject: [PATCH 20/20] Small fixes from review with Sean

---
 .github/ISSUE_TEMPLATE/onboard-compliance.md | 2 +-
 .github/ISSUE_TEMPLATE/onboard-support.md    | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/ISSUE_TEMPLATE/onboard-compliance.md b/.github/ISSUE_TEMPLATE/onboard-compliance.md
index 9c65b5b..2b013a1 100644
--- a/.github/ISSUE_TEMPLATE/onboard-compliance.md
+++ b/.github/ISSUE_TEMPLATE/onboard-compliance.md
@@ -21,7 +21,7 @@ assignees: ""
     Federal employees and staff contractors, expand this section. Not applicable to project contractors.
   </summary>
 
-Engineers who are federal employees or staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following:
+Compliance staff who are federal employees or staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following:
 
 - [ ] Coordinate with your onboarding buddy to schedule Contingency Planning training within 60 days. (and annually after that). This will cover the following document, which you should also review before or after training:
   - [ ] Read the [Contingency Plan](https://cloud.gov/docs/ops/contingency-plan/).
diff --git a/.github/ISSUE_TEMPLATE/onboard-support.md b/.github/ISSUE_TEMPLATE/onboard-support.md
index cf42652..523bf32 100644
--- a/.github/ISSUE_TEMPLATE/onboard-support.md
+++ b/.github/ISSUE_TEMPLATE/onboard-support.md
@@ -51,9 +51,11 @@ very quickly, so your onboarding buddy will walk through this list with you at a
 
 Your onboarding buddy will add you to these Slack channels:
 
+- [ ] `#cg-aws-security` - private channel where bots post security notices
 - [ ] `#cg-incidents` - private channel for incident response
 - [ ] `#cg-ops-banter` - private channel for operations/engineering banter
 - [ ] `#cg-priv-all` - private channel for in-team discussion
+- [ ] `#cg-priv-compliance` - private channel for security and compliance discussions
 
 You will want to keep `#cg-support` unmuted so you are aware of requests from TTS-internal customers of cloud.gov.