Merge pull request #437 from GSA/0804-menu-link-fix

0804 menu and link fix
GSA · Aug 8, 2023 · ae4265b · ae4265b
2 parents 8fe5a5d + ce7f26b
commit ae4265b
Show file tree

Hide file tree

Showing 10 changed files with 29 additions and 26 deletions.
diff --git a/_config.yml b/_config.yml
@@ -72,7 +72,7 @@ primary_navigation:
       - name: Use Smart Cards with Applications
         url: /implement/outlook/
       - name: FIDO2 and Web Authentication (Coming Soon!)
-        url: /home/
+        url: /
       - name: FPKI Ecosystem Changes
         url: /fpki/notifications/
   - name: Coordination Functions

diff --git a/_partners/acquisition-professional.md b/_partners/acquisition-professional.md
@@ -29,15 +29,15 @@ The FICAM testing program – also known as the [Federal Information Processing
 The **Approved Products List (APL)** contains the official list of these tested products. There are currently two approved product cagtegories:
 
 1. [PIV Cards]({{site.baseurl}}/approved-products-list-piv/)
-2. [Physical Access Control Systems]({{site.baseurl}}/approved-products-list-pacs-products/)
+2. [Physical Access Control Systems]({{site.baseurl}}/fips201/#approved-products---physical-access-control-systems)
 
 **Why can't I find a category or product?**
 
-A product is removed when it has lost its certification due to security concerns. It is placed on the [Removed Products List (RPL)]({{site.baseurl}}/removed-products-list/). A category is deprecated after it has reached broad adoption or maturity. Any further testing is no longer needed (for example, card readers for logical access). A deprecated category is not the same as a removed product. Deprecated categories are [shared through a FIPS 201 Evaluation Program announcement]({{site.baseurl}}/fips201/fipsannouncements/). [Contact us]({{site.baseurl}}/contact-us/) if you’re unsure if a product is fit for government use.
+A product is removed when it has lost its certification due to security concerns. It is placed on the [Removed Products List (RPL)]({{site.baseurl}}/fips201/#removed-product-list). A category is deprecated after it has reached broad adoption or maturity. Any further testing is no longer needed (for example, card readers for logical access). A deprecated category is not the same as a removed product. Deprecated categories are [shared through a FIPS 201 Evaluation Program announcement]({{site.baseurl}}/fips201ep/#program-announcements). [Contact us]({{site.baseurl}}/contact-us/) if you’re unsure if a product is fit for government use.
 
 ## PACS Implementer Self-Assessment Toolkit
 
-The FIPS 201 Evaluation Program, in collaboration with the [PACS Modernization Working Group]({{site.baseurl}}/partners/ficam/#icamsc-working-groups){:target="_blank"}, created an operational self-assessment tool. The tool helps PACS implementers assess facility access systems that use PIV credentials. The assessment provides results to show alignment or disparity with FICAM and NIST guidelines.
+The FIPS 201 Evaluation Program, in collaboration with the [PACS Modernization Working Group]({{site.baseurl}}/ficam/#icamsc-working-groups){:target="_blank"}, created an operational self-assessment tool. The tool helps PACS implementers assess facility access systems that use PIV credentials. The assessment provides results to show alignment or disparity with FICAM and NIST guidelines.
 - [PACS Assessment Toolkit Version 1.0]({{site.baseurl}}/docs/fips201ep-pacs-self-tool.pdf){:target="_blank"}{:rel="noopener noreferrer"}
 
 # Services
@@ -48,12 +48,12 @@ The following organizations offer Identity, Credential, and Access Management se
 
 - [USAccess](https://fedidcard.gov/service.aspx){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} – Provides agencies with a PIV credentialing service.
 - [MAX.gov Authentication as a Service](https://portal.max.gov/portal/home){:target="_blank"}{:rel="noopener noreferrer"} – Single Sign-On (SSO) and 2-Factor Authentication as a Service with PIV credential integration.
-- [FPKI Shared Service Providers]({{site.baseurl}}/partners/trust-services/#government-identity-services) – Digital certificates for Federal agencies.
+- [FPKI Shared Service Providers]({{site.baseurl}}/trust-services/#government-identity-services) – Digital certificates for Federal agencies.
 
 ## Business Identity Services
 
-- [FPKI Individual Certificate Providers]({{site.baseurl}}/partners/trust-services/#non-government-pki-trust-framework) – Offers small numbers of digital certificates for business organizations and business persons, which are used to digitally sign documents and authenticate to a small number of government applications.
-- [Trust Services for Businesses]({{site.baseurl}}/partners/trust-services/#business-identity-services) – Approved identity and credentialing services for businesses, and which the government has approved for federated identity services.
+- [FPKI Individual Certificate Providers]({{site.baseurl}}/trust-services/#non-government-pki-trust-framework) – Offers small numbers of digital certificates for business organizations and business persons, which are used to digitally sign documents and authenticate to a small number of government applications.
+- [Trust Services for Businesses]({{site.baseurl}}/trust-services/#business-identity-services) – Approved identity and credentialing services for businesses, and which the government has approved for federated identity services.
 
 # FedRAMP
 

diff --git a/_partners/criteria-phishing.md b/_partners/criteria-phishing.md
@@ -97,7 +97,7 @@ product certification.
 
 6. Removal – If a vendor fails to provide accurate information or an issue is found that
 brings into question the security and resiliency, the product is moved to the [Removed
-Product List]({{site.baseurl}}/removed-products-list/) and the community is notified of its removal through idmanagement.gov,
+Product List]({{site.baseurl}}/fips201/#removed-product-list) and the community is notified of its removal through idmanagement.gov,
 ICAMSC, and Digital identity Community of Practice, as well as federal acquisition
 channels.
 

diff --git a/_partners/fips201-apl.md b/_partners/fips201-apl.md
@@ -126,7 +126,7 @@ Cycle 2 and 3 updates are moved to the front of the test queue once they are ins
 
 The Personal Identity Verification (PIV) cards listed below are approved for FICAM implementation under the FIPS 201 Evaluation Program. These are blank PIV cards available for purchase. A PIV service provider will personalize these blank cards for federal agencies and contractors. PIV service providers are required to use PIV cardstock from the Approved Products List (APL). 
 
-If you do not see a card below, it's possible it's on the [Removed Product List](#removed-products-list/).
+If you do not see a card below, it's possible it's on the [Removed Product List](#removed-product-list).
 
 Please note:
 

diff --git a/_playbooks/playbook-autopen.md b/_playbooks/playbook-autopen.md
@@ -51,7 +51,7 @@ This playbook outlines the process for an agency to implement a Digital Autopen
 2. [Define controls](#step-2-define-controls) to ensure the certificate and associated key are used only for the intended purpose. 
 3. [Obtain a role-based digital signature certificate](#step-3-obtain-a-digital-autopen-certificate) from a Federal Public Key Infrastructure (PKI) Shared Service Provider. 
 
-This playbook recommends using a role-based signature certificate issued to a hardware device (e.g., smart card, USB hardware device, or other FIPS–140 Level 2  certified hardware) from a [Federal PKI Certification Authority]({{site.baseurl}}/partners/trust-services/#government-identity-services){:target="_blank"}{:rel="noopener noreferrer"}. [Federal Agency Certification Authorities]({{site.baseurl}}/fpki/ca/#all-federal-pki-certification-authorities){:target="_blank"}{:rel="noopener noreferrer"} may also issue this certificate on their own. The digital autopen certificate can only digitally sign documents. An agency should consider additional controls to limit its use only to sign *Federal Register* documents. This playbook supports [OMB Circular A-130 goals](https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/OMB/circulars/a130/a130revised.pdf){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"}, including developing and implementing processes to support employee digital signatures.
+This playbook recommends using a role-based signature certificate issued to a hardware device (e.g., smart card, USB hardware device, or other FIPS–140 Level 2  certified hardware) from a [Federal PKI Certification Authority]({{site.baseurl}}/trust-services/#government-identity-services){:target="_blank"}{:rel="noopener noreferrer"}. [Federal Agency Certification Authorities]({{site.baseurl}}/fpki/ca/#all-federal-pki-certification-authorities){:target="_blank"}{:rel="noopener noreferrer"} may also issue this certificate on their own. The digital autopen certificate can only digitally sign documents. An agency should consider additional controls to limit its use only to sign *Federal Register* documents. This playbook supports [OMB Circular A-130 goals](https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/OMB/circulars/a130/a130revised.pdf){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"}, including developing and implementing processes to support employee digital signatures.
 
 Send any questions on the process to ICAM at gsa.gov. 
 
@@ -192,7 +192,7 @@ Due to unique agency risks, the working group identifies the below optional cont
 
 ## Step 3. Obtain a Digital Autopen Certificate
 
-A digital autopen certificate is available from any Federal PKI Shared Service Provider. [Federal Agency Legacy PKI]({{site.baseurl}}/fpki/ca/#all-federal-pki-certification-authorities){:target="_blank"}{:rel="noopener noreferrer"} may also issue this certificate for their agency. An agency must request a **ROLE-BASED SIGNATURE CERTIFICATE**. Check with your Homeland Security Presidential Directive-12 Security Office or PIV card issuer if they can issue a role-based certificate. Federal PKI Shared Service Providers are listed as government identity providers on [idmanagement.gov]({{site.baseurl}}/partners/trust-services/#government-identity-services){:target="_blank"}{:rel="noopener noreferrer"}. They provide Federal PKI certificates and PIV services.
+A digital autopen certificate is available from any Federal PKI Shared Service Provider. [Federal Agency Legacy PKI]({{site.baseurl}}/fpki/ca/#all-federal-pki-certification-authorities){:target="_blank"}{:rel="noopener noreferrer"} may also issue this certificate for their agency. An agency must request a **ROLE-BASED SIGNATURE CERTIFICATE**. Check with your Homeland Security Presidential Directive-12 Security Office or PIV card issuer if they can issue a role-based certificate. Federal PKI Shared Service Providers are listed as government identity providers on [idmanagement.gov]({{site.baseurl}}/trust-services/#government-identity-services){:target="_blank"}{:rel="noopener noreferrer"}. They provide Federal PKI certificates and PIV services.
 
 While OFR accepts any Federal PKI digital signature certificate, this playbook recommends a hardware-based certificate issued to a FIPS-140 Level 2 certified hardware device such as a visually distinct, approved smart card or USB device such as a FIDO authenticator. Below are examples of the Common Name used in digital autopen certificates.