From 6d701b7e5094d8ad277a54e2dec77ada44a80601 Mon Sep 17 00:00:00 2001
From: maxwellfunk <57905080+maxwellfunk@users.noreply.github.com>
Date: Thu, 3 Aug 2023 11:03:50 -0400
Subject: [PATCH 1/9] Update fpki.md

remove duplication in policy table
---
 _ficampmo/fpki.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_ficampmo/fpki.md b/_ficampmo/fpki.md
index 577fa506f..184fff66c 100644
--- a/_ficampmo/fpki.md
+++ b/_ficampmo/fpki.md
@@ -41,7 +41,7 @@ The [FPKI Policy Authority (FPKIPA)]({{site.baseurl}}/ficam/#federal-public-key-
 | Federal PKI Policy | Policy Name | Profile | Change Proposals |
 | -------------- | ----------- | ------- | ---------------- |
 | Federal Common Policy | [X.509 Certificate Policy for the U.S. FPKI Common Policy Framework v2.5]({{site.baseurl}}/docs/fpki-x509-cert-policy-common.pdf){:target="_blank"}{:rel="noopener noreferrer"} | [Common Policy X.509 Certificate and CRL Profiles v2.2]({{site.baseurl}}/docs/fpki-x509-cert-profile-common.pdf){:target="_blank"}{:rel="noopener noreferrer"}  | [Common Change Proposals]({{site.baseurl}}/governance/fpkiarchive/) |
-| Federal Bridge | [X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) v3.1]({{site.baseurl}}/docs/fpki-x509-cert-policy-fbca.pdf){:target="_blank"}{:rel="noopener noreferrer"} <br><br> [X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) v3.2]({{site.baseurl}}/docs/fpki-x509-cert-policy-fbca.pdf){:target="_blank"}{:rel="noopener noreferrer"} <br><br> and [PIV-I for Federal Agencies]({{site.baseurl}}/playbooks/pivi/){:target="_blank"}{:rel="noopener noreferrer"} | [Federal Bridge Certification Authority (FBCA) X.509 Certificate and CRL Extensions Profile v2.0]({{site.baseurl}}/docs/fpki-x509-cert-profiles-fbca.pdf){:target="_blank"}{:rel="noopener noreferrer"} <br><br> [Federal Bridge Certification Authority (FBCA) X.509 Certificate and CRL Extensions Profile v2.0]({{site.baseurl}}/docs/fpki-x509-cert-profiles-fbca.pdf){:target="_blank"}{:rel="noopener noreferrer"} | [Bridge Change Proposals]({{site.baseurl}}/governance/fpkiarchive/) <br><br> [Bridge Change Proposals]({{site.baseurl}}/governance/fpkiarchive/) |
+| Federal Bridge | [X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) v3.2]({{site.baseurl}}/docs/fpki-x509-cert-policy-fbca.pdf){:target="_blank"}{:rel="noopener noreferrer"} <br><br> and [PIV-I for Federal Agencies]({{site.baseurl}}/playbooks/pivi/){:target="_blank"}{:rel="noopener noreferrer"} | [Federal Bridge Certification Authority (FBCA) X.509 Certificate and CRL Extensions Profile v2.0]({{site.baseurl}}/docs/fpki-x509-cert-profiles-fbca.pdf){:target="_blank"}{:rel="noopener noreferrer"} | [Bridge Change Proposals]({{site.baseurl}}/governance/fpkiarchive/) |
 | Federal Public Trust TLS | [U.S. Federal Public Trust TLS PKI Certificate Policy v1.1]({{site.baseurl}}/docs/us-federal-public-trust-tls-cp.pdf){:target="_blank"}{:rel="noopener noreferrer"} | Profiles are included in Section 7 of the Policy | No change proposals |
 
 The FPKI has the following supplementary guidance:
@@ -241,4 +241,4 @@ A blank category indicates no updates in the previous three years. If you seek a
       {% endfor %} <!--docs-->
     {% endfor %}<!--category-->
   </tbody>
-</table>
\ No newline at end of file
+</table>

From 96498e0ad2278d9cec58fb25bdd839ee168755c8 Mon Sep 17 00:00:00 2001
From: maxwellfunk <57905080+maxwellfunk@users.noreply.github.com>
Date: Thu, 3 Aug 2023 11:17:15 -0400
Subject: [PATCH 2/9] Update fpki.md

updated the policy table to remove outdated information.

added a sub-section on incident reporting.
---
 _ficampmo/fpki.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/_ficampmo/fpki.md b/_ficampmo/fpki.md
index 184fff66c..fcb7be0cb 100644
--- a/_ficampmo/fpki.md
+++ b/_ficampmo/fpki.md
@@ -17,6 +17,8 @@ subnav:
     href: '#compliance-test-tools-for-annual-reviews'
   - text: Audit Information for the FPKI Management Authority
     href: '#audit-information-for-the-fpki-management-authority'
+  - text: Report an Incident
+    href: '#report-an-incident'
   # - text: Federal PKI Monthly Activity Report
   #   href: '#federal-pki-monthly-activity-report'
   - text: Federal PKI Document Archive
@@ -130,6 +132,14 @@ The FPKIMA Certification Practice Statement (CPS) documents the operational prac
 - [U.S. FPKI Audit Letter of Compliance (PDF, September 2022)]({{site.baseurl}}/docs/fpki-fpkima-audit-letter.pdf){:target="_blank"}{:rel="noopener noreferrer"} – Results of the 2020-2021 Compliance Audit for the FPKI Trust Infrastructure Systems.
 - [FPKI Trust Infrastructure “HTTP.FPKI.Gov” URL Site Map (PDF, September 2022)]({{site.baseurl}}/docs/fpki-fpkima-sitemap.pdf){:target="_blank"}{:rel="noopener noreferrer"}
 
+# Report an Incident
+FPKI affiliates include federal agencies and commercial service providers operating a certification authority certified by the Federal PKI Policy Authority. FPKI affiliate responsibilities related to the incident management process include:
+1. Communicating security incidents involving infrastructures or services to the FPKI Authorities, users/customers, and known relying parties.
+2. Providing additional investigation support and/or information about incidents to the FPKI Authorities as they become known, and
+3. Conducting remediation activities once an incident is confirmed.
+
+To report an incident please contact both fpki at gsa dot gov and  fpki-help at gsa dot gov, and include any relevant known information on the incident up to that point.  Further information will be requested from the affiliate per the [FPKI Incident Management Plan]({{site.baseurl}}/docs/fpki-imp.pdf){:target="_blank"}{:rel="noopener noreferrer"}.
+
 <!-- # Federal PKI Monthly Activity Report
 
 Updated: May 3, 2023 

From 24cc6dc211319c75a8ad5360a723fae08e22d789 Mon Sep 17 00:00:00 2001
From: maxwellfunk <57905080+maxwellfunk@users.noreply.github.com>
Date: Thu, 3 Aug 2023 11:24:05 -0400
Subject: [PATCH 3/9] Update fpki.md

Fix text preceding policy table to reflect 3 policies.
---
 _ficampmo/fpki.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_ficampmo/fpki.md b/_ficampmo/fpki.md
index fcb7be0cb..ff6de12f9 100644
--- a/_ficampmo/fpki.md
+++ b/_ficampmo/fpki.md
@@ -38,7 +38,7 @@ The Federal Public Key Infrastructure (FPKI) provides the government with a trus
 - [FPKI 101]({{site.baseurl}}/university/fpki/)
 - [PIV 101]({{site.baseurl}}/university/piv/)
 
-The [FPKI Policy Authority (FPKIPA)]({{site.baseurl}}/ficam/#federal-public-key-infrastructure-policy-authority) maintains three certificate policies (the Common Policy Framework and the Federal Bridge). All cross-certified CA certificate policies are mapped to the Federal Bridge certificate policy.
+The [FPKI Policy Authority (FPKIPA)]({{site.baseurl}}/ficam/#federal-public-key-infrastructure-policy-authority) maintains three certificate policies (the Common Policy Framework, the Federal Bridge Certification Authority Certificate Policy, and the Federal Public Trust TLS Certificate Policy). All cross-certified CA certificate policies are mapped to the Federal Bridge certificate policy.
 
 | Federal PKI Policy | Policy Name | Profile | Change Proposals |
 | -------------- | ----------- | ------- | ---------------- |

From 03a66b46f15a46bd836b3b9d8d8caac2455dc1d4 Mon Sep 17 00:00:00 2001
From: maxwellfunk <57905080+maxwellfunk@users.noreply.github.com>
Date: Thu, 3 Aug 2023 11:29:43 -0400
Subject: [PATCH 4/9] Update introduction.md

adding a link to the p7b output of the crawler as it is very useful for relying parties, especially OCSP admins.
---
 _implement/introduction.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/_implement/introduction.md b/_implement/introduction.md
index b1337fe9d..566cdd193 100644
--- a/_implement/introduction.md
+++ b/_implement/introduction.md
@@ -49,9 +49,10 @@ ICAM can leverage a number of open source protocols for interoperability and dat
 
 1. Federal PKI Validation
    1. [FPKI Ecosytem Changes]({{site.baseurl}}/fpki/notifications) - This page contains three sets of information.
-      1. [FPKI Graph]({{site.baseurl}}/fpki/notifications/#fpki-graph) - The FPKI Graph displays the relationships between the certification authorities in the Federal PKI (FPKI) ecosystem
-      2. [PIV Issuer Information]({{site.baseurl}}/fpki/notifications/#piv-issuer-information) - List of active PIV issuing CAs with end entity certificate distribution points.
-      3. [FPKI System Change and Notification]({{site.baseurl}}/fpki/notifications/#notifications) - List of changes to FPKI CA endpoint URL such as Certificate Revocation List Distribution Points, Online Certificate Status Protocol (OCSP) endpoints and other CA certificate activity.
+      1. [FPKI Graph]({{site.baseurl}}/fpki/notifications/#fpki-graph) - The FPKI Graph displays the relationships between the certification authorities in the Federal PKI (FPKI) ecosystem.
+      2. [FPKI Certificate Bundle]({{site.baseurl}}/_implement/tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b){:target="_blank"}{:rel="noopener noreferrer"} - A certificate bundle in .p7b format that contains all CA certificfates that chain to the Common Policy CA and can be viewed in the FPKI Graph.
+      3. [PIV Issuer Information]({{site.baseurl}}/fpki/notifications/#piv-issuer-information) - List of active PIV issuing CAs with end entity certificate distribution points.
+      4. [FPKI System Change and Notification]({{site.baseurl}}/fpki/notifications/#notifications) - List of changes to FPKI CA endpoint URL such as Certificate Revocation List Distribution Points, Online Certificate Status Protocol (OCSP) endpoints and other CA certificate activity.
    2. [Personal Identify Verification (PIV) Cert Validator Tool](https://pv.test.max.gov/){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} - The PIV Certificate Validator is a website application hosted by Max.gov that verifies the certificates found on a PIV card. This tool is helpful in troubleshooting browser authentication issues.
    3. [FPKI Trust Infrastructure “HTTP.FPKI.Gov” URL Site Map (PDF, September 2022)]({{site.baseurl}}/docs/fpki-fpkima-sitemap.pdf){:target="_blank"}{:rel="noopener noreferrer"} - A consolidated list of public repository information for FPKI resources.
 2. Federal PKI Deep Analysis

From e479a21a077a950c59b76c9288f2339e59f1c15f Mon Sep 17 00:00:00 2001
From: maxwellfunk <57905080+maxwellfunk@users.noreply.github.com>
Date: Thu, 3 Aug 2023 11:35:56 -0400
Subject: [PATCH 5/9] Update fpki.md

fixing links to the change proposals in the document archive within the policy table
---
 _ficampmo/fpki.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/_ficampmo/fpki.md b/_ficampmo/fpki.md
index ff6de12f9..1ebdc0228 100644
--- a/_ficampmo/fpki.md
+++ b/_ficampmo/fpki.md
@@ -42,8 +42,8 @@ The [FPKI Policy Authority (FPKIPA)]({{site.baseurl}}/ficam/#federal-public-key-
 
 | Federal PKI Policy | Policy Name | Profile | Change Proposals |
 | -------------- | ----------- | ------- | ---------------- |
-| Federal Common Policy | [X.509 Certificate Policy for the U.S. FPKI Common Policy Framework v2.5]({{site.baseurl}}/docs/fpki-x509-cert-policy-common.pdf){:target="_blank"}{:rel="noopener noreferrer"} | [Common Policy X.509 Certificate and CRL Profiles v2.2]({{site.baseurl}}/docs/fpki-x509-cert-profile-common.pdf){:target="_blank"}{:rel="noopener noreferrer"}  | [Common Change Proposals]({{site.baseurl}}/governance/fpkiarchive/) |
-| Federal Bridge | [X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) v3.2]({{site.baseurl}}/docs/fpki-x509-cert-policy-fbca.pdf){:target="_blank"}{:rel="noopener noreferrer"} <br><br> and [PIV-I for Federal Agencies]({{site.baseurl}}/playbooks/pivi/){:target="_blank"}{:rel="noopener noreferrer"} | [Federal Bridge Certification Authority (FBCA) X.509 Certificate and CRL Extensions Profile v2.0]({{site.baseurl}}/docs/fpki-x509-cert-profiles-fbca.pdf){:target="_blank"}{:rel="noopener noreferrer"} | [Bridge Change Proposals]({{site.baseurl}}/governance/fpkiarchive/) |
+| Federal Common Policy | [X.509 Certificate Policy for the U.S. FPKI Common Policy Framework v2.5]({{site.baseurl}}/docs/fpki-x509-cert-policy-common.pdf){:target="_blank"}{:rel="noopener noreferrer"} | [Common Policy X.509 Certificate and CRL Profiles v2.2]({{site.baseurl}}/docs/fpki-x509-cert-profile-common.pdf){:target="_blank"}{:rel="noopener noreferrer"}  | [Common Change Proposals]({{site.baseurl}}/fpki/#federal-pki-document-archive) |
+| Federal Bridge | [X.509 Certificate Policy for the Federal Bridge Certification Authority (FBCA) v3.2]({{site.baseurl}}/docs/fpki-x509-cert-policy-fbca.pdf){:target="_blank"}{:rel="noopener noreferrer"} <br><br> and [PIV-I for Federal Agencies]({{site.baseurl}}/playbooks/pivi/){:target="_blank"}{:rel="noopener noreferrer"} | [Federal Bridge Certification Authority (FBCA) X.509 Certificate and CRL Extensions Profile v2.0]({{site.baseurl}}/docs/fpki-x509-cert-profiles-fbca.pdf){:target="_blank"}{:rel="noopener noreferrer"} | [Bridge Change Proposals]({{site.baseurl}}/fpki/#federal-pki-document-archive) |
 | Federal Public Trust TLS | [U.S. Federal Public Trust TLS PKI Certificate Policy v1.1]({{site.baseurl}}/docs/us-federal-public-trust-tls-cp.pdf){:target="_blank"}{:rel="noopener noreferrer"} | Profiles are included in Section 7 of the Policy | No change proposals |
 
 The FPKI has the following supplementary guidance:

From f29bc8de71c54d16bd1d843419a9d0f45fcdea5c Mon Sep 17 00:00:00 2001
From: maxwellfunk <57905080+maxwellfunk@users.noreply.github.com>
Date: Thu, 3 Aug 2023 11:37:45 -0400
Subject: [PATCH 6/9] Update introduction.md

fix link to p7b
---
 _implement/introduction.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_implement/introduction.md b/_implement/introduction.md
index 566cdd193..d5da52e96 100644
--- a/_implement/introduction.md
+++ b/_implement/introduction.md
@@ -50,7 +50,7 @@ ICAM can leverage a number of open source protocols for interoperability and dat
 1. Federal PKI Validation
    1. [FPKI Ecosytem Changes]({{site.baseurl}}/fpki/notifications) - This page contains three sets of information.
       1. [FPKI Graph]({{site.baseurl}}/fpki/notifications/#fpki-graph) - The FPKI Graph displays the relationships between the certification authorities in the Federal PKI (FPKI) ecosystem.
-      2. [FPKI Certificate Bundle]({{site.baseurl}}/_implement/tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b){:target="_blank"}{:rel="noopener noreferrer"} - A certificate bundle in .p7b format that contains all CA certificfates that chain to the Common Policy CA and can be viewed in the FPKI Graph.
+      2. [FPKI Certificate Bundle](_implement/tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b){:target="_blank"}{:rel="noopener noreferrer"} - A certificate bundle in .p7b format that contains all CA certificfates that chain to the Common Policy CA and can be viewed in the FPKI Graph.
       3. [PIV Issuer Information]({{site.baseurl}}/fpki/notifications/#piv-issuer-information) - List of active PIV issuing CAs with end entity certificate distribution points.
       4. [FPKI System Change and Notification]({{site.baseurl}}/fpki/notifications/#notifications) - List of changes to FPKI CA endpoint URL such as Certificate Revocation List Distribution Points, Online Certificate Status Protocol (OCSP) endpoints and other CA certificate activity.
    2. [Personal Identify Verification (PIV) Cert Validator Tool](https://pv.test.max.gov/){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} - The PIV Certificate Validator is a website application hosted by Max.gov that verifies the certificates found on a PIV card. This tool is helpful in troubleshooting browser authentication issues.

From 89a4aae9592040b6fb2a244184ef6dce015b507b Mon Sep 17 00:00:00 2001
From: maxwellfunk <57905080+maxwellfunk@users.noreply.github.com>
Date: Thu, 3 Aug 2023 11:43:42 -0400
Subject: [PATCH 7/9] Update introduction.md

fix p7b link
---
 _implement/introduction.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_implement/introduction.md b/_implement/introduction.md
index d5da52e96..8e07c89b8 100644
--- a/_implement/introduction.md
+++ b/_implement/introduction.md
@@ -50,7 +50,7 @@ ICAM can leverage a number of open source protocols for interoperability and dat
 1. Federal PKI Validation
    1. [FPKI Ecosytem Changes]({{site.baseurl}}/fpki/notifications) - This page contains three sets of information.
       1. [FPKI Graph]({{site.baseurl}}/fpki/notifications/#fpki-graph) - The FPKI Graph displays the relationships between the certification authorities in the Federal PKI (FPKI) ecosystem.
-      2. [FPKI Certificate Bundle](_implement/tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b){:target="_blank"}{:rel="noopener noreferrer"} - A certificate bundle in .p7b format that contains all CA certificfates that chain to the Common Policy CA and can be viewed in the FPKI Graph.
+      2. [FPKI Certificate Bundle]({{site.baseurl}}/implement/tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b){:target="_blank"}{:rel="noopener noreferrer"} - A certificate bundle in .p7b format that contains all CA certificfates that chain to the Common Policy CA and can be viewed in the FPKI Graph.
       3. [PIV Issuer Information]({{site.baseurl}}/fpki/notifications/#piv-issuer-information) - List of active PIV issuing CAs with end entity certificate distribution points.
       4. [FPKI System Change and Notification]({{site.baseurl}}/fpki/notifications/#notifications) - List of changes to FPKI CA endpoint URL such as Certificate Revocation List Distribution Points, Online Certificate Status Protocol (OCSP) endpoints and other CA certificate activity.
    2. [Personal Identify Verification (PIV) Cert Validator Tool](https://pv.test.max.gov/){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} - The PIV Certificate Validator is a website application hosted by Max.gov that verifies the certificates found on a PIV card. This tool is helpful in troubleshooting browser authentication issues.

From 4618c074228db4ce37b5973a4633b6cb90f2a264 Mon Sep 17 00:00:00 2001
From: maxwellfunk <57905080+maxwellfunk@users.noreply.github.com>
Date: Thu, 3 Aug 2023 11:50:07 -0400
Subject: [PATCH 8/9] Update introduction.md

update the description of the validation section to appropriately reflect the p7b addition
---
 _implement/introduction.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/_implement/introduction.md b/_implement/introduction.md
index 8e07c89b8..6b9fee8ac 100644
--- a/_implement/introduction.md
+++ b/_implement/introduction.md
@@ -48,11 +48,11 @@ The majority of engineering guides are focused on helping agencies configure PIV
 ICAM can leverage a number of open source protocols for interoperability and data transfer. The Federal PKI is also a large, distributed ecosystem of over 180 certification authorities. Each certification authority operate independently which presents a challenge in trying to troubleshoot why a PIV card can't validate. This is a list of tools to help troubleshoot ICAM issues.
 
 1. Federal PKI Validation
-   1. [FPKI Ecosytem Changes]({{site.baseurl}}/fpki/notifications) - This page contains three sets of information.
+   1. [FPKI Ecosytem Changes]({{site.baseurl}}/fpki/notifications) - This page contains three distinct pages of information as well as an associated certificate bundle.
       1. [FPKI Graph]({{site.baseurl}}/fpki/notifications/#fpki-graph) - The FPKI Graph displays the relationships between the certification authorities in the Federal PKI (FPKI) ecosystem.
-      2. [FPKI Certificate Bundle]({{site.baseurl}}/implement/tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b){:target="_blank"}{:rel="noopener noreferrer"} - A certificate bundle in .p7b format that contains all CA certificfates that chain to the Common Policy CA and can be viewed in the FPKI Graph.
-      3. [PIV Issuer Information]({{site.baseurl}}/fpki/notifications/#piv-issuer-information) - List of active PIV issuing CAs with end entity certificate distribution points.
-      4. [FPKI System Change and Notification]({{site.baseurl}}/fpki/notifications/#notifications) - List of changes to FPKI CA endpoint URL such as Certificate Revocation List Distribution Points, Online Certificate Status Protocol (OCSP) endpoints and other CA certificate activity.
+      2. [PIV Issuer Information]({{site.baseurl}}/fpki/notifications/#piv-issuer-information) - List of active PIV issuing CAs with end entity certificate distribution points.
+      3. [FPKI System Change and Notification]({{site.baseurl}}/fpki/notifications/#notifications) - List of changes to FPKI CA endpoint URL such as Certificate Revocation List Distribution Points, Online Certificate Status Protocol (OCSP) endpoints and other CA certificate activity.
+      4. [FPKI Certificate Bundle]({{site.baseurl}}/implement/tools/CACertificatesValidatingToFederalCommonPolicyG2.p7b){:target="_blank"}{:rel="noopener noreferrer"} - A certificate bundle in .p7b format that contains all CA certificfates that chain to the Common Policy CA and can be viewed in the FPKI Graph.
    2. [Personal Identify Verification (PIV) Cert Validator Tool](https://pv.test.max.gov/){:target="_blank"}{:rel="noopener noreferrer"}{:class="usa-link usa-link--external"} - The PIV Certificate Validator is a website application hosted by Max.gov that verifies the certificates found on a PIV card. This tool is helpful in troubleshooting browser authentication issues.
    3. [FPKI Trust Infrastructure “HTTP.FPKI.Gov” URL Site Map (PDF, September 2022)]({{site.baseurl}}/docs/fpki-fpkima-sitemap.pdf){:target="_blank"}{:rel="noopener noreferrer"} - A consolidated list of public repository information for FPKI resources.
 2. Federal PKI Deep Analysis

From 1f4c3aea29d5dfd9bb2932f44abcb8d4a9af8a5b Mon Sep 17 00:00:00 2001
From: maxwellfunk <57905080+maxwellfunk@users.noreply.github.com>
Date: Thu, 3 Aug 2023 12:54:25 -0400
Subject: [PATCH 9/9] Update fpki.md

remove the old, less descriptive incident report note.
---
 _ficampmo/fpki.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/_ficampmo/fpki.md b/_ficampmo/fpki.md
index 1ebdc0228..8ed3ed727 100644
--- a/_ficampmo/fpki.md
+++ b/_ficampmo/fpki.md
@@ -53,7 +53,6 @@ The FPKI has the following supplementary guidance:
 - [Registration Authority Agreement Template v1.0 (Word, April 2017)]({{site.baseurl}}/docs/fpki-ssp-raa.docx){:target="_blank"}{:rel="noopener noreferrer"} - The purpose of this document is to identify and explain the roles and responsibilities of an enrollment/registration agent under the Federal PKI COMMON Policy Framework.
 - [FPKI Incident Management Plan (PDF, September 2020)]({{site.baseurl}}/docs/fpki-imp.pdf){:target="_blank"}{:rel="noopener noreferrer"} - This document provides guidance on the roles and responsibilities applicable to the FPKI Policy Authority (FPKIPA), FPKI Management Authority (FPKIMA), and FPKI affiliates in the event of an incident. 
 - [Archived copies of Certificate Polices, Profiles, and other FPKI-related documents]({{site.baseurl}}/fpki/#federal-pki-document-archive) - This pages contains three years of FPKI-related documents.
-- **Report an Incident:** To report a potential key compromise, security incident, or fraud, waste, or abuse involving Federal PKI certificates, please contact fpki-help at gsa.gov with supporting evidence of the incident.  
 
 
 # Annual Review Requirements for All Certification Authorities
@@ -138,7 +137,7 @@ FPKI affiliates include federal agencies and commercial service providers operat
 2. Providing additional investigation support and/or information about incidents to the FPKI Authorities as they become known, and
 3. Conducting remediation activities once an incident is confirmed.
 
-To report an incident please contact both fpki at gsa dot gov and  fpki-help at gsa dot gov, and include any relevant known information on the incident up to that point.  Further information will be requested from the affiliate per the [FPKI Incident Management Plan]({{site.baseurl}}/docs/fpki-imp.pdf){:target="_blank"}{:rel="noopener noreferrer"}.
+To report a security incident, such as a key compromise, data breach, or other fraud waste or abuse regarding FPKI CAs or certificates, please contact both fpki at gsa dot gov and  fpki-help at gsa dot gov, and include any relevant known information on the incident up to that point.  Further information will be requested from the affiliate per the [FPKI Incident Management Plan]({{site.baseurl}}/docs/fpki-imp.pdf){:target="_blank"}{:rel="noopener noreferrer"}.
 
 <!-- # Federal PKI Monthly Activity Report