Classification: corrections

docs/roles-policies/classification/index.adoc

@@ -9,6 +9,8 @@ compliance:
             description: 'Example demonstrating use of policy rules to enforce classification requirements'
         '5.14':
             description: 'Description of an idea for limiting access to internal information using classification scheme'
+        '5.16':
+            description: 'Management of user clearances'
 ---
 = Information Classification and Clearances
 :page-toc: top
@@ -301,7 +303,12 @@ E.g. certify access to category III systems every 6 months, certify access to ca
 // TODO: create an example for this, after 4.9 when new certification settles in.
 // TODO: Refer from ISO 27001 5.13
 
-* As classifications (labels) and clearances are assigned to relevant objects using ordinary feature:assignment[assignments], feature:access-certification[access certification] features can be used to regularly re-certify the classifications and clearances. Furthermore, the feature:schema-activation[activation mechanisms] of the assignment can be used to assign clearances for a limited time period.
+* As clearances are assigned to users using ordinary feature:assignment[assignments], feature:access-certification[access certification] features can be used to regularly re-certify the  clearances. Furthermore, the feature:schema-activation[activation mechanisms] of the assignment can be used to assign clearances for a limited time period.
+// TODO: create an example for this, after 4.9 when new certification settles in.
+// TODO: Refer from ISO 27001 5.6
+
+// TODO * As classifications (labels) are assigned to relevant objects using ordinary feature:assignment[assignments], feature:access-certification[access certification] features can be used to regularly re-certify the classifications.
+// TODO: we need ability to replace assignment in certification, not just removal of assignment
 // TODO: create an example for this, after 4.9 when new certification settles in.
 // TODO: Refer from ISO 27001 5.12