Build cleanup

OpenShift-v3/Makefile

@@ -30,9 +30,8 @@ serve: exports
 exports: opencontrols
 	${CM} docs gitbook FedRAMP-low
 
-#opencontrols: opencontrol.yaml policies/*/.yaml
 opencontrols: opencontrol.yaml 
-	${CM} get
+	-${CM} get
 
 coverage:
 	${CM} diff FedRAMP-low
@@ -42,3 +41,6 @@ fedramp: default
 
 fedramp-diff:
 	${GOPATH}/bin/fedramp-templater diff opencontrols/ FedRAMP_Template/FedRAMP-System-Security-Plan-Template-v2.1.docx
+
+checks:
+	yamllint policies/

OpenShift-v3/policies/AT-Awareness_and_Training/component.yaml

@@ -1,3 +1,4 @@
+---
 documentation_complete: false
 name: Awareness and Training
 schema_version: 3.0.0
@@ -10,21 +11,25 @@ satisfies:
   narrative:
     - key: 'a'
       text: |
-        '<The customer will be responsible for developing, documenting, and
+        '//*
+        The customer will be responsible for developing, documenting, and
         disseminating Security Awareness and Training policy and procedures.
         A successful control response will need to address the content of the
-        policy (which must include purpose, scope, roles, responsibilities, 
+        policy (which must include purpose, scope, roles, responsibilities,
         management commitment, coordination, and compliance) and procedures
         (which must facilitate the implementation of the policies and
-        associated controls).>'
+        associated controls).
+        */'
     - key: 'b'
       text: |
-        '<The customer will be responsible for reviewing and updating the
+        '//*
+        The customer will be responsible for reviewing and updating the
         Security Awareness and Training policy every 3 years, and procedures
         annually. A successful control response will need to address the
         review and update process, including the role(s) responsible for
         initiating the review process, updating the policy and procedures,
-        and providing approval of the updates.>'
+        and providing approval of the updates.
+        */'
 
 - control_key: AT-2
   standard_key: NIST-800-53
@@ -33,36 +38,44 @@ satisfies:
   narrative:
     - key: 'a'
       text: |
-        '<The customer will be responsible for providing basic security
+        '//*
+        The customer will be responsible for providing basic security
         awareness training as part of initial training. A successful control
         response will outline the content of the training and will discuss the
-        process for ensuring that all users undergo the required training.>'
+        process for ensuring that all users undergo the required training.
+        */'
     - key: 'b'
       text: |
-        '<The customer will be responsible for providing updated basic security
+        '//*
+        The customer will be responsible for providing updated basic security
         awareness training as required by information system changes. A
         succesful control response will discuss the process for determining
         what information system changes require updated training, how the
         training content is updated, and how users are notified of the need for
-        re-training.>'
+        re-training.
+        */'
     - key: 'c'
       text: |
-        '<The customer will be responsible for refreshing the basic security
-        awareness training annually. A successful control response will 
+        '//*
+        The customer will be responsible for refreshing the basic security
+        awareness training annually. A successful control response will
         discuss the process for ensuring that all users undergo the required
-        re-trianing.>'
+        re-trianing.
+        */'
 
 - control_key: AT-2 (2)
   standard_key: NIST-800-53
   covered_by: []
   implimentation_status: none
   narrative:
     - text: |
-        '<The customer will be responsible for including information about
+        '//*
+        The customer will be responsible for including information about
         indicators of insider threat in security awareness training materials.
         A successful control response will summarize potential indicators of
         insider threat and outline the process for reporting them to appropriate
-        organizational officials.>'
+        organizational officials.
+        */'
 
 - control_key: AT-3
   standard_key: NIST-800-53
@@ -71,25 +84,31 @@ satisfies:
   narrative:
     - key: 'a'
       text: |
-        '<The customer will be responsible for providing role-based security
+        '//*
+        The customer will be responsible for providing role-based security
         training prior to users commencing work on their system. A successful
         control response will outline the content of the training (including
         how the content varies by assigned role) and will discuss the process
         for ensuring that all users undergo the required training for their
-        roles.>'
+        roles.
+        */'
     - key: 'b'
       text: |
-        '<The customer will be responsible for providing updated role-based
+        '//*
+        The customer will be responsible for providing updated role-based
         security training as required by information system changes. A
         successful control response will discuss the process for determining
         what information system changes require updated training, how the
         training content is updated, and hw users are notified of the need
-        for re-training.>'
+        for re-training.
+        */'
     - key: 'c'
       text: |
-        '<The custmoer will be responsible for refreshing role-based security
+        '//*
+        The custmoer will be responsible for refreshing role-based security
         training annually. A successful control response will discuss the
-        process for ensuring that all users undergo the required re-training.>'
+        process for ensuring that all users undergo the required re-training.
+        */'
 
 - control_key: AT-4
   standard_key: NIST-800-53
@@ -98,13 +117,17 @@ satisfies:
   narrative:
     - key: 'a'
       text: |
-        '<The customer will be responsible for tracking successful completion
+        '//*
+        The customer will be responsible for tracking successful completion
         of basic security awareness training and role-based training
         security training activities. A successful control response will discuss
-        the process or system used to monitor and document completion of 
-        training for each user.>'
+        the process or system used to monitor and document completion of
+        training for each user.
+        */'
     - key: 'b'
       text: |
-        '<The customer will be responsible for retaining training records for
+        '//*
+        The customer will be responsible for retaining training records for
         the required timeframe. A successful control response will outline the
-        methods by which required retention is achieved.>'
+        methods by which required retention is achieved.
+        */'