(DOCSP-16486) FedRAMP IAM Phase 2 (#16)

* (DOCSP-16486) FedRAMP IAM Phase 2

Author: zach-carr

snooty.toml

@@ -3,7 +3,10 @@ title = "MongoDB Atlas for Government"
 
 intersphinx = ["https://docs.mongodb.com/manual/objects.inv","https://docs.atlas.mongodb.com/objects.inv"]
 
-toc_landing_pages = ["/tutorial/getting-started"]
+toc_landing_pages = [
+  "/tutorial/getting-started",
+  "/security"
+]
 
 [constants]
 aws-pl = "AWS PrivateLink"

source/api/configure.txt

@@ -1,6 +1,6 @@
-=============================
-Configure CloudGov API Access
-=============================
+=====================================
+Configure |cloudgov-short| API Access
+=====================================
 
 .. default-domain:: mongodb
 

source/atlas-access.txt

@@ -1,8 +1,8 @@
 .. _atlas-access:
 
-=====================
-|service| User Access
-=====================
+============================
+|cloudgov-short| User Access
+============================
 
 .. default-domain:: mongodb
 
@@ -12,4 +12,34 @@
    :depth: 1
    :class: singlecol
 
-Placeholder page.
+This page covers |cloudgov| user accounts.
+
+{+gov-considerations+}
+-----------------------------------
+
+Account
+~~~~~~~
+
+- When you change your password, you cannot use any of your previous 24 
+  passwords.
+
+- If your account is suspended due to inactivity, reset your password 
+  to unsuspend your account.
+
+User Sessions
+~~~~~~~~~~~~~
+
+- |cloudgov-short| ends your session after 15 minutes of 
+  inactivity, requiring you to log in again. You are prompted to 
+  continue your current session after 10 minutes of inactivity.
+
+Monitoring and Logging
+~~~~~~~~~~~~~~~~~~~~~~
+
+- You must have the :authrole:`Project Owner` role to 
+  configure an integration.
+
+- In addition to :atlas:`standard Atlas logging </mongodb-logs/>`, 
+  |cloudgov-short| logs the username and IP address associated with all 
+  failed login attempts, temporary lockouts and failed |api| digest 
+  authentications.

source/includes/privatelink/steps-connect-to-cluster-privatelink.yaml

@@ -31,7 +31,7 @@ content: |
      **Skip this step** if |cloudgov-short| indicates in the
      :guilabel:`Setup connection security` step that you have at least
      one database user configured in your project. To manage existing
-     database users, see :ref:`configure-dbusers`.
+     database users, see :ref:`gov-configure-dbusers`.
 
   To access the cluster, you need a MongoDB user with access to the
   desired database or databases on the cluster in your project. If your

source/index.txt

@@ -20,10 +20,6 @@ developed by the same people that build MongoDB.
 `MongoDB Atlas <https://docs.atlas.mongodb.com/>`__ features. To learn 
 more, see :ref:`<supported-features>`.
 
-.. important::
-   
-   |cloudgov| is only available for preview by invitation.
-
 Using the |cloudgov-short| Documentation
 ------------------------------------------
 
@@ -50,8 +46,8 @@ Links to |service| documentation pages are presented as either:
 
    /introduction
    /getting-started
-   /security
    /atlas-access
+   /security
    /backup-restore-data
    /api
    /billing

source/introduction/atlasgov-considerations.txt

@@ -64,4 +64,23 @@ Database Users
 :manual:`SCRAM </core/security-scram/>` must use ``SCRAM-SHA-256``.
 
 To learn more about configuring |cloudgov-short| database users,
-see :ref:`Configure Database Users <configure-dbusers>`.
+see :ref:`Configure Database Users <gov-configure-dbusers>`.
+
+Alerts and Communications
+-------------------------
+
+You receive emails from a different MongoDB account depending on the 
+region to which your resources are deployed and the type of 
+communication.
+
+|aws-fr-moderate|
+~~~~~~~~~~~~~~~~~
+
+- Alerts come from ``[email protected]``.
+- All other emails come from ``[email protected]``.
+
+|aws-fr-high|
+~~~~~~~~~~~~~
+
+- Alerts come from ``[email protected]``.
+- All other emails come from ``[email protected]``.

source/security.txt

@@ -1,8 +1,8 @@
 :noprevnext:
 
-========
-Security
-========
+=================
+Database Security
+=================
 
 .. default-domain:: mongodb
 
@@ -12,10 +12,40 @@ Security
    :depth: 2
    :class: singlecol
 
+This page covers |cloudgov-short| database users.
+
+Configure Database Users
+------------------------
+
+Database users who authenticate with 
+:manual:`SCRAM </core/security-scram/>` must use ``SCRAM-SHA-256``.
+
+See the |service| documentation to 
+:atlas:`Configure Database Users </security-add-mongodb-users>`.  
+
+Set up a Network Peering Connection
+-----------------------------------
+
+You may only use ``gov`` regions for VPC peering in government 
+region-only projects. 
+
+See the |service| documentation to :ref:`vpc-peering`.
+
+Set up a Private Endpoint
+-------------------------
+
+See :ref:`gov-private-endpoint`.
+
+Customer Key Management with AWS KMS
+------------------------------------
+
+You may only configure |aws| |iam| for ``gov`` regions in government 
+region-only projects.
+
+To learn more, see the |service| documentation for 
+:ref:`security-aws-kms`.
+
 .. toctree::
    :titlesonly:
 
-   /security/configure-database-users
-   /security/vpc-peering
    /security/private-endpoint
-   /security/aws-kms