Refactor Governance Requirements & Titles (#215)

* refactored GV_01

Signed-off-by: Eddie Knight <[email protected]>

* refactored GV_02

Signed-off-by: Eddie Knight <[email protected]>

* refactored GV_03

Signed-off-by: Eddie Knight <[email protected]>

* refactored GV_04

Signed-off-by: Eddie Knight <[email protected]>

* Update baseline/OSPS-GV.yaml

Co-authored-by: Ben Cotton <[email protected]>
Signed-off-by: Eddie Knight <[email protected]>

* Update baseline/OSPS-GV.yaml

Co-authored-by: Ben Cotton <[email protected]>
Signed-off-by: Eddie Knight <[email protected]>

---------

Signed-off-by: Eddie Knight <[email protected]>
Co-authored-by: Ben Cotton <[email protected]>

Author: eddie-knight

baseline/OSPS-GV.yaml

@@ -8,8 +8,8 @@ description: |
 controls:
   - id: OSPS-GV-01
     title: |
-      Document the Roles and Responsibilities for members of the project in the
-      project documentation
+      The project documentation MUST include the roles and responsibilities
+      for members of the project.
     objective: |
       Documenting project roles and responsibilities helps project participants,
       potential contributors, and downstream consumers have an accurate
@@ -27,8 +27,21 @@ controls:
     assessment-requirements:
       - id: OSPS-GV-01.01
         text: |
-          The project documentation MUST include the Roles and Responsibilities
-          for members of the project.
+          While active, the project documentation MUST include a list of
+          project members with access to sensitive resources.
+        applicability:
+          - Maturity Level 2
+          - Maturity Level 3
+        recommendation: |
+          Document project participants and their roles through such artifacts
+          as members.md, governance.md, maintainers.md, or similar file within
+          the source code repository of the project.
+          This may be as simple as including names or account handles in a list
+          of maintainers, or more complex depending on the project's governance.
+      - id: OSPS-GV-01.02
+        text: |
+          While active, the project documentation MUST include descriptions of
+          the roles and responsibilities for members of the project.
         applicability:
           - Maturity Level 2
           - Maturity Level 3
@@ -39,8 +52,8 @@ controls:
 
   - id: OSPS-GV-02
     title: |
-      Establish mechanisms for public discussions about proposed changes and
-      usage obstacles in the project
+      The project MUST have one or more mechanisms for public discussions
+      about proposed changes and usage obstacles.
     objective: |
       Encourages open communication and collaboration within the project
       community, enabling users to provide feedback and discuss proposed changes
@@ -64,8 +77,8 @@ controls:
     assessment-requirements:
       - id: OSPS-GV-02.01
         text: |
-          The project MUST have one or more mechanisms for public discussions
-          about proposed changes and usage obstacles.
+          While active, the project MUST have one or more mechanisms for public
+          discussions about proposed changes and usage obstacles.
         applicability:
           - Maturity Level 1
           - Maturity Level 2
@@ -77,8 +90,8 @@ controls:
 
   - id: OSPS-GV-03
     title: |
-      Include an explanation of the contribution process in the project
-      documentation
+      The project documentation MUST include an explanation of the
+      contribution process.
     objective: |
       Provide guidance to new contributors on how to participate in the project,
       outlining the steps required to submit changes or enhancements to the
@@ -109,8 +122,8 @@ controls:
     assessment-requirements:
       - id: OSPS-GV-03.01
         text: |
-          The project documentation MUST include an explanation of the
-          contribution process.
+          While active, the project documentation MUST include an explanation
+          of the contribution process.
         applicability:
           - Maturity Level 1
         recommendation: |
@@ -119,8 +132,8 @@ controls:
           engaging with the project maintainers.
       - id: OSPS-GV-03.02
         text: |
-          The project documentation MUST include a guide for code contributors
-          that includes requirements for acceptable contributions.
+          While active, the project documentation MUST include a guide for code
+          contributors that includes requirements for acceptable contributions.
         applicability:
           - Maturity Level 2
           - Maturity Level 3
@@ -133,8 +146,9 @@ controls:
 
   - id: OSPS-GV-04
     title: |
-      Implement a policy that code contributors are reviewed prior to granting
-      escalated permissions to sensitive resources in the project documentation
+      The project documentation MUST have a policy that code contributors
+      are reviewed prior to granting escalated permissions to sensitive
+      resources.
     objective: |
       Ensure that code contributors are vetted and reviewed before being granted
       elevated permissions to sensitive resources within the project, reducing
@@ -159,9 +173,9 @@ controls:
     assessment-requirements:
       - id: OSPS-GV-04.01
         text: |
-          The project documentation MUST have a policy that code contributors
-          are reviewed prior to granting escalated permissions to sensitive
-          resources.
+          While active, the project documentation MUST have a policy that code
+          contributors are reviewed prior to granting escalated permissions to
+          sensitive resources.
         applicability:
           - Maturity Level 3
         recommendation: |