From 2ba369100c1bde2d02980d08df0b58fd99cfecf2 Mon Sep 17 00:00:00 2001
From: Beverly Nguyen <Beverly.Nguyen@gsa.gov>
Date: Mon, 18 Nov 2024 13:35:24 -0800
Subject: [PATCH 1/3] content

---
 app/main/views/index.py                       |  8 +++
 app/main/views/sub_navigation_dictionaries.py |  4 ++
 app/templates/views/about/security.html       | 61 +++++++++++++++++++
 3 files changed, 73 insertions(+)
 create mode 100644 app/templates/views/about/security.html

diff --git a/app/main/views/index.py b/app/main/views/index.py
index 974e29211..79d4365f4 100644
--- a/app/main/views/index.py
+++ b/app/main/views/index.py
@@ -295,6 +295,14 @@ def about_notify():
     )
 
 
+@main.route("/about/security")
+def about_security():
+    return render_template(
+        "views/about/security.html",
+        navigation_links=about_notify_nav(),
+    )
+
+
 @main.route("/using-notify/guidance/create-and-send-messages")
 @user_is_logged_in
 def create_and_send_messages():
diff --git a/app/main/views/sub_navigation_dictionaries.py b/app/main/views/sub_navigation_dictionaries.py
index b9fb7f8ae..f043955de 100644
--- a/app/main/views/sub_navigation_dictionaries.py
+++ b/app/main/views/sub_navigation_dictionaries.py
@@ -113,4 +113,8 @@ def about_notify_nav():
             "name": "About notify",
             "link": "main.about_notify",
         },
+        {
+            "name": "Security",
+            "link": "main.about_security",
+        },
     ]
diff --git a/app/templates/views/about/security.html b/app/templates/views/about/security.html
new file mode 100644
index 000000000..b03e593a4
--- /dev/null
+++ b/app/templates/views/about/security.html
@@ -0,0 +1,61 @@
+{% extends "base.html" %}
+
+{% set page_title = "Security" %}
+
+{% block per_page_title %}
+{{page_title}}
+{% endblock %}
+
+{% block content_column_content %}
+<!-- {% with title=page_title %}{% include "components/best-practices/nav_breadcrumb.html" %}{% endwith %} -->
+<section class="usa-prose">
+  <h1>{{page_title}}</h1>
+  <p class="font-sans-lg text-base">Notify.gov is built for the needs of government agencies with fundamental system
+    security processes in place to:
+  </p>
+  <ul>
+    <li>protect user data</li>
+    <li>keep systems secure</li>
+    <li>manage risks around information</li>
+  </ul>
+  <p>
+    Notify.gov operates under a full three-year <a href="https://digital.gov/resources/an-introduction-to-ato/"
+      target="_blank">Authority-to-Operate (ATO)</a>. This federal security authorization process leverages security
+    controls provided by National Institute of Standards and Technology (NIST).
+  </p>
+
+  <p>
+    Our infrastructure runs on <a href="https://www.cloud.gov/" target="_blank">cloud.gov</a> and utilizes several
+    services through Amazon Web
+    Services (AWS), including <a href="https://aws.amazon.com/sns/" target="_blank"> AWS SNS </a> for sending SMS
+    messages.
+  </p>
+  <p>For more information about the Notify.gov infrastructure, contact us at <a
+      href="mailto:notify-support@gsa.gov">notify-support@gsa.gov</a>.</p>
+  <h2>Data</h2>
+  <p>
+    On Notify.gov, data is encrypted both in transit and at rest. To send a message, agencies upload a spreadsheet of
+    phone numbers and other necessary data from their existing data management system.
+  </p>
+  <p>
+    Notify.gov is not a system of record, so it does not have a System of Records Notice (SORN). Agencies are
+    responsible for managing their data outside of Notify.gov.
+  </p>
+  <h3>Data retention</h3>
+  <p>
+    Any data uploads that have recipient data are held for seven calendar days; personally identifiable information
+    (PII) is never stored in Notify’s database.
+  </p>
+  <h2>Multi-Factor Authentication</h2>
+  <p>
+    Notify.gov uses <a href="https://login.gov/what-is-login/" target="_blank">Login.gov</a> for enhanced security.
+    Login.gov is an extra layer of security created by the government that uses multi-factor authentication and stronger
+    passwords to protect your account.
+  </p>
+  <p>
+    To access Notify.gov, users will use a Login.gov account associated with their agency (.gov) email with one of the
+    <a href="https://login.gov/help/get-started/authentication-methods/" target="_blank">multi-factor authentication
+      methods</a> offered through Login.gov.
+  </p>
+</section>
+{% endblock %}

From de8c4b7204177f862cc35e6111d77c80819c6d99 Mon Sep 17 00:00:00 2001
From: Beverly Nguyen <Beverly.Nguyen@gsa.gov>
Date: Mon, 18 Nov 2024 13:41:32 -0800
Subject: [PATCH 2/3] test

---
 tests/app/test_navigation.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/app/test_navigation.py b/tests/app/test_navigation.py
index 15be17081..910364cee 100644
--- a/tests/app/test_navigation.py
+++ b/tests/app/test_navigation.py
@@ -18,6 +18,7 @@
         Navigation.get_endpoint_with_blueprint,
         {
             "about_notify",
+            "about_security",
             "accept_invite",
             "accept_org_invite",
             "accessibility_statement",

From 942489dc57f8dce8eaaa768308fdd551f8d5a4aa Mon Sep 17 00:00:00 2001
From: Beverly Nguyen <Beverly.Nguyen@gsa.gov>
Date: Wed, 20 Nov 2024 09:43:12 -0800
Subject: [PATCH 3/3] updated external links

---
 app/main/views/sub_navigation_dictionaries.py | 10 ++++++----
 app/templates/views/about/security.html       | 17 +++++++++++------
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/app/main/views/sub_navigation_dictionaries.py b/app/main/views/sub_navigation_dictionaries.py
index f043955de..0aba6069b 100644
--- a/app/main/views/sub_navigation_dictionaries.py
+++ b/app/main/views/sub_navigation_dictionaries.py
@@ -112,9 +112,11 @@ def about_notify_nav():
         {
             "name": "About notify",
             "link": "main.about_notify",
-        },
-        {
-            "name": "Security",
-            "link": "main.about_security",
+            "sub_navigation_items": [
+                {
+                    "name": "Security",
+                    "link": "main.about_security",
+                },
+            ],
         },
     ]
diff --git a/app/templates/views/about/security.html b/app/templates/views/about/security.html
index b03e593a4..9ebc0420f 100644
--- a/app/templates/views/about/security.html
+++ b/app/templates/views/about/security.html
@@ -19,15 +19,18 @@ <h1>{{page_title}}</h1>
     <li>manage risks around information</li>
   </ul>
   <p>
-    Notify.gov operates under a full three-year <a href="https://digital.gov/resources/an-introduction-to-ato/"
-      target="_blank">Authority-to-Operate (ATO)</a>. This federal security authorization process leverages security
+    Notify.gov operates under a full three-year <a class="use-link usa-link--external"
+      href="https://digital.gov/resources/an-introduction-to-ato/" target="_blank">Authority-to-Operate (ATO)</a>. This
+    federal security authorization process leverages security
     controls provided by National Institute of Standards and Technology (NIST).
   </p>
 
   <p>
-    Our infrastructure runs on <a href="https://www.cloud.gov/" target="_blank">cloud.gov</a> and utilizes several
+    Our infrastructure runs on <a class="use-link usa-link--external" href="https://www.cloud.gov/"
+      target="_blank">cloud.gov</a> and utilizes several
     services through Amazon Web
-    Services (AWS), including <a href="https://aws.amazon.com/sns/" target="_blank"> AWS SNS </a> for sending SMS
+    Services (AWS), including <a class="use-link usa-link--external" href="https://aws.amazon.com/sns/" target="_blank">
+      AWS SNS </a> for sending SMS
     messages.
   </p>
   <p>For more information about the Notify.gov infrastructure, contact us at <a
@@ -48,13 +51,15 @@ <h3>Data retention</h3>
   </p>
   <h2>Multi-Factor Authentication</h2>
   <p>
-    Notify.gov uses <a href="https://login.gov/what-is-login/" target="_blank">Login.gov</a> for enhanced security.
+    Notify.gov uses <a class="use-link usa-link--external" href="https://login.gov/what-is-login/"
+      target="_blank">Login.gov</a> for enhanced security.
     Login.gov is an extra layer of security created by the government that uses multi-factor authentication and stronger
     passwords to protect your account.
   </p>
   <p>
     To access Notify.gov, users will use a Login.gov account associated with their agency (.gov) email with one of the
-    <a href="https://login.gov/help/get-started/authentication-methods/" target="_blank">multi-factor authentication
+    <a class="use-link usa-link--external" href="https://login.gov/help/get-started/authentication-methods/"
+      target="_blank">multi-factor authentication
       methods</a> offered through Login.gov.
   </p>
 </section>