[RHACS] [Docs] [rhacs-docs-main] ROX-33164: Fix DITA errors in operating/manage_security_policies/custom-security-policies.adoc

modules/configure-policy-enforcement-creating-policies.adoc

@@ -27,7 +27,7 @@ The following enforcement behaviors are available depending on the lifecycle sta
 Build:: Set *Enforce on Build* to on to have {product-title-short} fail your continuous integration (CI) builds when images match the criteria of the policy. You can download the `roxctl` CLI and configure the `roxctl image check` command to work with the policy.
 Deploy:: Set *Enforce on Deploy* to on to have {product-title-short} block any workload admissions or updates that match the policy criteria. You must configure and run the {product-title-short} admission controller for this enforcement to take effect.
 ** In clusters with admission controller enforcement, the Kubernetes or {ocp} API server blocks all noncompliant deployments. In clusters without admission controller enforcement, {product-title-short} modifies noncompliant deployments to prevent pods from scheduling.
-** For existing deployments, policy changes only result in enforcement at the next detection of the criteria, when a Kubernetes event occurs. For more information about enforcement, see "Deploy stage enforcement".
+** For existing deployments, policy changes only result in enforcement at the next detection of the criteria, when a Kubernetes event occurs.
 Runtime:: Set *Enforce on Runtime* to on to have {product-title-short} delete all pods when an event in the pods matches the criteria of the policy.
 +
 [WARNING]

modules/configure-policy-rules.adoc

@@ -7,7 +7,7 @@
 = Configuring policy rules
 
 [role="_abstract"]
-To control when a policy is triggered, configure the specific conditions and rules that apply to your environment. You can customize these rules by dragging and dropping policy fields, such as networking or workload activity, to define criteria appropriate for the build or runtime lifecycle stages.
+To control when a policy triggers, configure the specific conditions and rules that apply to your environment. You can customize these rules by dragging and dropping policy fields, such as networking or workload activity, to define criteria appropriate for the build or runtime lifecycle stages.
 
 .Procedure
 
@@ -16,7 +16,7 @@ To control when a policy is triggered, configure the specific conditions and rul
 +
 [NOTE]
 ====
-The policy fields that are available depend on the lifecycle stage you chose for the policy. For example, the criteria associated to *Networking* or *Workload activity* are available when creating a policy for the runtime lifecycle, but not when creating a policy for the build lifecycle. For more information about policy criteria, including information about criteria and the lifecycle phase in which they are available, see "Policy criteria".
+The lifecycle stage you chose for the policy determines which policy fields become available. For example, the criteria associated to *Networking* or *Workload activity* become available when creating a policy for the runtime lifecycle, but not when creating a policy for the build lifecycle.
 ====
 . For each field, you can select from options that are specific to the field. These differ depending on the type of field. For example:
 * The default behavior for a value that is a string is to match on a policy field, and select the *Not* checkbox to indicate when you do not want the field to match.
@@ -27,7 +27,7 @@ The policy fields that are available depend on the lifecycle stage you chose for
 +
 [NOTE]
 ====
-For more information about values available for policy criteria, see "Policy criteria".
+For more information about values available for policy criteria, see the "Policy criteria" reference.
 ====
 . To combine multiple values for an attribute, click the *Add value of policy field* icon.
 . Optional: To add an additional rule, click *Add a new rule* .

modules/configure-policy-scope.adoc

@@ -19,12 +19,12 @@ Node event source does not support scoping.
 ====
 
 Restrict by scope:: Use this setting to apply the policy to a specific cluster, namespace, or deployment label.
-You can add one or more scopes and also use regular expressions in link:https://github.com/google/re2/wiki/Syntax[RE2 Syntax] for namespaces and labels.
-Exclude by scope:: Excludes specific deployments, clusters, namespaces, and deployment labels from the policy. The policy will not apply to the entities that you select. You can add one or more scopes and also use regular expressions in link:https://github.com/google/re2/wiki/Syntax[RE2 Syntax] for namespaces and labels.
+You can add one or more scopes and also use regular expressions in "RE2 Syntax" for namespaces and labels.
+Exclude by scope:: Excludes specific deployments, clusters, namespaces, and deployment labels from the policy. The policy will not apply to the entities that you select. You can add one or more scopes and also use regular expressions in "RE2 Syntax" for namespaces and labels.
 +
 [NOTE]
 ====
-This function is only available for policies configured for the deploy and runtime lifecycle stages.
+This function applies only to policies configured for the deploy and runtime lifecycle stages.
 ====
 
 Exclude images:: For policies configured for the build lifecycle stage, you can exclude images from the policy. Select the images for which you do not want to trigger a violation.

modules/create-policy-categories-using-tab.adoc

@@ -11,6 +11,6 @@ You can create policy categories by using the *Policy categories* tab. You can a
 .Procedure
 
 . In the {product-title-short} portal, go to *Platform Configuration* -> *Policy Management*.
-. Click the *Policy categories* tab. This tab provides a list of existing categories and allows you to filter the list by category name. You can also click *Show all categories* and select the checkbox to remove default or custom categories from the displayed list.
+. Click the *Policy categories* tab. This tab provides a list of existing categories that you can filter by category name. You can also click *Show all categories* and select the checkbox to remove default or custom categories from the displayed list.
 . Click *Create category*.
 . Enter a category name and click *Create*.

modules/create-policy-from-risk-view.adoc

@@ -13,4 +13,4 @@ You can generate a new security policy directly from the *Risk* view in the {pro
 .Procedure
 . In the {product-title-short} portal, click *Risk*.
 . Apply the local page filtering criteria that you want to create a policy for. For example, you can filter by using criteria such as a specific CVE, a cluster, a deployment, an image, or various other criteria. 
-. Click *Create policy* and complete the required fields to create a new policy. For the steps to create a policy, see "Creating a security policy from the system policies view".
+. Click *Create policy* and complete the required fields to create a new policy.

modules/enter-policy-details.adoc

@@ -17,7 +17,7 @@ Configure the core attributes of your custom security policy to ensure exact thr
 . Enter details about the policy in the *Description* field.
 . Enter an explanation about why the policy exists in the *Rationale* field.
 . Enter steps to resolve violations of the policy in the *Guidance* field.
-. Select the link:https://attack.mitre.org/matrices/enterprise/containers/[tactic and the techniques] you want to specify for the policy:
+. Select the "tactic and the techniques" you want to specify for the policy:
 .. From the *Add tactic* list, select a tactic.
 .. From the *Add technique* list, select a technique for the tactic. You can specify one or more techniques for a tactic.
 . Click *Next*.

modules/modify-policy-categories-using-tab.adoc

@@ -6,10 +6,10 @@
 = Modifying policy categories by using the Policy categories tab
 
 [role="_abstract"]
-You can modify policy categories by using the policy categories tab. You can also configure policy categories by using the `PolicyCategoryService` API object. For more information, go to *Help* -> *API reference* in the {product-title-short} portal.
+You can change policy categories by using the policy categories tab. You can also configure policy categories by using the `PolicyCategoryService` API object. For more information, go to *Help* -> *API reference* in the {product-title-short} portal.
 
 .Procedure
 
 . In the {product-title-short} portal, go to *Platform Configuration* -> *Policy Management*.
-. Click the *Policy categories* tab. This tab provides a list of existing categories and allows you to filter the list by category name. You can also click *Show all categories* and select the checkbox to remove default or custom categories from the displayed list.
-. Click a policy name to edit or delete it. Default policy categories cannot be selected, edited, or deleted.
+. Click the *Policy categories* tab. This tab provides a list of existing categories that you can filter by category name. You can also click *Show all categories* and select the checkbox to remove default or custom categories from the displayed list.
+. Click a policy name to edit or delete it. You cannot select, edit, or delete default policy categories.

modules/preview-policy-violations.adoc

@@ -12,12 +12,12 @@ To ensure the policy is working correctly, verify the configuration options and
 .Procedure
 
 . Verify that the policy configuration is configured with the correct options.
-. View the results in the *Preview policy violations* panel to ensure that the policy is working. This panel provides additional information, including whether build phase or deploy phase deployments have policy violations.
+. View the results in the *Preview policy violations* panel to ensure that the policy works correctly. This panel provides additional information, including whether build phase or deploy phase deployments have policy violations.
 +
 [NOTE]
 ====
-Runtime violations are not available in this preview because they are generated when events occur in the future.
+Runtime violations do not appear in this preview because the system generates them when events occur in the future.
 ====
 +
-Before you save the policy, verify that the violations seem accurate.
+Before you save the policy, verify that the violations seem exact.
 . Click *Save*.

modules/select-policy-lifecycle.adoc

@@ -9,16 +9,14 @@
 [role="_abstract"]
 Define when {product-title-short} evaluates policies by assigning a specific lifecycle stage. You can target these specific phases to inspect images during the continuous integration (CI) process or monitor workload activity on a live node, ensuring that enforcement actions occur at the appropriate time.
 
-For more information, see "Understanding the {product-title-short} policy evaluation engine".
-
 .Procedure
 
 . Select the *Lifecycle stages* for the policy:
 +
-The following options are associated with the lifecycle stages:
+The lifecycle stages have the following options:
 
 Build:: Policies in this stage inspect image criteria such as the image registry, content, vulnerability data, and the scanning process. The CI pipeline evaluates these policies during the build process. If you enable enforcement, a policy violation fails the build. {product-title-short} does not store violations from this stage.
-Deploy:: Policies in this stage inspect workload configurations and their images. {product-title-short} evaluates these policies when you create or update a workload resource and re-evaluates them periodically or on demand. When you enable enforcement, a policy violation causes the admission controller to reject the deployment or update try, or scale the workload replicas to zero.
+Deploy:: Policies in this stage inspect workload configurations and their images. {product-title-short} evaluates these policies when you create or update a workload resource and re-evaluates them periodically or on-demand. When you enable enforcement, a policy violation causes the admission controller to reject the deployment or update try, or scale the workload replicas to zero.
 Build and Deploy:: Select this stage if you want your policy to inspect images in both the build pipeline and during workload admission, and to apply enforcement to either or both stages.
 Runtime:: Policies in this stage inspect either workload activity or Kubernetes resource operations associated with the following event sources:
 Deployment::: To use runtime policies for workload activity, you must include at least one workload activity criterion. You can combine workload activity criteria with image or workload configuration criteria. If you enable enforcement, {product-title-short} terminates the offending pod, and the orchestrator then re-creates the pod.

operating/manage_security_policies/custom-security-policies.adoc

@@ -12,40 +12,71 @@ Create custom security policies in the {product-title-short} portal to enforce c
 
 include::modules/common-attributes.adoc[]
 
+//Creating a security policy from the system policies view
 include::modules/create-policy-from-system-policies-view.adoc[leveloffset=+1]
 
+//Entering policy details
 include::modules/enter-policy-details.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+* link:https://attack.mitre.org/matrices/enterprise/containers/[MITRE ATT&CK tactics and techniques for containers]
+
+//Selecting the policy lifecycle stage
 include::modules/select-policy-lifecycle.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operating/manage_security_policies/about-security-policies.adoc#policy-evaluation-engine_about-security-policies[Understanding the {product-title-short} policy evaluation engine]
+
+//Configuring policy rules
 include::modules/configure-policy-rules.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 * xref:../../operating/manage_security_policies/security-policy-reference.adoc#policy-criteria_security-policy-reference[Policy criteria]
 
+//Configuring the policy scope
 include::modules/configure-policy-scope.adoc[leveloffset=+2]
 
+[role="_additional-resources"]
+.Additional resources
+* link:https://github.com/google/re2/wiki/Syntax[RE2 Syntax]
+
+//Enable the policy
 include::modules/enable-policy.adoc[leveloffset=+2]
 
+//Configuring policy enforcement
 include::modules/configure-policy-enforcement-creating-policies.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
 .Additional resources
 * xref:../../operating/manage_security_policies/about-security-policies.adoc#policy-enforcement-deploy_about-security-policies[Deploy stage enforcement]
 
+//Selecting policy notifiers
 include::modules/selecting-policy-notifiers.adoc[leveloffset=+2]
 
+//Reviewing the policy and previewing violations
 include::modules/preview-policy-violations.adoc[leveloffset=+2]
 
+//Verifying file activity policies
 include::modules/verifying-file-activity-policies.adoc[leveloffset=+2]
 
+//Creating a security policy from the risk view
 include::modules/create-policy-from-risk-view.adoc[leveloffset=+1]
 
+[role="_additional-resources"]
+.Additional resources
+* xref:../../operating/manage_security_policies/custom-security-policies.adoc#create-policy-from-system-policies-view_custom-security-policies[Creating a security policy from the system policies view]
+
+//Modifying existing security policies
 include::modules/modify-existing-security-policies.adoc[leveloffset=+1]
 
+//Disabling a policy
 include::modules/disable-associated-policies.adoc[leveloffset=+2]
 
+//Creating policy categories by using the Policy categories tab
 include::modules/create-policy-categories-using-tab.adoc[leveloffset=+2]
 
+//Modifying policy categories by using the Policy categories tab
 include::modules/modify-policy-categories-using-tab.adoc[leveloffset=+2]