Update structure of policy docs

Author: kcarmichael08

_topic_maps/_topic_map.yml

@@ -220,10 +220,16 @@ Topics:
   Topics:
   - Name: About security policies
     File: about-security-policies
-  - Name: Custom security policies
-    File: custom-security-policies
+  - Name: Understanding security policies
+    File: understanding-security-policies
   - Name: Default security policies
     File: default-security-policies
+  - Name: Understanding policy violations
+    File: understanding-policy-violations
+  - Name: Understanding policy enforcement
+    File: understanding-policy-enforcement
+  - Name: Creating and modifying custom security policies
+    File: custom-security-policies
 - Name: Managing network policies
   File: manage-network-policies
 - Name: Build-time network policy tools

operating/manage_security_policies/about-security-policies.adoc

@@ -7,12 +7,26 @@ include::modules/common-attributes.adoc[]
 toc::[]
 
 [role="_abstract"]
-{product-title} provides out-of-the-box _default_ security policies that you can use to prevent high-risk service deployments in your environment and respond to runtime security incidents. You can also create _custom_ multi-factor policies for your container environment.
+{product-title-short}provides security for your Kubernetes environments by providing out-of-the-box security policies and giving you the ability to customize your own multi-factor policies for your container environment. Configuring these policies enables you to automatically prevent high-risk service deployments in your environment and respond to runtime security incidents.
+
+You can use policies to alert you or work with your system to stop it from performing an action, such as a deployment, when {product-title-short} scans your environment and discovers policy violations.
+
+
+Default policies
+
+The default policies included in {product-title-short} provide broad coverage to identify security issues and ensure that you follow best development practices in your environment. These default policies include policies to
+
+Custom policies
+Policy categories
+Best practices
+
+
+
+
+
+
+
 
-//Policy categories
-include::modules/con-policy-categories.adoc[leveloffset=+1]
-include::modules/create-policy-categories-using-tab.adoc[leveloffset=+2]
-include::modules/modify-policy-categories-using-tab.adoc[leveloffset=+2]
 
 //Future section:
 //Best practices

operating/manage_security_policies/custom-security-policies.adoc

@@ -1,6 +1,6 @@
 :_mod-docs-content-type: ASSEMBLY
 [id="custom-security-policies"]
-= Custom security policies
+= Creating and modifying custom security policies
 include::modules/common-attributes.adoc[]
 :context: custom-security-policies
 
@@ -19,13 +19,18 @@ See the following sections for more information.
 
 include::modules/create-policy-from-system-policies-view.adoc[leveloffset=+1]
 
-include::modules/add-logical-conditions-policy-criteria.adoc[leveloffset=+2]
-
 include::modules/create-policy-from-risk-view.adoc[leveloffset=+1]
 
-[role="_additional-resources"]
-.Additional resources
-* xref:../../operating/search-filter.adoc#use-local-page-filtering_search-filter[Using local page filtering]
+. Create policy details (MODULE)
+. Select the lifecycle stage (MODULE)
+. Configure rules, or policy criteria (MODULE)
+ADD: modules/add-logical-conditions-policy-criteria.adoc[leveloffset=+2]
+. Configure policy behavior (MODULE)
+* Scope
+* Actions
+** Enforcement
+** Notifiers
+. Review and save (MODULE)
 
 //Modifying existing security policies
 include::modules/modify-existing-security-policies.adoc[leveloffset=+1]

operating/manage_security_policies/managing-policies-as-code.adoc

@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="managing-policies-as-code"]
+= Managing policies as code
+include::modules/common-attributes.adoc[]
+:context: managing-policies-as-code
+
+toc::[]
+
+[role="_abstract"]
+You can create and manage policies as code by saving policies as Kubernetes custom resources (CRs) and applying them to clusters by using a Kubernetes-native continuous delivery (CD) tool such as Argo CD.
+
+include::modules/policy-as-code-about.adoc[leveloffset=+1]
+include::modules/policy-as-code-drift.adoc[leveloffset=+2]
+include::modules/policy-as-code-create-portal.adoc[leveloffset=+2]
+include::modules/policy-as-code-create-cr.adoc[leveloffset=+2]
+include::modules/policy-as-code-disable.adoc[leveloffset=+2]
+
+//in progress: modules/policy-as-code-workflow-example.adoc
+

operating/manage_security_policies/understanding-policy-violations.adoc

@@ -0,0 +1,16 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="understanding-policy-violations"]
+= Understanding policy violations
+include::modules/common-attributes.adoc[]
+:context: understanding-policy-violations
+
+toc::[]
+
+[role="_abstract"]
+
+Active Violations
+Blocked operations by Admission Controller
+Deployments attempts
+Blocked API calls
+Resolved Violations
+

operating/manage_security_policies/understanding-security-policies.adoc

@@ -0,0 +1,38 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="understanding-security-policies"]
+= Understanding security policy structure
+include::modules/common-attributes.adoc[]
+:context: understanding-security-policies
+
+toc::[]
+
+[role="_abstract"]
+
+Policy details
+
+include::modules/con-policy-categories.adoc[leveloffset=+1]
+
+
+Policy Lifecycle
+
+* build phase policies
+* deploy phase policies
+* runtime policies
+
+Policy Rules
+
+Policy Behavior
+
+Policy Scoping
+
+Policy Enforcement
+
+build time enforcement
+deploy time enforcement
+Soft enforcement using the admission controller
+Hard enforcement by Sensor
+runtime enforcement
+
+
+Policy Notifiers
+

operating/manage_security_policies/understanding_policy_enforcement.adoc

@@ -0,0 +1,13 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="understanding-policy-enforcement"]
+= Understanding policy enforcement
+include::modules/common-attributes.adoc[]
+:context: understanding-policy-enforcement
+
+toc::[]
+
+[role="_abstract"]
+
+
+include::modules/policy-enforcement-about.adoc[leveloffset=+1]
+include::modules/policy-enforcement-deploy.adoc[leveloffset=+2]