Merge pull request #3075 from GSA-TTS/main

.github/ISSUE_TEMPLATE/api-access-template.yaml

@@ -27,6 +27,29 @@ body:
       default: 0
     validations:
       required: true
+  - type: markdown
+    attributes:
+      value: |
+        What kind of key is being requested?
+        
+        A *personal* key is one that will be used by an individual developer 
+        on agency-issued GFE.
+
+        A *system* key is one that will be used to communicate with the FAC
+        as part of a FISMA-Moderate system that has an active ATO. 
+
+  - type: dropdown
+    id: accesstype
+    attributes:
+      label: Key type
+      description: |
+        Is a personal or system key being requested? 
+      options:
+        - Personal key
+        - System key
+      default: 0
+    validations:
+      required: true  
   - type: input
     id: email
     attributes:

.github/ISSUE_TEMPLATE/epic-template.md

@@ -11,3 +11,26 @@
 ### Stories
 - [ ] 
 ```
+
+
+# Acceptance Criteria
+
+### Scenario: 
+
+**Given**   
+**when**  
+...
+
+[comment]: # "Each task should be a verifiable outcome"
+```[tasklist]
+### then... 
+- [ ] [a thing happens]
+```
+
+# Security Considerations
+
+Required per [CM-4](https://nvd.nist.gov/800-53/Rev4/control/CM-4).
+
+[comment]: # "Our SSP says 'The team ensures security implications are considered as part of the agile requirements refinement process by including a section in the issue template used as a basis for new work.'"
+[comment]: # "Please do not remove this section without care."
+[comment]: # "Note any security concerns that might be implicated in the change. 'None' is OK, but we must be explicit here."