CMSgov · jimmyfagan · Aug 13, 2024 · Aug 9, 2024
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -5,33 +5,16 @@ This PR template is here to help ensure you're setup for success:
 -->
 
 **JIRA Ticket:**
-[SOMEPROJECT-42](https://jira.cms.gov/browse/SOMEPROJECT-42)
-
-**User Story or Bug Summary:**
-<!-- Please copy-paste the brief user story or bug description that this PR is intended to address. -->
+[BB2-XXXX](https://jira.cms.gov/browse/BB2-XXXX)
 
 
 ### What Does This PR Do?
-
 <!--
 Add detailed description & discussion of changes here.
-The contents of this section should be used as your commit message (unless you merge the PR via a merge commit, of course).
-
-Please follow standard Git commit message guidelines:
-* First line should be a capitalized, short (50 chars or less) summary.
-* The rest of the message should be in standard Markdown format, wrapped to 72 characters.
-* Describe your changes in imperative mood, e.g. "make xyzzy do frotz" instead of "[This patch] makes xyzzy do frotz" or "[I] changed xyzzy to do frotz", as if you are giving orders to the codebase to change its behavior.
-* List all relevant Jira issue keys, one per line at the end of the message, per: <https://confluence.atlassian.com/jirasoftwarecloud/processing-issues-with-smart-commits-788960027.html>.
-
-Reference: <https://git-scm.com/book/en/v2/Distributed-Git-Contributing-to-a-Project>.
 -->
 
-
 ### What Should Reviewers Watch For?
-
 <!--
-Add some items to the following list, or remove the entire section if it doesn't apply for some reason.
-
 Common items include:
 * Is this likely to address the goals expressed in the user story?
 * Are any additional documentation updates needed?
@@ -41,61 +24,22 @@ Common items include:
 * Can you find any bugs if you run the code locally and test it manually?
 -->
 
-If you're reviewing this PR, please check these things, in particular:
-
-* TODO
-
-
-### What Security Implications Does This PR Have?
-
-Submitters should complete the following questionnaire:
+If you're reviewing this PR, please check for these things in particular:
+<!-- Add some items here -->
 
-* If the answer to any of the questions below is **Yes**, then here's a link to the associated Security Impact Assessment (SIA), security checklist, or other similar document in Confluence: N/A.
-    * Does this PR add any new software dependencies? **Yes** or **No**.
-    * Does this PR modify or invalidate any of our security controls? **Yes** or **No**.
-    * Does this PR store or transmit data that was not stored or transmitted before? **Yes** or **No**.
-* If the answer to any of the questions below is **Yes**, then please add a Security Engineer and ISSO  as a reviewer, and note that this PR should not be merged unless/until he also approves it.
-    * Do you think this PR requires additional review of its security implications for other reasons? **Yes** or **No**.
-
-
-### What Needs to Be Merged and Deployed Before this PR?
+### Validation
 
 <!--
-Add some items to the following list, or remove the entire section if it doesn't apply.
-
-Common items include:
-* Database migrations (which should always be deployed by themselves, to reduce risk).
-* New features in external dependencies (e.g. BFD).
+Have you fully verified and tested these changes? Is the acceptance criteria met? Please provide reproducible testing instructions, code snippets, or screenshots as applicable.
 -->
 
-This PR cannot be either merged or deployed until the following pre-requisite changes have been fully deployed:
-
-* CMSgov/some_repo#42
-
-
-### Submitter Checklist
-
-<!--
-Helpful hint: if needed, Git allows you to edit your PR's commits and history, prior to merge.
-See these resources for more information:
+### What Security Implications Does This PR Have?
 
-* <https://dev.to/maxwell_dev/the-git-rebase-introduction-i-wish-id-had>
-* <https://raphaelfabeni.com/git-editing-commits-part-1/>
--->
+Please indicate if this PR does any of the following:
 
-I have gone through and verified that...:
+* Adds any new software dependencies
+* Modifies any security controls
+* Adds new transmission or storage of data
+* Any other changes that could possibly affect security?
 
-* [ ] This PR is reasonably limited in scope, to help ensure that:
-    1. It doesn't unnecessarily tie a bunch of disparate features, fixes, refactorings, etc. together.
-    2. There isn't too much of a burden on reviewers.
-    3. Any problems it causes have a small "blast radius".
-    4. It'll be easier to rollback if that becomes necessary.
-* [ ] I have named this PR and its branch such that they'll be automatically be linked to the (most) relevant Jira issue, per: <https://confluence.atlassian.com/adminjiracloud/integrating-with-development-tools-776636216.html>.
-* [ ] This PR includes any required documentation changes, including `README` updates and changelog / release notes entries.
-* [ ] All new and modified code is appropriately commented, such that the what and why of its design would be reasonably clear to engineers, preferably ones unfamiliar with the project.
-* [ ] All tech debt and/or shortcomings introduced by this PR are detailed in `TODO` and/or `FIXME` comments, which include a JIRA ticket ID for any items that require urgent attention.
-* [ ] Reviews are requested from both:
-    * At least two other engineers on this project, at least one of whom is a senior engineer or owns the relevant component(s) here.
-    * Any relevant engineers on other projects (e.g. BFD, SLS, etc.).
-* [ ] Any deviations from the other policies in the [DASG Engineering Standards](https://github.com/CMSgov/cms-oeda-dasg/blob/master/policies/engineering_standards.md) are specifically called out in this PR, above.
-    * Please review the standards every few months to ensure you're familiar with them.
+- [ ] Yes, one or more of the above security implications apply. This PR must not be merged without the ISSO or team security engineer's approval.