Merge pull request #16 from rise8-us/fix/grammer-fix

modified/corrected few contents as requested

docs/history.md

@@ -8,7 +8,7 @@ Kessel Run had stood on the shoulders of giants, such as 18F’s accelerated ATO
 
 The first applications to achieve this were Raven and Marauder, both deployed to an on-premise cloud stack running Pivotal Cloud Foundry (like our friends at NGA) on the SIPR network. The Kessel Run team, led by Bryon Kroger and Andrew Altizer (ISSM), implemented this combination of people, process, and technology for an ongoing authorization that was tailor made for DevOps with deployment frequencies measured in hours. Bryon coined the term “cATO” to describe that **specific implementation of an ongoing authorization within RMF to enable true continuous delivery**. Some of the technology and process underpinnings were adapted from NGA and 18F, while some were changed or added. 
 
-Unfortunately, the cATO would take on a life of its own and headed in a different direction, away from an RMF-based controls implementation, assessment, and authorization to something based on political favor and a particular reference design that required the use of certain technologies, at odds with the RMF’s technology neutral stance. Senior leaders also began to espouse “certifying the people and the process”, instead of systems themselves and, unfortunately, placed their trust in the wrong people who weren’t even practicing the RMF-deficient method they were preaching. 
+Unfortunately, the term cATO would take on a life of its own and headed in a different direction, away from an RMF-based controls implementation, assessment, and authorization to something based on political favor and a particular reference design that required the use of certain technologies, at odds with the RMF’s technology neutral stance. Senior leaders also began to espouse “certifying the people and the process”, instead of systems themselves and, unfortunately, placed their trust in the wrong people who weren’t even practicing the RMF-deficient method they were preaching. 
 
 During that time, Bryon Kroger left the Air Force and founded Rise8, where we have continued advancing RMF for continuous delivery, improving both process and automation. It has been difficult, however, to get the community to adopt this rigorous approach given that many organizations were able to get all the benefits of being able to continuously deploy their software without doing the work. It’s a close cousin of Shadow IT: Shadow ATO.
 

docs/laws.md

@@ -53,7 +53,7 @@ The NIST Risk Management Framework (RMF), outlined in NIST Special Publication 8
 3. **Select** a set of the NIST SP 800-53 controls to protect the system based on risk assessments.
 4. **Implement** the controls, and document how the controls are deployed.
 5. **Assess** the control implementation to determine if the controls are in place, operating as intended, and producing the desired results to manage risk.
-6. **Authorize** the system to operate by a senior-level official that understand the controls in place to manage risk and any residual risk.
+6. **Authorize** the system to operate by a senior-level official that understands the controls in place to manage risk and any residual risk.
 7. **Continuously monitor** control implementation and changes to the risks to the system.
 
 We recommend reading [NIST SP 800-37, Revision 2](https://csrc.nist.gov/pubs/sp/800/37/r2/final) in its entirety before embarking on your ATO journey, paying particular attention to information about ongoing authorization, automation, and aligning the RMF with the SDLC. Appendix F is important to understand as you move towards Ongoing Authorization. These excerpts are just to help set a baseline for the playbook.

docs/prepare.md

@@ -6,7 +6,7 @@ Use the Prepare step to align all stakeholders to go on a journey towards ongoin
 
 ## Communication Strategy and Plan
 
-It is important to develop a communications strategy with your team and relevant stakeholders. Key points to emphasize in your are communications strategy are:
+It is important to develop a communications strategy with your team and relevant stakeholders. Key points to emphasize in your communications strategy are:
 
 - RMF is our common denominator, start there
 - Discuss real concerns, don’t generalize

docs/why.md

@@ -1,6 +1,6 @@
 # Why? The Need for cATO
 
-The DevOps Research and Assessment (DORA) organization has nearly a decade of research showing that there is no tradeoff between speed and stability nor speed and security in high performing software organizations. In fact, both stability and security are positively correlated with speed. In other words, organizations with high software deliver performance experience a virtuous cycle between speed and security.
+The DevOps Research and Assessment (DORA) organization has nearly a decade of research showing that there is no tradeoff between speed and stability nor speed and security in high performing software organizations. In fact, both stability and security are positively correlated with speed. In other words, organizations with high software delivery performance experience a virtuous cycle between speed and security.
 
 <br/>
 
@@ -12,13 +12,13 @@ At the same time, both our citizens and our soldiers are paying the price of an
 
 ## Continuous Delivery as a Risk Mitigation
 
-But aren’t we doing Agile, now? It has become popular to adopt Agile Software Development rhetoric in the Federal, however it is rarely executed. This is evidenced by the fact that the first principle from the Manifesto for Agile Software Development states, “Our highest priority is to satisfy customers through early and continuous delivery of valuable software.” That is to say that if delivery is not early and continuous, then ‘agile’ clearly has not manifested. When we say continuous delivery, we mean it. 
+But aren’t we doing Agile, now? It has become popular to adopt Agile Software Development rhetoric in the Federal Government, however it is rarely executed. This is evidenced by the fact that the first principle from the Manifesto for Agile Software Development states, “Our highest priority is to satisfy customers through early and continuous delivery of valuable software.” That is to say that if delivery is not early and continuous, then ‘agile’ clearly has not manifested. When we say continuous delivery, we mean it. 
 
 In their book Continuous Delivery, Dave Farley and Jez Humble define continuous delivery as, “The ability to get changes, features, configuration changes, bug fixes, experiments into production safely and quickly in a sustainable way.” In this way, continuous delivery becomes an exercise in risk reduction not only to security and privacy risk, but especially to operational risk. To realize this benefit, production cannot be an arbitrary designation; production is the setting where software is put into operation for its intended uses by end users. Getting to such a production environment in Federal requires an ATO within the RMF. Continuously delivering to production would require a continuous ATO, which would require continuous application of the RMF. Thankfully, this can be accomplished within existing laws and NIST guidelines.
 
 <br/>
 
-## The Benefits
+## The Benefits of cATO
 
 **Improve security posture and lower risk**
 
@@ -43,7 +43,7 @@ In their book Continuous Delivery, Dave Farley and Jez Humble define continuous
 
 In the digital era, both the warfighting domain and policy domain are digital. Both demand the early and continuous delivery of valuable software:
 
-- We cannot afford to be disrupted on the battlefield–our democracy will be toppled from without.
+- We cannot afford to be disrupted on the battlefield–our democracy will be toppled from the outside.
 - We cannot afford to fail to deliver on promises to our citizens–our democracy will be toppled from within. 
 
 <br/>