Merge pull request #23 from cisagov/colin/projectREADME

add product documentation

docs/product/phase_one.md

@@ -0,0 +1,41 @@
+# A new .gov system: Phase 1
+Purpose: Summarize the priorities for 18F and CISA in pursuing an initial build of a new .gov registrar.
+**The below was agreed upon on 08/04/2022**
+
+## Goals for Phase 1
+**Primary Goal:** Recreate the necessary core functionality in a new system
+
+**Secondary Goal:** Reduce the CISA admin burden while maintaining high security standards
+
+Deprioritized for later:
+* Make getting a .gov domain as easy as getting a .com or .us 
+* Help more government entities set up and maintain their .gov site and infrastructure
+* Build awareness and credibility of .gov domains
+
+## Milestones
+_To be prioritized and posted_
+
+## Considerations and Tradeoffs
+### Success for Phase 1 is...
+* A new system that 
+  * Can respond to user needs for all long term goals
+  * Can reduce the number of actors or decisions in a successful flow
+  * Upholds a security review process for getting a .gov domain
+  * Meets code and accessibility standards + open source policy
+  * Lays the foundation for a “a simple and secure registration process that works to ensure that domains are registered and maintained only by authorized individuals (Dotgov Act)”
+* Supporting 1-2 registrant and admin flows with limited improvement and automation, based on value and complexity
+* Has or is ready for an ATO
+* Coordinating and navigating with procurement processes (RFPs and current vendor agreement) 
+
+### Risks 
+* App may be supported by a combination of manual work and automation, not fully automated
+* Scope creep – we build a system that can’t be ATO’d prior to June or Nov 2023
+* We build out a narrow slice of the system, which may be insufficient for all registrant and administrative use cases
+* We wouldn’t be intentionally and directly focused on or prioritizing improving the registrant / admin experience 
+
+### Example User Stories (to be prioritized)
+* As a potential registrant, I want to learn what I should know about .gov so I can build support inside my organization to get a .gov domain.
+* As a registrant, I need the registrar to have strong user authentication so that sensitive domain- or account-impacting actions take place post-authentication.
+* As a program lead, I need to ensure that issued domains are from authentic, eligible organizations and requested by someone with authority so that domains are only given to bona fide US-based government organizations.
+* As a program lead, I need to run queries on .gov data to ensure alignment with program, agency, and Congressional reporting requirements.
+* As a program lead, I want to be able to send messages to individuals, groups, or all registrants so they are aware of important information: status emails (system downtime, etc.) to updates to status of an application. (PENDING, APPROVED, etc.).

docs/product/product_strategy.md

@@ -0,0 +1,54 @@
+# .gov Product Strategy
+Purpose: Clarify our focus for developing a new .gov TLD system and align it to the needs of its users, CISA's mission and standards, and the vision for the .gov program.
+
+## Product Vision
+_TBD - once we synthesize initial research and align as a product team_
+
+## Primary, Secondary, Tertiary Users
+### Primary:
+* US-based government organizations and publicly-controlled entities who use or should use the registrar
+  * _NOTE: Segmenting our audience is a separate conversation and so this intentionally broad as placeholder_
+* CISA .gov administrators
+
+
+## Problem Statements
+_TBD - once we synthesize initial research and prioritize areas of need_
+
+## Short-term Success for .gov
+### Primary:
+* A production-ready, modern .gov registrar that can replace the current system with improved user experience and operational efficiency
+  * Built in the open
+  * Meeting accessibility and testing standards
+* A plan for developing capacity within the CISA organization going forward
+
+### Secondary
+* Having a clear understanding and definition of current state
+* A plan for new product 
+* A product plan that coordinates with other RFP actions
+
+## Long-term Success for .gov
+### Primary:
+* Increase the number of governments, currently on non-.gov TLDs, to .gov
+* Develop services to support “the security, privacy, reliability, accessibility, and speed of registered .gov internet domains” (DOTGOV ACT)
+* Sustainable long-term skills and capacity to scale up the program
+
+### Secondary
+* Increase number of domain registrations
+* Reduce time to get an application approved from 20 days to 1-2 business days
+* Increase the percentage of domains which resolve to content
+* Reduce time to ship changes to production
+* Enable the discoverability of government services to the public and to domain registrants (DOTGOV ACT)
+* A “simple and secure” registration process that works to “ensure that domains are registered and maintained only by authorized individuals” (DOTGOV ACT)
+* Active .gov community of practice where members ask and answer questions, provide feedback, and where CISA can communicate with all .gov domain managers
+* Demonstrated commitment to working in the open
+* A clear role for humans or a call center to support registrant use cases
+
+## Problems .gov registrar needs to solve (now)
+_TBD - once we synthesize initial research and align as a product team_
+
+## Problems NextGen doesn’t need to solve (next or later)
+_TBD - once we synthesize initial research and align as a product team_
+
+## Risks
+_To be prioritized and posted_
+