Self-serve compliance reports for GHEC (#24831)

Author: lecoursen

assets/images/help/settings/compliance-report-download.png

@@ -0,0 +1,31 @@
+---
+title: Accessing compliance reports for your enterprise
+intro: "You can access {% data variables.product.company_short %}'s compliance reports, such as our SOC reports and Cloud Security Alliance CAIQ self-assessment (CSA CAIQ), for your enterprise."
+versions:
+  ghec: '*'
+type: how_to
+topics:
+  - Accounts
+  - Enterprise
+  - Fundamentals
+permissions: Enterprise owners can access compliance reports for the enterprise.
+shortTitle: Access compliance reports
+---
+
+## About {% data variables.product.company_short %}'s compliance reports
+
+You can access {% data variables.product.company_short %}'s compliance reports in your enterprise settings.
+
+{% data reusables.security.compliance-report-list %}
+
+## Accessing compliance reports for your enterprise
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.enterprise-accounts-compliance-tab %}
+1. Under "Resources", to the right of the report you want to access, click {% octicon "download" aria-label="The Download icon" %} **Download** or {% octicon "link-external" aria-label="The external link icon" %} **View**.
+
+   {% data reusables.security.compliance-report-screenshot %}
+
+## Further reading
+
+- "[Accessing compliance reports for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/accessing-compliance-reports-for-your-organization)"

content/admin/overview/accessing-compliance-reports-for-your-enterprise.md

@@ -15,5 +15,6 @@ children:
   - /system-overview
   - /about-the-github-enterprise-api
   - /creating-an-enterprise-account
+  - /accessing-compliance-reports-for-your-enterprise
 ---
 For more information, or to purchase {% data variables.product.prodname_enterprise %}, see [{% data variables.product.prodname_enterprise %}](https://github.com/enterprise).

content/admin/overview/index.md

@@ -149,9 +149,8 @@ Deleting a CA cannot be undone. If you want to use the same CA in the future, yo
 {% data reusables.organizations.delete-ssh-ca %}
 
 {% ifversion ghec or ghae %}
-
 ## Further reading
 
-- "[About identity and access management for your enterprise](/admin/authentication/managing-identity-and-access-for-your-enterprise/about-identity-and-access-management-for-your-enterprise)"
-
+- "[About identity and access management for your enterprise](/admin/authentication/managing-identity-and-access-for-your-enterprise/about-identity-and-access-management-for-your-enterprise)"{% ifversion ghec %}
+- "[Accessing compliance reports for your enterprise](/admin/overview/accessing-compliance-reports-for-your-enterprise)"{% endif %}
 {% endif %}

content/admin/policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-security-settings-in-your-enterprise.md

@@ -139,3 +139,9 @@ You can view and manage alerts from security features to address dependencies an
 
 {% ifversion fpt or ghec %}If you have a security vulnerability, you can create a security advisory to privately discuss and fix the vulnerability. For more information, see "[About {% data variables.product.prodname_security_advisories %}](/code-security/security-advisories/about-github-security-advisories)" and "[Creating a security advisory](/code-security/security-advisories/creating-a-security-advisory)."
 {% endif %}
+
+{% ifversion ghec %}
+## Further reading
+
+"[Accessing compliance reports for your organization](/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/accessing-compliance-reports-for-your-organization)"
+{% endif %}

content/code-security/getting-started/securing-your-organization.md

@@ -1,6 +1,6 @@
 ---
 title: Keeping your organization secure
-intro: 'Organization owners have several features to help them keep their projects and data secure. If you''re the owner of an organization, you should regularly review your organization''s audit log{% ifversion not ghae %}, member 2FA status,{% endif %} and application settings to ensure that no unauthorized or malicious activity has occurred.'
+intro: "You can harden security for your organization by managing security settings,{% ifversion not ghae %} requiring two-factor authentication (2FA),{% endif %} and reviewing the activity and integrations within your organization."
 redirect_from:
   - /articles/preventing-unauthorized-access-to-organization-information
   - /articles/keeping-your-organization-secure
@@ -14,14 +14,7 @@ topics:
   - Organizations
   - Teams
 children:
-  - /viewing-whether-users-in-your-organization-have-2fa-enabled
-  - /preparing-to-require-two-factor-authentication-in-your-organization
-  - /requiring-two-factor-authentication-in-your-organization
-  - /managing-security-and-analysis-settings-for-your-organization
-  - /managing-allowed-ip-addresses-for-your-organization
-  - /restricting-email-notifications-for-your-organization
-  - /reviewing-the-audit-log-for-your-organization
-  - /reviewing-your-organizations-installed-integrations
+  - /managing-two-factor-authentication-for-your-organization
+  - /managing-security-settings-for-your-organization
 shortTitle: Organization security
 ---
-