Repository: uiao-docs
Role: Canonical documentation source — Quarto pipeline, YAML schemas, rendered site
Live site: whalermike.github.io/uiao-docs
License: Apache 2.0
→ Customer Documentation Platform architecture (federal pair) — canonical in uiao-core/ARCHITECTURE.md. Defines how this repo's customer-documents/ tree, image pipeline, Quarto rendering, CI workflows, and Azure Government migration inherit from uiao-core canon. Out of scope: uiao-gos (commercial product, separate architecture).
The UIAO documentation set is written against the provisions of the following Executive Orders:
- EO 14144 (January 16, 2025) — Strengthening and Promoting Innovation in the Nation's Cybersecurity
- EO 14306 (June 6, 2025) — Sustaining Select Efforts to Strengthen the Nation's Cybersecurity; amending EO 13694 and EO 14144
- EO 14390 (March 6, 2026) — Combating Cybercrime, Fraud, and Predatory Schemes Against American Citizens (paired with President Trump's Cyber Strategy for America, March 2026)
These orders drive UIAO's emphasis on Zero Trust architecture, federal
cybersecurity modernization, FedRAMP / cloud transition, post-quantum
cryptography, and continuous compliance. The canonical mapping between
UIAO artifacts and EO provisions lives in uiao-core/canon/compliance/executive-orders.md
(UIAO_004). This repository is a consumer of that canon — do not
back-fill EO citations into uiao-docs artifacts without a
corresponding entry in UIAO_004.
uiao-docs is the single source of truth for all human-readable UIAO documentation. It contains:
- 124 Quarto
.qmdsource files (docs/) — the 20-document modernization canon plus Phase 5 operations, deep dives, adapters, ADRs, and governance - 30 YAML data schemas (
data/) — program metadata, control planes, compliance matrices, style guide - Quarto rendering pipeline (
_quarto.yml) — produces HTML, DOCX, and PPTX from a single source - CI/CD workflows (
.github/workflows/) — auto-build, deploy to GitHub Pages, link validation, changelog generation - Styled reference templates (
data/docx-reference.docx,data/pptx-reference.pptx) — Microsoft Learn aesthetic
The rendered site auto-deploys on every push to main.
| What | Where |
|---|---|
Documentation canon (.qmd) |
This repo |
| YAML data schemas | This repo (data/) |
| Rendered HTML site | whalermike.github.io/uiao-docs (build artifact) |
| OSCAL generation engine | uiao-core |
| Adapter framework | uiao-core |
| Operational wiki | Wiki |
See the SSOT Policy for the full ownership table and duplication rules.
# Clone
git clone https://github.com/WhalerMike/uiao-docs.git
cd uiao-docs
# Render HTML locally
quarto render --to html
# Preview with live reload
quarto previewRequires Quarto 1.4+. See the Getting Started wiki page for full setup.
The 20 numbered canon documents are organized into six phases:
| Phase | Documents | Focus |
|---|---|---|
| 1 — Foundational Architecture | 00–02 | Control planes, unified architecture, canon specification |
| 2 — Compliance & Governance | 03–05 | FedRAMP crosswalk, Phase 2 summary, management stack |
| 3 — Program & Leadership | 06–08 | Program vision, leadership briefing, modernization timeline |
| 4 — Index & Cross-Reference | 09–11 | Crosswalk index, directory structure, glossary |
| 4.5 — Extended Reference | 12–14 | AI security, FIMF adapter registry, TIC 3.0 roadmap |
| 5 — Data Governance Substrate | 15–20 | Provenance, drift detection, consent, claims, reconciliation, adapter contract |
Plus 100+ additional documents: Phase 5 operations, deep dives, v1.0 specifications, adapters, ADRs, and governance artifacts.
The site uses a structured sidebar with 11 sections. See _quarto.yml for the full navigation tree, or browse the live site.
UIAO (Unified Identity-Addressing-Overlay Architecture) is a federal network modernization program replacing legacy infrastructure silos with a unified, identity-driven, cloud-optimized architecture. It provides deterministic identity correlation and cross-service telemetry across six control planes, aligned with Zero Trust, TIC 3.0, NIST 800-63, and FedRAMP 20x.
- Single Source of Truth — Every claim has one authoritative origin.
- Conversation as the atomic unit — Every interaction binds identity, certificates, addressing, path, QoS, and telemetry.
- Identity as the root namespace — Every IP, certificate, subnet, policy, and telemetry event derives from identity.
- Deterministic addressing — Addressing is identity-derived and policy-driven.
- Certificate-anchored overlay — mTLS anchors tunnels, services, and trust relationships.
- Telemetry as control — Telemetry is a real-time control input, not passive reporting.
- Embedded governance and automation — Governance executes through orchestrated workflows.
- Public service first — Citizen experience, accessibility, and privacy are top-level constraints.
- See the Contributing Guidelines wiki page
- Canon documents (00–20) require Canon Steward review for changes
- All contributions must follow the Style Guide and Format Canon
- Diagrams use PlantUML (server-rendered PNG) or Gemini AI images — PlantUML is deprecated
5 active workflows run on every push to main:
| Workflow | Purpose |
|---|---|
build-docs.yml |
Renders .qmd → HTML, deploys to GitHub Pages |
pr-preview.yml |
Renders preview for pull requests |
changelog.yml |
Auto-generates CHANGELOG.md |
repo-hygiene.yml |
Validates internal links and directory structure |
| `verif |