1. - [x] Mandatory: Add the required version to the Fix version/s field.

2. - [x] Mandatory: Choose the type of documentation change or review.

• [x] We need to update to an existing topic

• [ ] We need to add a new document to an existing section

• [ ] We need a whole new section; this is a function not
  documented before and doesn't belong in any current section

• [ ] We need an Operator Advisory review and approval

• [ ] We need a z-Stream (Errata) Advisory and Release note
  for MCE and/or ACM

3. - [x] *Mandatory: *Use the following link to open the doc and find where the
documentation update should go. Note: As the feature and doc is
understood and developed, this placement decision may change:

• Published doc: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/governance/security

In ACM 2.2 there was a Security book containing Governance, RBAC and Certificate topics.
In ACM 2.3 that book was split into a Governance book and an Access Control book.  The area of confusion is some security content remains in the Governance book that doesn't belong, but because the Access Control book was renamed from Security, it doesn't feel like the right landing place either.

My proposal is to have a Security book and a Governance book.  The Governance book would have only Governance topics – our Policy framework.  The Security book would have the Access Control details and the Security Overview section of the Governance book would move.

I would love for this to be discussed some more to see if this feels right to others.  There was general agreement on this idea in the Security Sync call.