diff --git a/adoption-guide/README.md b/adoption-guide/README.md
new file mode 100644
index 000000000..e5ae78e74
--- /dev/null
+++ b/adoption-guide/README.md
@@ -0,0 +1,8 @@
+This book has tabbed content. To build the book:
+
+1. Open a terminal window, and go to the Adoption Guide book dir: `cd prisma-cloud-docs/adoption-guide`
+2. Run `panconv book.yml`
+3. Run `./build-tabs.sh`
+4. Upload the book with panup
+
+Contact iansk if you need to add new tabs or refactor existing tabs.
diff --git a/adoption-guide/_adoption-guide.ditamap b/adoption-guide/_adoption-guide.ditamap
new file mode 100644
index 000000000..1e10a6291
--- /dev/null
+++ b/adoption-guide/_adoption-guide.ditamap
@@ -0,0 +1,117 @@
+
+
+
+
diff --git a/adoption-guide/_graphics/code-and-build.png b/adoption-guide/_graphics/code-and-build.png
new file mode 100644
index 000000000..5f1704bf1
Binary files /dev/null and b/adoption-guide/_graphics/code-and-build.png differ
diff --git a/adoption-guide/_graphics/deploy.png b/adoption-guide/_graphics/deploy.png
new file mode 100644
index 000000000..79b987116
Binary files /dev/null and b/adoption-guide/_graphics/deploy.png differ
diff --git a/adoption-guide/_graphics/prisma-cloud-architecture.png b/adoption-guide/_graphics/prisma-cloud-architecture.png
new file mode 100644
index 000000000..1e99a36a4
Binary files /dev/null and b/adoption-guide/_graphics/prisma-cloud-architecture.png differ
diff --git a/adoption-guide/_graphics/run.png b/adoption-guide/_graphics/run.png
new file mode 100644
index 000000000..349571f6f
Binary files /dev/null and b/adoption-guide/_graphics/run.png differ
diff --git a/adoption-guide/adoption-guide/adoption-guide.adoc b/adoption-guide/adoption-guide/adoption-guide.adoc
new file mode 100644
index 000000000..b5285a7e6
--- /dev/null
+++ b/adoption-guide/adoption-guide/adoption-guide.adoc
@@ -0,0 +1,10 @@
+== Adoption Guide
+
+This guide provides Prisma Cloud customers with a framework that establishes the pillars of security within their cloud journey.
+It focuses on the Prisma Cloud Enterprise software-as-a-service (SaaS) suite of capabilities.
+Prisma Cloud Enterprise is a Cloud Native Application Protection Platform (CNAPP) that incorporates all the various cloud security disciplines (e.g., multi-cloud posture management, workload protection, micro segmentation, identity and access management, data security, etc.) into a unified, holistic service for the protection of your cloud resources.
+
+The major cloud service providers (CSPs) each publish a cloud adoption framework (https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/secure/[Azure], https://cloud.google.com/adoption-framework[GCP], https://aws.amazon.com/professional-services/CAF/[AWS]).
+"Securing the cloud" is a pillar in each of these frameworks, and Prisma Cloud is a perfect fit for this pillar.
+It is a multi- and hybrid-cloud solution that provides visibility and control across CSPs’ cloud-based services (code, VM, containers, serverless functions, identity, etc.).
+Use Prisma Cloud to securely accelerate your organization’s cloud transformation journey.
diff --git a/adoption-guide/adoption-guide/code-build-advanced.adoc b/adoption-guide/adoption-guide/code-build-advanced.adoc
new file mode 100644
index 000000000..da98b2026
--- /dev/null
+++ b/adoption-guide/adoption-guide/code-build-advanced.adoc
@@ -0,0 +1,8 @@
+[#_cb_advanced]
+== Advanced
+
+* *Identify supply chain dependencies.*
+The supply chain capability on Code Security is a code-centric view of infrastructure and application security that visualizes a supply chain graph, starting with the IaC templates, the services, deployed cloud workload resources (including associated permissions), and the runtime configuration on these resources. Prisma Cloud’s supply chain graph is a real-time auto-discovery of potentially misconfigured infrastructure and application files, sorted into a concise data model that you can use to prioritize and search. The graph identifies infrastructure, image, open source, and secrets, and combines that data to identify risk chains. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-code-security/scan-monitor/supply-chain-security[Learn more about supply chain security].
+
+* *Trace a deployment of a cloud resource with tags.*
+Do you ever wonder which Infrastructure as Code template was used to deploy a cloud resource? Tags can help you trace the link for your resources deployed from code-to-cloud infrastructure. Detect drift within your code base and locate the specific resource within a commit that identifies teams and resource owners to help triage a fix in the most timely and cost-effective way. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-code-security/scan-monitor/iac-tag-and-trace[Learn more about IaC Tag and Trace].
diff --git a/adoption-guide/adoption-guide/code-build-deploy-run.adoc b/adoption-guide/adoption-guide/code-build-deploy-run.adoc
new file mode 100644
index 000000000..6676da615
--- /dev/null
+++ b/adoption-guide/adoption-guide/code-build-deploy-run.adoc
@@ -0,0 +1,7 @@
+== Code Build, Deploy, and Run
+
+In this guide, we segment the cloud application’s lifecycle into the following categories:
+
+* *Code & Build* – The CSPs provide the ability to codify the deployment, maintenance, and removal of cloud services (e.g., VMs, storage buckets, etc.). This is commonly referred to as infrastructure as code (IaC). You are responsible for the secure operation of your cloud services. Continuous Integration (CI) is a development lifecycle practice that has expanded with the growth of the cloud. CI provides your organization with the ability to rapidly and continuously develop, update, and maintain your cloud-based applications. The assembly and testing of your code into usable software packages are automated by CI systems (e.g., Jenkins, CircleCI, CloudBees) that integrate with the different code repositories and package management systems. These CI systems produce deployable artifacts, such as IaC, VM images, Docker images, Serverless Images, etc., that are consumed by the release processes to drive frequent deployments. Prisma Cloud provides visibility and control within your Code & Build processes to identify vulnerabilities and compliance violations before progressing to the next phase of the application’s lifecycle.
+* *Deploy* – Continuous deployment (CD) provides the automation of testing and deployment of applications within your clouds’ runtime environments. With modern automation, cloud applications are in a continuous cycle of development, testing, and release. This notion of continuous change is a fundamental challenge in managing cloud applications. Prisma Cloud identifies vulnerability and compliance issues within applications that are staged for deployment. With Prisma Cloud, you can enforce policies to ensure that only trusted applications are allowed to launch within the cloud runtime environment.
+* *Run* – Applications run across the cloud workload continuum. Regardless of where they are deployed (IaaS, PaaS, SaaS, etc.), the application’s runtime actions should be monitored for abnormal behaviors. Overly permissive cloud access roles present opportunities for attackers. Prisma Cloud quickly identifies expected behaviors and prevents anomalous behavior. It secures runtime environments using predictive and threat-based protections.
diff --git a/adoption-guide/adoption-guide/code-build-foundational.adoc b/adoption-guide/adoption-guide/code-build-foundational.adoc
new file mode 100644
index 000000000..0fbaf295f
--- /dev/null
+++ b/adoption-guide/adoption-guide/code-build-foundational.adoc
@@ -0,0 +1,8 @@
+[#_cb_foundational]
+== Foundational
+
+* *Identify misconfigured infrastructure as code that leads to insecure runtime cloud services.*
+Insecure IAC directives can ultimately manifest as misconfigured and vulnerable runtime cloud services. Identify common coding mistakes within the code repository. Find secret keys, passphrases, insecure configurations, and more. You need to identify these insecure codified cloud service directives before they get deployed as running services. Prisma Cloud Code Security scans code repositories that generate fully contextualized results. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-code-security/get-started/connect-your-repositories[Learn how to configure Code Security to protect your IaC code].
+
+* *Identify misconfigurations before you commit your code.*
+Prisma Cloud Code Security makes it possible for you to identify misconfigurations before developers commit their code. Avoid pull requests that will cause builds to fail due to undetected misconfigurations. Use the code analysis tool to scan IaC files from frameworks such as Terraform plan, CloudFormation, Azure Resource Manager (ARM), Secrets, Serverless, Dockerfile (only code), and Kubernetes. The integration of Code Security within IDE tools gives you immediate detection of misconfigurations and inline code fixes. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-code-security/get-started/connect-your-repositories/connect-vscode[Learn how to integrate Code Security within your IDE tools].
diff --git a/adoption-guide/adoption-guide/code-build-intermediate.adoc b/adoption-guide/adoption-guide/code-build-intermediate.adoc
new file mode 100644
index 000000000..90c21bdd2
--- /dev/null
+++ b/adoption-guide/adoption-guide/code-build-intermediate.adoc
@@ -0,0 +1,17 @@
+[#_cb_intermediate]
+== Intermediate
+
+* *Integrate vulnerability and compliance checks within your CI tools.*
+Scanning VMs, container images, and serverless functions in their earliest stage will allow you to fix issues before they are running in production. Use the Prisma Cloud CI plugin within the developers’ automation tools to scan for vulnerability and compliance issues. For example, developers can scan the packages and binaries that are compiled into the container images and immediately get detailed reports within their build pipelines, thus increasing your developers' security awareness. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/continuous_integration[Learn more about continuous integration with Prisma Cloud].
+
+* *Detect drift within Infrastructure as Code cloud deployments.*
+Drifts are inconsistencies in configuration that occur when resources are modified locally or manually using the CLI or console, and these divergences from the code are not recorded or tracked. The inconsistencies in code configuration can either be an addition or deletion of values from the template configuration in the source code. Code Security periodically scans your repositories to identify drifts that may occur between the build and deploy phases and enables you with corrective solutions to handle traceable configuration changes. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-code-security/scan-monitor/drift-detection[Learn more about drift detection].
+
+* *Prevent developers from committing hardcoded secrets.*
+Prisma Cloud detects when secrets are committed from developers’ machines, branches, and build jobs. Your code is analyzed using prebuilt secrets detectors, built to identify the API keys, tokens, and passwords developers may be using when developing a cloud-native app. Enforce policy by halting a build process when a secret is found to ensure secrets have not been committed downstream in your CI/CD process and assess if the secret was compromised. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-code-security/scan-monitor/monitor-fix-issues-in-scan[Learn how to monitor and fix issues in your scan].
+
+* *Define your own vulnerability and compliance policies.*
+Prisma Cloud includes out-of-the-box policies that enable you to detect misconfigurations and provide automated fixes for security issues across your integrated code repositories. You also have the flexibility to add new custom policies for your repositories and pipelines. As soon as you connect Code Security to your repositories, both out-of-the-box and custom policies are used to scan for potential issues. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-code-security/scan-monitor/custom-build-policies[Learn more about how to create your own custom policies].
+
+* *Analyze the runtime behavior of images before running in development and production environments.*
+You are going to deploy an image into your environment, and you want to ensure that the image’s resulting container will not exhibit malicious behavior. With Prisma Cloud’s twistcli plugin, you can validate an image’s runtime behaviors within a sandboxed environment. Have confidence that your images will not exhibit malicious runtime behaviors before leaving the build phase. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/image_analysis_sandbox[Learn more about Image Sandbox Analysis].
diff --git a/adoption-guide/adoption-guide/code-build.adoc b/adoption-guide/adoption-guide/code-build.adoc
new file mode 100644
index 000000000..79fd94d77
--- /dev/null
+++ b/adoption-guide/adoption-guide/code-build.adoc
@@ -0,0 +1,16 @@
+[#tabs-code-build]
+== Code Build
+
+image::code-and-build.png[]
+
+The cloud has changed how applications are collaboratively developed. The use of version control systems (e.g., GitHub, GitLab, Bitbucket, Azure Repos, etc.) has grown exponentially. The CSPs provide customers with the ability to deploy and maintain their cloud services using scripting languages such as Terraform. These coding technologies and disciplines have introduced the “learn how to configure code security” feature to protect your IaC code opportunity of identifying vulnerabilities and misconfigurations before they are compiled into applications or deployed as insecure cloud services. This approach to securing the development of code is frequently called “shifting left.” The building of cloud resources involves various technologies that span computational environments, such as virtual machine images, container images, and continuous integration build tools (e.g., Jenkins, CircleCI, CloudBees, etc.). Prisma Cloud provides DevSecOps stakeholders with the ability to securely build and maintain their cloud-based environments.
+
+Implement the following Prisma Cloud capabilities to provide visibility and control within your organization's cloud coding and building practices:
+
+++++
+
+++++
diff --git a/adoption-guide/adoption-guide/continued-reading.adoc b/adoption-guide/adoption-guide/continued-reading.adoc
new file mode 100644
index 000000000..32a2da8b8
--- /dev/null
+++ b/adoption-guide/adoption-guide/continued-reading.adoc
@@ -0,0 +1,4 @@
+== Get Help
+
+This guide’s goal is to help you and your organization capitalize on the industry-leading Cloud Native Application Protection Platform capabilities of Prisma Cloud Enterprise. We encourage you to engage with your Palo Alto Networks support team to start the journey of protecting your organization with Prisma Cloud Enterprise.
+
diff --git a/adoption-guide/adoption-guide/deploy-advanced.adoc b/adoption-guide/adoption-guide/deploy-advanced.adoc
new file mode 100644
index 000000000..11579c2a5
--- /dev/null
+++ b/adoption-guide/adoption-guide/deploy-advanced.adoc
@@ -0,0 +1,8 @@
+[#_deploy_advanced]
+== Advanced
+
+* *Enforce Kubernetes operational policies.*
+Prisma Cloud provides a dynamic admission controller for Kubernetes and OpenShift that is built on the Open Policy Agent (OPA). Prisma Cloud disseminates your policies to Defenders deployed within a Kubernetes cluster. With OPA rules, you can control the creation, maintenance, and deletion operations within your Kubernetes clusters. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/access_control/open_policy_agent[Learn more about simplified policy enforcement with managed OPA].
+
+* *Deploy only trusted containers.*
+Modern development has made it easy to reuse open source software. Pulling images from public registries is easy, fast, and convenient. However, it is a practice that is not allowed by most organizations. You should maintain a set of trusted images and registries to ensure that only these images are allowed to be deployed within the runtime environment. You can define the trusted images and registries to ensure that only these images are allowed to run in your environment. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/compliance/trusted_images[Learn more about trusted images].
diff --git a/adoption-guide/adoption-guide/deploy-foundational.adoc b/adoption-guide/adoption-guide/deploy-foundational.adoc
new file mode 100644
index 000000000..3d7575705
--- /dev/null
+++ b/adoption-guide/adoption-guide/deploy-foundational.adoc
@@ -0,0 +1,8 @@
+[#_deploy_foundational]
+== Foundational
+
+* *Discover compliance issues and vulnerabilities on your deployed containers.*
+To affect deployment policies with your environments, you will need to deploy Prisma Cloud Defenders. A Defender is the component that performs registry vulnerability and compliance scanning, Kubernetes policy enforcement, etc. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/install/install_defender/install_cluster_container_defender[Learn more about how to deploy container Defenders].
+
+* *Scan images stored within container image registries.*
+To identify vulnerabilities and compliance issues in images stored within your registries, first deploy container Defenders, then configure registry scanning. Prisma Cloud scans images for vulnerabilities and configuration compliance via a schedule or a webhook. New vulnerabilities are automatically updated within Prisma Cloud via the Intelligence Stream service. Prisma Cloud will automatically identify these new vulnerabilities within hosts, images, containers, and serverless functions throughout your environment. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/registry_scanning[Learn more about how to scan your container image registries].
diff --git a/adoption-guide/adoption-guide/deploy-intermediate.adoc b/adoption-guide/adoption-guide/deploy-intermediate.adoc
new file mode 100644
index 000000000..e3b7614cf
--- /dev/null
+++ b/adoption-guide/adoption-guide/deploy-intermediate.adoc
@@ -0,0 +1,5 @@
+[#_deploy_intermediate]
+== Intermediate
+
+* *Enforce vulnerability and compliance policies.*
+Prisma Cloud container Defenders enforce your organization’s policies to ensure non-compliant images are not allowed to instantiate as running containers. You can create policies to block specific vulnerabilities and/or compliance findings. You can allow exceptions and grace periods for findings that are migrated through other controls. Enforce your organization’s vulnerability and compliance policies ensuring the secure operations of your services. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/vuln_management_rules[Learn more about policy enforcement].
diff --git a/adoption-guide/adoption-guide/deploy.adoc b/adoption-guide/adoption-guide/deploy.adoc
new file mode 100644
index 000000000..c385ccdca
--- /dev/null
+++ b/adoption-guide/adoption-guide/deploy.adoc
@@ -0,0 +1,16 @@
+[#tabs-deploy]
+== Deploy
+
+image::deploy.png[]
+
+Deployment of services has traditionally been the responsibility of the operations group. With cloud technologies, that responsibility is now shared with developers and security practitioners. The cloud has brought these traditionally disparate groups into the DevSecOps operations of today. Prisma Cloud provides your DevSecOps groups with a common platform to visualize, monitor, and deploy cloud-based services.
+
+Implement the following Prisma Cloud capabilities to provide visibility and control within your organization's cloud deployment practices:
+
+++++
+
+++++
diff --git a/adoption-guide/adoption-guide/foundational-intermediate-advanced.adoc b/adoption-guide/adoption-guide/foundational-intermediate-advanced.adoc
new file mode 100644
index 000000000..69d84fd97
--- /dev/null
+++ b/adoption-guide/adoption-guide/foundational-intermediate-advanced.adoc
@@ -0,0 +1,17 @@
+== Foundational, Intermediate, and Advanced
+
+This guide categorizes Prisma Cloud capabilities that are recommended to be implemented within the cloud disciplines of code & build, deploy, and run. This framework’s cloud adoption phases are:
+
+* *Foundational* – Your organization has started its cloud adoption journey. You are presented with the challenge of effectively managing assets within the cloud and on-premises. Prisma Cloud Enterprise provides your organization with the visibility, tools, and knowledge to develop a strong and secure cloud adoption foundation.
+
+* *Intermediate* – Prisma Cloud supports your organization’s progression of understanding and adopting cloud-based technologies. Effectively manage the vulnerabilities and compliance of your cloud-based resources. Use Prisma Cloud to secure cloud capabilities that advance beyond the traditional infrastructure as a service architecture.
+
+* *Advanced* – Your organization is innovating its business with the cloud, and this is supported by the industry-leading capabilities of Prisma Cloud Enterprise. Proactively control your cloud operations, and identify and remediate issues before they manifest within your runtime environments.
+
+The cloud has introduced a new discipline to cybersecurity and the total cost of ownership. Organizations can quickly utilize technologies that would have taken years to implement in a traditional on-premises environment.
+
+image::prisma-cloud-architecture.png[]
+
+The ownership of responsibility between the CSP and the customer is dependent upon the technology (e.g., IaaS, PaaS, or SaaS). Prisma Cloud provides consistent security across the ownership responsibility gradient dependent upon the technology. It secures all these technologies, giving the customer confidence in their cloud transformation journey. This guide is intended for all organizational cloud stakeholders. With Prisma Cloud, Development, Security, and Operations (DevSecOps) practitioners have a common platform to identify, protect, detect, respond to, and recover their cloud-based infrastructure, services, and workloads.
+
+Palo Alto Networks is the leader in cloud cybersecurity. Internally, our services teams have worked together to create this guide. It is a collaboration of what Palo Alto Networks has experienced, and how to address those issues in your environment. Use the https://github.com/PaloAltoNetworks/prisma-cloud-best-practices/blob/main/Prisma%20Cloud%20Field%20Guide.pdf[Prisma Cloud Field Guide] for an in-depth technical understanding of how to fully utilize Prisma Cloud Enterprise. We recommend following the https://www.paloaltonetworks.com/blog/prisma-cloud/[Prisma Cloud blogs] for the latest Prisma Cloud announcements.
diff --git a/adoption-guide/adoption-guide/run-advanced.adoc b/adoption-guide/adoption-guide/run-advanced.adoc
new file mode 100644
index 000000000..bb2f04851
--- /dev/null
+++ b/adoption-guide/adoption-guide/run-advanced.adoc
@@ -0,0 +1,8 @@
+[#_run_advanced]
+== Advanced
+
+* *Safeguard your web applications and APIs from attacks with layer 7 firewall protection.*
+Prisma Cloud’s Web Application and API Security (WAAS) is a web application and API firewall designed for HTTP-based web applications deployed directly on hosts as containers, application-embedded, or serverless functions. Your web applications running on hosts, containers, or serverless are protected against the most critical OWASP top 10 risks, including injection flaws, broken authentication, broken access control, security misconfigurations, etc. In addition, you can enable many other security features like access control, file upload control, bot protection, DoS protection, and more. The overall outcome is that you will be protected against vulnerabilities like Log4j. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/waas/waas-intro[Learn more about Prisma Cloud’s Web Application and API Security protections].
+
+* *Automatically correct misconfigurations.*
+With complex multi-cloud environments, the security operations team wants to have automated solutions to resolve security violations, such as misconfigured security groups, to be addressed immediately and effectively. Prisma Cloud can automatically resolve policy violations within the Prisma Cloud console. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-alerts/configure-prisma-cloud-to-automatically-remediate-alerts[Learn more about Prisma Cloud auto-remediation capabilities].
diff --git a/adoption-guide/adoption-guide/run-foundational.adoc b/adoption-guide/adoption-guide/run-foundational.adoc
new file mode 100644
index 000000000..95c0f0709
--- /dev/null
+++ b/adoption-guide/adoption-guide/run-foundational.adoc
@@ -0,0 +1,23 @@
+[#_run_foundational]
+== Foundational
+
+* *Gain visibility into your cloud services and assets running within your cloud environments.*
+Onboarding allows Prisma Cloud to query your CSP’s API endpoints to collect configuration, network, and audit data. This information is used to identify vulnerable configurations, suspicious network traffic, and anomalous behaviors within your cloud infrastructure. Supported cloud service providers are Alibaba Cloud, Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Oracle Cloud Infrastructure. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/connect-your-cloud-platform-to-prisma-cloud[Learn more about onboarding your cloud accounts].
+
+* *See all cloud resources across all clouds in a single pane of glass.*
+You need to have complete visibility into every deployed resource and absolute confidence in the configuration status of your multiple cloud environments. Therefore, maintaining a current inventory of deployed resources and gaining centralized visibility across cloud environments are essential for your cloud operations. From the single dashboard, you gain operational insight over all our cloud infrastructure, including assets and services. Prisma Cloud also maintains a history of configuration changes, enabling users to understand exactly when a new security issue was introduced and by whom, to simplify cloud forensics and auditing. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-dashboards/asset-inventory[Learn more about cloud inventory management].
+
+* *Quickly identify vulnerabilities without deploying agents.*
+Agentless scanning lets you inspect the risks and vulnerabilities of a virtual machine without having to install an agent or affecting the execution of the instance. Prisma Cloud supports agentless scanning on AWS, GCP, and Azure hosts for vulnerabilities. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/agentless_scanning[Learn more about Agentless scanning].
+
+* *Identify vulnerability and compliance issues within serverless functions.*
+Serverless computing has gained popularity due to cloud providers dynamically managing the allocation of machine resources. Serverless architectures delegate operational responsibilities to the cloud provider. However, you are responsible for the vulnerabilities in your code and associated dependencies. Prisma Cloud scans your cloud-based serverless functions without the deployment of Defenders. Prisma Cloud supports AWS Lambda, Google Cloud Functions, and Azure Functions. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/serverless_functions[Learn more about serverless function scanning].
+
+* *Check your cloud environments against compliance standards.*
+Onboard your cloud accounts to quickly review, manage, and enforce compliance standards across multi-cloud environments in realr-time based on your regulated industry’s standards. Prisma Cloud supports more than 20 compliance standards, including PCI DSS, HIPAA, GDPR, SOC2, NIST 800-171, NIST 800-53, NIST CSF, ISO 27002, CCPA, CCM, and custom frameworks. You can create compliance reports and run them immediately, or schedule them on a recurring basis to measure your compliance over time. You can also track your vulnerability issues and ensure your cloud environment is secure and void of misconfiguration mistakes. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-compliance[Learn more about compliance standards].
+
+* *Work towards Zero Trust by reviewing net-effective permissions and removing excessive permissions for all user and resource identities.*
+In the public cloud, overly permissive roles, poor credential hygiene, and accidental public exposure have caused significant enterprise breaches. Gaining visibility into net-effective permissions across cloud providers is a complex task. The security operations team needs to apply and maintain the principle of least privilege in highly dynamic multi-cloud environments. Prisma Cloud provides broad visibility into effective permissions, continuously monitors cloud environments for risky and unused entitlements, and automatically makes least-privilege recommendations. You can query all relevant identities, including all the relationships among different entities and their effective permissions, in the cloud environments. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-iam-security[Learn more about Prisma Cloud cloud entitlements management].
+
+* *Ensure that data stored in the cloud is secure and does not contain sensitive information or malware.*
+The near-limitless capacity offered by cloud storage services has enabled organizations to store significant amounts of data, amplifying the challenges of traditional, lengthy, and error-prone manual processes for classification. The risks of cloud storage services, from misconfiguration to sensitive data to malware to suspicious user activities, are challenging to assess and remediate without a single consolidated view. Prisma Cloud Data Security is purpose-built to address the challenges of discovering and protecting data at the scale and velocity common in public cloud environments. It enables the discovery and classification of data stored in AWS S3 buckets and protects against accidental exposure, misuse, or sharing of sensitive data. In addition to protecting your confidential and sensitive data, your data is also protected against threats—known and unknown (zero-day) malware using Palo Alto Networks WildFire service. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security[Learn more about Prisma Cloud’s data security capabilities].
diff --git a/adoption-guide/adoption-guide/run-intermediate.adoc b/adoption-guide/adoption-guide/run-intermediate.adoc
new file mode 100644
index 000000000..11280e74a
--- /dev/null
+++ b/adoption-guide/adoption-guide/run-intermediate.adoc
@@ -0,0 +1,11 @@
+[#_run_intermediate]
+== Intermediate
+
+* *Monitor the runtime behavior of your applications.*
+Applications run across the cloud continuum. Regardless of where they are deployed (hosts, containers, serverless functions, etc.), the application’s runtime behavior should be monitored for abnormal behaviors. The security operations team needs to identify those planned behaviors quickly and prevent any other un-predictive anomalous behavior. Prisma Cloud secures runtime environments using predictive and threat-based protection without adding overhead. Threat-based protection includes capabilities like detecting when malware is added to a container or when a container connects to a botnet. Prisma Cloud automatically creates runtime models based on observed processes, networking, and file system behaviors. These runtime models can be adjusted to further refine the monitoring and effect policy responses when events are encountered. In addition, Prisma Cloud captures the forensic details, which provide the history of events that led up to and followed an incident for threat hunting and lifecycle analysis. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/runtime_defense_containers[Learn more about Prisma Cloud runtime defense].
+
+* *Identify anomalous network and user activities.*
+The dynamic, distributed nature of cloud environments often creates alerts that lack context at a volume that can overwhelm security operations teams. Attempting to correlate logs, API metadata, and signature-driven alerts can quickly flood teams with false positives instead of actionable insight. Prisma Cloud employs advanced machine learning to identify the normal network behavior of each customer’s cloud environment to detect anomalies. Users who access cloud environments can pose a significant threat if not continuously monitored for unusual activities that could signal possible credential or account compromise. Prisma Cloud continuously monitors and learns each user's activities to identify what’s normal and alerts on behaviors that deviate from that baseline. Prisma Cloud provides a comprehensive policy to detect malicious network and user activities. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/prisma-cloud-threat-detection[Learn more about Prisma Cloud’s threat detection].
+
+* *Prioritize risk management and incident responses.*
+As alerts start to arrive from Prisma Cloud, it is critical to categorize what is important to avoid alert fatigue. The ATT&CK Explorer and Top Incidents & Risks (view by MITRE ATT&CK) give an excellent overview and categorization of your alerts to easily address any possible issues, including both incidents that map to MITRE as well as misconfiguration risks that could be addressed to make your cloud infrastructure less prone to specific MITRE ATT&CK tactics. The MITRE ATT&CK framework’s curated knowledge base and model for cyber adversary behavior is available for your security operations team to easily track down possible incidents and wade through audits/noise to find what is important in your environment. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/runtime_defense/attack[Learn more about Prisma Cloud’s ATT&CK Explorer and Top Incidents & Risks (view by MITRE ATT&CK)].
diff --git a/adoption-guide/adoption-guide/run.adoc b/adoption-guide/adoption-guide/run.adoc
new file mode 100644
index 000000000..9227eb7de
--- /dev/null
+++ b/adoption-guide/adoption-guide/run.adoc
@@ -0,0 +1,16 @@
+[#tabs-run]
+== Run
+
+image::run.png[]
+
+The runtime environment is the culmination of all the other phases. This is where the immense, diverse cloud computational resources are available and orchestrated by you. Operational discipline is of equal importance to the securing of applications running within the cloud. Prisma Cloud provides real-time visibility and full-stack protection across all the leading public clouds.
+
+Implement the following Prisma Cloud capabilities to provide visibility and control within your organization's cloud runtime environment:
+
+++++
+
+++++
diff --git a/adoption-guide/book.yml b/adoption-guide/book.yml
new file mode 100644
index 000000000..7eaad5452
--- /dev/null
+++ b/adoption-guide/book.yml
@@ -0,0 +1,26 @@
+---
+kind: book
+title: Prisma Cloud Adoption Guide
+author: Prisma Cloud team
+ditamap: prisma-cloud-adoption-guide
+dita: techdocs/en_US/dita/prisma/prisma-cloud/prisma-cloud-adoption-guide
+graphics: techdocs/en_US/dita/_graphics/prisma/prisma-cloud/prisma-cloud-adoption-guide
+---
+kind: chapter
+name: Adoption Guide
+dir: adoption-guide
+topics:
+- name: Adoption Guide
+ file: adoption-guide.adoc
+- name: Code Build, Deploy, and Run
+ file: code-build-deploy-run.adoc
+- name: Foundational, Intermediate, and Advanced
+ file: foundational-intermediate-advanced.adoc
+- name: Code Build
+ file: code-build.adoc
+- name: Deploy
+ file: deploy.adoc
+- name: Run
+ file: run.adoc
+- name: Get Help
+ file: continued-reading.adoc
diff --git a/adoption-guide/build-tabs.sh b/adoption-guide/build-tabs.sh
new file mode 100755
index 000000000..bf1bc85c0
--- /dev/null
+++ b/adoption-guide/build-tabs.sh
@@ -0,0 +1,23 @@
+# Build Code & Build tabs
+echo "Generate Code & Build tabs"
+asciidoctor -r ~/.pandita/dita.rb -b dita -a experimental --out-file output/adoption-guide/code-build-advanced.xml adoption-guide/code-build-advanced.adoc
+asciidoctor -r ~/.pandita/dita.rb -b dita -a experimental --out-file output/adoption-guide/code-build-foundational.xml adoption-guide/code-build-foundational.adoc
+asciidoctor -r ~/.pandita/dita.rb -b dita -a experimental --out-file output/adoption-guide/code-build-intermediate.xml adoption-guide/code-build-intermediate.adoc
+
+# Build Deploy tabs
+echo "Generate Deploy tabs"
+asciidoctor -r ~/.pandita/dita.rb -b dita -a experimental --out-file output/adoption-guide/deploy-advanced.xml adoption-guide/deploy-advanced.adoc
+asciidoctor -r ~/.pandita/dita.rb -b dita -a experimental --out-file output/adoption-guide/deploy-foundational.xml adoption-guide/deploy-foundational.adoc
+asciidoctor -r ~/.pandita/dita.rb -b dita -a experimental --out-file output/adoption-guide/deploy-intermediate.xml adoption-guide/deploy-intermediate.adoc
+
+# Build Run tabs
+echo "Generate Run tabs"
+asciidoctor -r ~/.pandita/dita.rb -b dita -a experimental --out-file output/adoption-guide/run-advanced.xml adoption-guide/run-advanced.adoc
+asciidoctor -r ~/.pandita/dita.rb -b dita -a experimental --out-file output/adoption-guide/run-foundational.xml adoption-guide/run-foundational.adoc
+asciidoctor -r ~/.pandita/dita.rb -b dita -a experimental --out-file output/adoption-guide/run-intermediate.xml adoption-guide/run-intermediate.adoc
+
+# Copy map file to output dir
+echo "Copy fixed map file to output dir"
+cp _adoption-guide.ditamap output/adoption-guide/
+
+echo "Done"