diff --git a/_includes/build/bcda_credentials.html b/_includes/build/bcda_credentials.html
index 272130a..a3550df 100644
--- a/_includes/build/bcda_credentials.html
+++ b/_includes/build/bcda_credentials.html
@@ -1,22 +1,28 @@
-<p>
-  In production, BCDA protects its endpoints with OAuth2 access tokens.
-  </p>
+<p>Production credentials authorize your organization's access to the Beneficiary Claims Data API (BCDA). Eligible model entities can manage BCDA credentials by logging into their model-specific system: </p>
+<ul>
+  <li><strong>ACOs in the Medicare Shared Savings Program</strong>: Credential delegates can manage and create credentials from <a href="https://acoms.cms.gov/api-key-mgmt/bcda">ACO Management System (ACO-MS)</a>. </li>
+  <li><strong>REACH ACOs</strong> and <strong>KCEs or KCF practices in the Kidney Care Choices Model</strong>: The following roles can manage and create credentials from <a href="https://4innovation.cms.gov/secure/api-credentials/bcda">4innovation (4i)</a>: <ul>
+      <li>Executive Contact </li>
+      <li>Entity Primary Contact </li>
+      <li>Entity Secondary Contact </li>
+      <li>DUA Requestor </li>
+      <li>DUA Custodian</li>
+    </ul>
+  </li>
+</ul>
+<p>Your registered contact can <a href="https://www.cms.gov/data-research/cms-information-technology/cms-identity-management/help-desk-support">contact the ACO-MS and 4i help desk</a> to assign these roles.</p>
 
-  <div class="ds-c-alert ds-c-alert--hide-icon">
-    <div class="ds-c-alert__body">
-      <h3 class="ds-c-alert__heading">Your credentials are protected data.</h3>
-        <p class="ds-c-alert__text">
-        Please store them safely and securely.	
-      </p>
-	</div>
-  </div>
+<h3 id="create-credentials">Create your credentials</h3>
+<p>BCDA credentials are formatted as a client ID and secret, which your organization will use every time it requests an authentication token. Production credentials are sensitive information and must be stored securely. </p>
+<p>Create BCDA credentials by visiting the <em>API Credentials</em> page in your model-specific system. Choose the <em>BCDA Credentials</em> tab, then select <em>Create New API Credentials</em>. You'll need to provide a public, static IP address for every system, including vendors, that will access the API (up to 8 IP addresses). It may take up to an hour for the allow list to be updated. </p>
 
-<h3>
-Model Entities Gain Access to BCDA through ACO-MS or 4i
-</h3>
+<h3 id="rotate-credentials">Rotate your credentials</h3>
+<p>Your organization's credentials will expire and deactivate after a set period of time. You can rotate BCDA credentials in the <em>API Credentials</em> page to generate a new, active client ID and secret. </p>
+<p>You'll need to rotate credentials every <strong>90 days</strong> in 4i or every <strong>12 months</strong> in ACO-MS. Once you choose the <em>BCDA Credentials</em> tab, select the rotate icon under the <em>Actions</em> column. </p>
 
-<p>
- <p><u>ACOs in the Medicare Shared Savings Program:</u> Create and manage your organization's BCDA credentials from the <a href="https://acoms.cms.gov/" rel="noopener">ACO Management System</a>.</p> 
-<p><u>REACH ACOs and KCEs or KCFs in the Kidney Care Choices Model:</u> Create and manage your organization's BCDA credentials from the <a href="https://4innovation.cms.gov/landing" rel="noopener">4i portal</a>.</p>
-<p>When creating new credentials, be prepared to provide the IP address(es) for each system that will make requests to BCDA. It may take up to an hour for the allow list to be updated after the IP address(es) are added.</p>
-</p>
+<h3 id="revoke-credentials">Revoke your credentials</h3>
+<p>You may need to revoke (deactivate) your organization's credentials if they are leaked or compromised. You can create new credentials as a replacement afterward. </p>
+<p>Revoke BCDA credentials in the <em>API Credentials</em> page. Choose the <em>BCDA Credentials</em> tab, then select the delete (x) icon under the <em>Actions</em> column. </p>
+
+<h3 id="credentials-compromised">If your credentials have been compromised</h3>
+<p>Please revoke or rotate your BCDA credentials immediately. Afterward, notify the BCDA team at <a href="mailto:bcapi@cms.hhs.gov">bcapi@cms.hhs.gov</a> to review recent activity. </p>
\ No newline at end of file
diff --git a/_updates/2024-11-18.html b/_updates/2024-11-18.html
new file mode 100644
index 0000000..022a4e3
--- /dev/null
+++ b/_updates/2024-11-18.html
@@ -0,0 +1,14 @@
+---
+---
+<div class="ds-u-padding-y--2">
+  <div class="ds-u-font-size--h3 ds-u-font-weight--bold ds-u-padding-y--2">
+    Updated guidance on managing BCDA credentials
+  </div>
+  <div class="ds-u-font-size--lead">
+    November 20, 2024
+  </div>
+  <div>
+    <p>The BCDA team has updated our guidance for model entities managing their BCDA credentials in 4i and ACO-MS. Please visit <a href="/build.html#bcda-credentials" class="in-text__link">Manage your BCDA Credentials</a> for model specific instructions on how to manage and create BCDA credentials for your organization.</p>
+    <p>No action is required for BCDA users, but we hope the updated guidance is helpful!</p>
+  </div>
+</div>
\ No newline at end of file
diff --git a/build.html b/build.html
index 30e84c8..07685f4 100644
--- a/build.html
+++ b/build.html
@@ -38,7 +38,7 @@
           <ul class="ds-c-vertical-nav__subnav">
             <li class="ds-c-vertical-nav__subnav">
               <a class="ds-c-vertical-nav__label ds-c-vertical-nav__label" href="#bcda-credentials">
-                Obtain your BCDA Credentials
+                Manage your BCDA Credentials
               </a>
             </li>
             <li class="ds-c-vertical-nav__subnav">
@@ -160,7 +160,7 @@ <h1>
           </div>
           <div id="bcda-credentials">
             <h2>
-              Obtain your BCDA Credentials
+              Manage your BCDA Credentials
             </h2>
             <div class="ds-u-font-size--base">
               {% include build/bcda_credentials.html %}