diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dd966ea1112..2739ebc2e1c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -163,6 +163,17 @@ check_changelog:
         exit 0
       fi
 
+check_content_freeze:
+  stage: test
+  script: |-
+    echo "Content change is not allowed during content freeze"
+    exit 1
+  rules:
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "external_pull_request_event" || $CI_PIPELINE_SOURCE == "web"'
+      changes:
+        compare_to: 'refs/heads/main'
+        paths:
+          - config/locales/**/en.yml
 specs:
   stage: test
   needs:
diff --git a/app/forms/openid_connect_authorize_form.rb b/app/forms/openid_connect_authorize_form.rb
index 9000ec7c518..6906ef1e049 100644
--- a/app/forms/openid_connect_authorize_form.rb
+++ b/app/forms/openid_connect_authorize_form.rb
@@ -17,15 +17,7 @@ class OpenidConnectAuthorizeForm
     state
   ].freeze
 
-  ATTRS = [
-    :unauthorized_scope,
-    :acr_values,
-    :scope,
-    :verified_within,
-    :biometric_comparison_required,
-    *SIMPLE_ATTRS,
-  ].freeze
-
+  ATTRS = [:unauthorized_scope, :acr_values, :scope, :verified_within, *SIMPLE_ATTRS].freeze
   AALS_BY_PRIORITY = [Saml::Idp::Constants::AAL2_HSPD12_AUTHN_CONTEXT_CLASSREF,
                       Saml::Idp::Constants::AAL3_HSPD12_AUTHN_CONTEXT_CLASSREF,
                       Saml::Idp::Constants::AAL2_PHISHING_RESISTANT_AUTHN_CONTEXT_CLASSREF,
@@ -63,7 +55,6 @@ def initialize(params)
     @prompt ||= 'select_account'
     @scope = parse_to_values(params[:scope], scopes)
     @unauthorized_scope = check_for_unauthorized_scope(params)
-    @biometric_comparison_required = params[:biometric_comparison_required].to_s == 'true'
 
     if verified_within_allowed?
       @duration_parser = DurationParser.new(params[:verified_within])
@@ -139,10 +130,6 @@ def requested_aal_value
                  :ial2_or_greater?,
                  :ial2_requested?
 
-  def biometric_comparison_required?
-    @biometric_comparison_required
-  end
-
   private
 
   attr_reader :identity, :success
diff --git a/app/models/federated_protocols/oidc.rb b/app/models/federated_protocols/oidc.rb
index 33b92251cf3..74b82e1697b 100644
--- a/app/models/federated_protocols/oidc.rb
+++ b/app/models/federated_protocols/oidc.rb
@@ -20,10 +20,6 @@ def requested_attributes
       OpenidConnectAttributeScoper.new(request.scope).requested_attributes
     end
 
-    def biometric_comparison_required?
-      request.biometric_comparison_required?
-    end
-
     def service_provider
       request.service_provider
     end
diff --git a/app/models/federated_protocols/saml.rb b/app/models/federated_protocols/saml.rb
index ecc0dea6569..0840edfb97c 100644
--- a/app/models/federated_protocols/saml.rb
+++ b/app/models/federated_protocols/saml.rb
@@ -26,10 +26,6 @@ def service_provider
       current_service_provider
     end
 
-    def biometric_comparison_required?
-      false
-    end
-
     private
 
     attr_reader :request
diff --git a/app/models/service_provider_request.rb b/app/models/service_provider_request.rb
index 06f39863ddf..ba4fe894ff1 100644
--- a/app/models/service_provider_request.rb
+++ b/app/models/service_provider_request.rb
@@ -2,8 +2,7 @@ class ServiceProviderRequest
   # WARNING - Modification of these params requires particular care
   # since these objects are serialized to/from Redis and may be present
   # upon deployment
-  attr_accessor :uuid, :issuer, :url, :ial, :aal, :requested_attributes,
-                :biometric_comparison_required
+  attr_accessor :uuid, :issuer, :url, :ial, :aal, :requested_attributes
 
   def initialize(
     uuid: nil,
@@ -12,7 +11,7 @@ def initialize(
     ial: nil,
     aal: nil,
     requested_attributes: [],
-    biometric_comparison_required: false
+    biometric_comparison_required: false # rubocop:disable Lint/UnusedMethodArgument
   )
     @uuid = uuid
     @issuer = issuer
@@ -20,7 +19,6 @@ def initialize(
     @ial = ial
     @aal = aal
     @requested_attributes = requested_attributes&.map(&:to_s)
-    @biometric_comparison_required = biometric_comparison_required
   end
 
   def ==(other)
diff --git a/app/services/service_provider_request_handler.rb b/app/services/service_provider_request_handler.rb
index 089293b8f77..d23aecbf837 100644
--- a/app/services/service_provider_request_handler.rb
+++ b/app/services/service_provider_request_handler.rb
@@ -64,7 +64,6 @@ def attributes
       ial: protocol.ial,
       aal: protocol.aal,
       requested_attributes: protocol.requested_attributes,
-      biometric_comparison_required: protocol.biometric_comparison_required?,
       uuid: request_id,
       url: url,
     }
diff --git a/app/services/service_provider_request_proxy.rb b/app/services/service_provider_request_proxy.rb
index d39e615c085..0840f2ae695 100644
--- a/app/services/service_provider_request_proxy.rb
+++ b/app/services/service_provider_request_proxy.rb
@@ -33,8 +33,7 @@ def self.find_or_create_by(uuid:)
     return obj if obj
     spr = ServiceProviderRequest.new(
       uuid: uuid, issuer: nil, url: nil, ial: nil,
-      aal: nil, requested_attributes: nil,
-      biometric_comparison_required: false
+      aal: nil, requested_attributes: nil
     )
     yield(spr)
     create(
@@ -44,15 +43,12 @@ def self.find_or_create_by(uuid:)
       ial: spr.ial,
       aal: spr.aal,
       requested_attributes: spr.requested_attributes,
-      biometric_comparison_required: spr.biometric_comparison_required,
     )
   end
 
   def self.create(hash)
     uuid = hash[:uuid]
-    obj = hash.slice(
-      :issuer, :url, :ial, :aal, :requested_attributes, :biometric_comparison_required
-    )
+    obj = hash.slice(:issuer, :url, :ial, :aal, :requested_attributes)
     write(obj, uuid)
     hash_to_spr(obj, uuid)
   end
diff --git a/app/services/store_sp_metadata_in_session.rb b/app/services/store_sp_metadata_in_session.rb
index 13c052b2646..fc44045b9df 100644
--- a/app/services/store_sp_metadata_in_session.rb
+++ b/app/services/store_sp_metadata_in_session.rb
@@ -36,7 +36,6 @@ def update_session
       request_url: sp_request.url,
       request_id: sp_request.uuid,
       requested_attributes: sp_request.requested_attributes,
-      biometric_comparison_required: sp_request.biometric_comparison_required,
     }
   end
 
diff --git a/app/views/pages/not_acceptable.html b/app/views/pages/not_acceptable.html
index 781f84e1640..cdbf85fe2b6 100644
--- a/app/views/pages/not_acceptable.html
+++ b/app/views/pages/not_acceptable.html
@@ -9,7 +9,7 @@
 <div class="site-wrapper">
     <div class="site-wrapper-inner">
         <div class="cover-container" role="main">
-            <div class="masthead clearfix">
+            <div class="masthead">
                 <div class="inner"><img width="150" alt="Login.gov" class="masthead-brand"
                                         src="https://login.gov/assets/img/logo-white.svg"/>
                 </div>
diff --git a/app/views/pages/page_not_found.html b/app/views/pages/page_not_found.html
index 83fe8ad010b..2fd568b233c 100644
--- a/app/views/pages/page_not_found.html
+++ b/app/views/pages/page_not_found.html
@@ -9,7 +9,7 @@
 <div class="site-wrapper">
     <div class="site-wrapper-inner">
         <div class="cover-container" role="main">
-            <div class="masthead clearfix">
+            <div class="masthead">
                 <div class="inner"><img width="150" alt="Login.gov" class="masthead-brand"
                                         src="https://login.gov/assets/img/logo-white.svg"/>
                 </div>
diff --git a/app/views/pages/page_took_too_long.html.erb b/app/views/pages/page_took_too_long.html.erb
index 2fb599b4643..b7febddb806 100644
--- a/app/views/pages/page_took_too_long.html.erb
+++ b/app/views/pages/page_took_too_long.html.erb
@@ -13,7 +13,7 @@
     <div class="site-wrapper">
       <div class="site-wrapper-inner">
         <div class="cover-container">
-          <div class="masthead clearfix">
+          <div class="masthead">
             <div class="inner">
                 <%= image_tag(
                       asset_url('logo-white.svg'),
diff --git a/config/application.yml.default b/config/application.yml.default
index b3eddb6d71f..7971699c8fb 100644
--- a/config/application.yml.default
+++ b/config/application.yml.default
@@ -404,9 +404,11 @@ development:
   otp_delivery_blocklist_findtime: 5
   password_pepper: f22d4b2cafac9066fe2f4416f5b7a32c
   piv_cac_verify_token_secret: ee7f20f44cdc2ba0c6830f70470d1d1d059e1279cdb58134db92b35947b1528ef5525ece5910cf4f2321ab989a618feea12ef95711dbc62b9601e8520a34ee12
+  push_notifications_enabled: true
   rails_mailer_previews_enabled: true
   rack_timeout_service_timeout_seconds: 9_999_999_999
   raise_on_missing_title: true
+  risc_notifications_local_enabled: true
   s3_report_bucket_prefix: ''
   s3_report_public_bucket_prefix: ''
   saml_endpoint_configs: '[{"suffix":"2023","secret_key_passphrase":"trust-but-verify"}]'
diff --git a/docs/local-development.md b/docs/local-development.md
index 0511c4d677e..7c3dbe2c88f 100644
--- a/docs/local-development.md
+++ b/docs/local-development.md
@@ -164,6 +164,10 @@ stylesheets.
 
   To see outbound SMS messages and phone calls, visit `http://localhost:3000/test/telephony`.
 
+### Viewing RISC push notifications
+
+To view [RISC Security Events](https://developers.login.gov/security-events/) push notifications delivered by the application, visit http://localhost:3000/test/push_notification.
+
 ### Setting up Geolocation
 
 Login.gov uses MaxMind Geolite2 for geolocation. To test geolocation locally, you will need to add a copy of the Geolite2-City database to the IdP.
diff --git a/public/401.html b/public/401.html
index 2094a73de0c..cc67d0138ee 100644
--- a/public/401.html
+++ b/public/401.html
@@ -9,7 +9,7 @@
   <div class="site-wrapper">
     <div class="site-wrapper-inner">
       <div class="cover-container" role="main">
-        <div class="masthead clearfix">
+        <div class="masthead">
           <div class="inner">
             <img width="150" alt="Login.gov" class="masthead-brand" src="/images/logo-white.svg">
           </div>
diff --git a/public/406.html b/public/406.html
index bfa8517b335..39d35e34a6a 100644
--- a/public/406.html
+++ b/public/406.html
@@ -9,7 +9,7 @@
   <div class="site-wrapper">
     <div class="site-wrapper-inner">
       <div class="cover-container" role="main">
-        <div class="masthead clearfix">
+        <div class="masthead">
           <div class="inner">
             <img width="150" alt="Login.gov" class="masthead-brand" src="/images/logo-white.svg">
           </div>
diff --git a/public/422.html b/public/422.html
index 2d373e493e2..c864ed461c0 100644
--- a/public/422.html
+++ b/public/422.html
@@ -9,7 +9,7 @@
   <div class="site-wrapper">
     <div class="site-wrapper-inner">
       <div class="cover-container" role="main">
-        <div class="masthead clearfix">
+        <div class="masthead">
           <div class="inner">
             <img width="150" alt="Login.gov" class="masthead-brand" src="/images/logo-white.svg">
           </div>
diff --git a/public/429.html b/public/429.html
index b6f1fc9a23c..cd88de76006 100644
--- a/public/429.html
+++ b/public/429.html
@@ -9,7 +9,7 @@
   <div class="site-wrapper">
     <div class="site-wrapper-inner">
       <div class="cover-container" role="main">
-        <div class="masthead clearfix">
+        <div class="masthead">
           <div class="inner">
             <img width="150" alt="Login.gov" class="masthead-brand" src="/images/logo-white.svg">
           </div>
diff --git a/public/500.html b/public/500.html
index 4dacd473b94..2489a66cb49 100644
--- a/public/500.html
+++ b/public/500.html
@@ -9,7 +9,7 @@
   <div class="site-wrapper">
     <div class="site-wrapper-inner">
       <div class="cover-container" role="main">
-        <div class="masthead clearfix">
+        <div class="masthead">
           <div class="inner">
             <img width="150" alt="Login.gov" class="masthead-brand" src="/images/logo-white.svg">
           </div>
diff --git a/public/503.html b/public/503.html
index 55d91bd9cde..ea5aca290bd 100644
--- a/public/503.html
+++ b/public/503.html
@@ -9,7 +9,7 @@
   <div class="site-wrapper">
     <div class="site-wrapper-inner">
       <div class="cover-container" role="main">
-        <div class="masthead clearfix">
+        <div class="masthead">
           <div class="inner">
             <img width="150" alt="Login.gov" class="masthead-brand" src="/images/logo-white.svg">
           </div>
diff --git a/spec/controllers/openid_connect/authorization_controller_spec.rb b/spec/controllers/openid_connect/authorization_controller_spec.rb
index 6b362094969..aab1adbc70d 100644
--- a/spec/controllers/openid_connect/authorization_controller_spec.rb
+++ b/spec/controllers/openid_connect/authorization_controller_spec.rb
@@ -995,17 +995,8 @@
           request_id: sp_request_id,
           request_url: request.original_url,
           requested_attributes: %w[],
-          biometric_comparison_required: false,
         )
       end
-
-      it 'sets biometric_comparison_required to true if biometric comparison is required' do
-        params[:biometric_comparison_required] = true
-
-        action
-
-        expect(session[:sp][:biometric_comparison_required]).to eq(true)
-      end
     end
   end
 end
diff --git a/spec/controllers/saml_idp_controller_spec.rb b/spec/controllers/saml_idp_controller_spec.rb
index 2a29333ab46..58abedb78b7 100644
--- a/spec/controllers/saml_idp_controller_spec.rb
+++ b/spec/controllers/saml_idp_controller_spec.rb
@@ -1127,7 +1127,6 @@ def name_id_version(format_urn)
           request_url: @stored_request_url.gsub('authpost', 'auth'),
           request_id: sp_request_id,
           requested_attributes: ['email'],
-          biometric_comparison_required: false,
         )
       end
 
@@ -1159,7 +1158,6 @@ def name_id_version(format_urn)
           request_url: @saml_request.request.original_url.gsub('authpost', 'auth'),
           request_id: sp_request_id,
           requested_attributes: ['email'],
-          biometric_comparison_required: false,
         )
       end
 
diff --git a/spec/forms/openid_connect_authorize_form_spec.rb b/spec/forms/openid_connect_authorize_form_spec.rb
index fafe7188723..d986634faa4 100644
--- a/spec/forms/openid_connect_authorize_form_spec.rb
+++ b/spec/forms/openid_connect_authorize_form_spec.rb
@@ -14,7 +14,6 @@
       code_challenge: code_challenge,
       code_challenge_method: code_challenge_method,
       verified_within: verified_within,
-      biometric_comparison_required: biometric_comparison_required,
     )
   end
 
@@ -34,7 +33,6 @@
   let(:code_challenge) { nil }
   let(:code_challenge_method) { nil }
   let(:verified_within) { nil }
-  let(:biometric_comparison_required) { nil }
 
   describe '#submit' do
     subject(:result) { form.submit }
diff --git a/spec/services/store_sp_metadata_in_session_spec.rb b/spec/services/store_sp_metadata_in_session_spec.rb
index 6504e43d929..773b7e2a881 100644
--- a/spec/services/store_sp_metadata_in_session_spec.rb
+++ b/spec/services/store_sp_metadata_in_session_spec.rb
@@ -20,7 +20,6 @@
           sp_request.ial = Saml::Idp::Constants::IAL1_AUTHN_CONTEXT_CLASSREF
           sp_request.url = 'http://issuer.gov'
           sp_request.requested_attributes = %w[email]
-          sp_request.biometric_comparison_required = false
         end
         instance = StoreSpMetadataInSession.new(session: app_session, request_id: request_id)
 
@@ -35,7 +34,6 @@
           request_url: 'http://issuer.gov',
           request_id: request_id,
           requested_attributes: %w[email],
-          biometric_comparison_required: false,
         }
 
         instance.call
@@ -53,7 +51,6 @@
           sp_request.aal = Saml::Idp::Constants::AAL3_AUTHN_CONTEXT_CLASSREF
           sp_request.url = 'http://issuer.gov'
           sp_request.requested_attributes = %w[email]
-          sp_request.biometric_comparison_required = false
         end
         instance = StoreSpMetadataInSession.new(session: app_session, request_id: request_id)
 
@@ -68,7 +65,6 @@
           request_url: 'http://issuer.gov',
           request_id: request_id,
           requested_attributes: %w[email],
-          biometric_comparison_required: false,
         }
 
         instance.call
@@ -86,7 +82,6 @@
           sp_request.aal = Saml::Idp::Constants::AAL2_PHISHING_RESISTANT_AUTHN_CONTEXT_CLASSREF
           sp_request.url = 'http://issuer.gov'
           sp_request.requested_attributes = %w[email]
-          sp_request.biometric_comparison_required = false
         end
         instance = StoreSpMetadataInSession.new(session: app_session, request_id: request_id)
 
@@ -101,40 +96,6 @@
           request_url: 'http://issuer.gov',
           request_id: request_id,
           requested_attributes: %w[email],
-          biometric_comparison_required: false,
-        }
-
-        instance.call
-        expect(app_session[:sp]).to eq app_session_hash
-      end
-    end
-
-    context 'when biometric comparison is requested' do
-      it 'sets the session[:sp] hash' do
-        app_session = {}
-        request_id = SecureRandom.uuid
-        ServiceProviderRequestProxy.find_or_create_by(uuid: request_id) do |sp_request|
-          sp_request.issuer = 'issuer'
-          sp_request.ial = Saml::Idp::Constants::IAL2_AUTHN_CONTEXT_CLASSREF
-          sp_request.aal = Saml::Idp::Constants::AAL3_AUTHN_CONTEXT_CLASSREF
-          sp_request.url = 'http://issuer.gov'
-          sp_request.requested_attributes = %w[email]
-          sp_request.biometric_comparison_required = true
-        end
-        instance = StoreSpMetadataInSession.new(session: app_session, request_id: request_id)
-
-        app_session_hash = {
-          issuer: 'issuer',
-          aal_level_requested: 3,
-          piv_cac_requested: false,
-          phishing_resistant_requested: true,
-          ial: 2,
-          ial2: true,
-          ialmax: false,
-          request_url: 'http://issuer.gov',
-          request_id: request_id,
-          requested_attributes: %w[email],
-          biometric_comparison_required: true,
         }
 
         instance.call