Implementing NIST 800-53 controls to Serverless FaaS - Call for Participation!!!

  • 1.  Implementing NIST 800-53 controls to Serverless FaaS - Call for Participation!!!

    Posted Apr 29, 2022 02:59:00 PM
    Edited by Marina Bregkou Apr 29, 2022 03:07:04 PM

    Dear members,
    CSA and the Serverless WG would like to embark on a new project that involves a mapping/implementation of the controls included in NIST 800-53, ver. 5 to Serverless - FaaS controls.

    The objective of the project is the identification of the controls from the NIST document that apply to Serverless and list them in the relevant document provided by the working group.

    The first step of identifying the control families/categories (the larger category of a control family that is, which under its umbrella could contain a number of sub-controls) relevant to Serverless is done.

    Now, we need volunteers to identify the NIST sub-controls that are relevant to Serverless and then start writing the serverless implementation details.
    Thus, identify how the specific sub-control would manifest in a Serverless platform, from a provider's perspective as well as a tennant's perspective.

    Please note, that some of the implementations details can also be found in the first paper 'How to Design a Secure Serverless Architecture' the Serverless working group has already published.

    In this respect, CSA, under the umbrella of the Serverless WG, would like to put together a team of experts, who have good experience in the assessment of Serverless security controls.
    Should you be interested in participating in the project, please contact me and I will walk you through the on-boarding process and indicated methodology.

    Kind regards,

    Marina Bregkou,
    Senior Research Analyst,