Serverless

Meeting Minutes 29th April

  • 1.  Meeting Minutes 29th April

    Posted May 06, 2022 04:56:00 AM
    CSA Announcements Action items from the Serverless working group call on the 29th of April:
    • Implementation of the NIST 800-53 controls to Serverless FaaS:
      • The working group has identified the 10 NIST control families that are relevant to Serverless.
        • Next step: Identify the sub-control relevant to Serverless from the NIST 800-53 document.
        • Assign a control family to a lead who will identify the relevant sub-controls.
        • Assign volunteers to one or more sub-controls in order to describe how the specific sub-control would manifest in a Serverless environment from a provider's perspective.
      • Control family leads for now have declared: @Vani Murthy for IA: Identification and Authentication
                                                                               @Joseph Arcelo for CM: Configuration Management
                                                                               @Brynna Nery for AC: Access Control
        • All control leads to identify sub-controls for their control families from the NIST 800-53 document and include them in the google spreadsheet.
      • Remaining control families looking for lead-parents: AT (awareness&training), AU (audit&accountability), CA (assessment, authorization, monitoring), RA (risk assessment), SA (systems and services acquisition), SC (system and communications protection), SI (system and information integrity).
    • Next working group call: Friday, 13th of May, 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT / 18:00 CET.


    Kind regards,

    Marina​​​​



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------