Serverless

Kind reminder of tomorrow's working group call!

  • 1.  Kind reminder of tomorrow's working group call!

    Posted Sep 08, 2022 09:29:00 AM
    Dear members,

    This is a kind reminder of the Serverless working group call scheduled for tomorrow, 9 September, 09:00 a.m. PST / 17:00 GMT.
    Please check to see if the mentioned action items have been completed. We will go through them on the call tomorrow.

    Agenda:
    'NIST controls implementation to Serverless' document:
      • AT-3 sub-control belonging to AT: Awareness and Training control category with lead author @Robert Ficcaglia, - Only the Application Layer Training is relevant for our work.
      • The additional excel document Robert has created, should be an example rather a definitive list.
      • The implementation we are doing is FaaS specific for this first step Second step will be CaaS. Wherever has been written Serverless it should be changed to FaaS.
    • Action items:
      •  Robert ( @Robert Ficcaglia) to narrow down the new list for the AT-3 to specific applications.
      • Vrettos ( @Vrettos Moulos) to work on column I of the CA: Assessment, Authorization, and Monitoring control category.
      • All lead authors to review their respective control categories and wherever they mention Serverless in the implementations details column it should be changed to FaaSIn case the details mentioned are specific to Serverless then they should be made FaaS specific.
      • Joseph ( @Joseph Arcelo) to go through the CM: Configuration Management control category and review so that it focuses on control mapping for FaaS.
      • Vrettos ( @Vrettos Moulos) to review the work from Joseph in the CM category.
      • Christopher ( @Christopher Wall) to fill column G for the SC: System and Communications Protection control category.
      • Vishwas ( @Vishwas Manral) to fill column I for the SC: System and Communications Protection control category.
      • Aradhna ( @Aradhna Chetal) to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters.
    Reminder of control families assigned to lead authors:
    • AC - Access Control: Brynna ( @Brynna Nery, @Christopher Wall)
    • AT - Awareness and Training (Robert Ficcaglia, Sedat Salman)
    • AU - Audit and Accountability ( @Eric Peeters, in need for reviewer)
    • CA - Assessment, Authorization and Monitoring ( @Vishwas Manral, Vrettos as Reviewer)
    • CM - Configuration Management ( @Joseph Arcelo, Reviewers: Rajiv and Vrettos)
    • IA - Identification and Authentication ( @Vani Murthy), (sub-controls review by @Tim Kovak)
    • RA- Risk Assessment (@Crystal Cuneo, and Wayne Anderson and Sam Durbin)
    • SA - Systems and Services Acquisition (@Montressa De La Cruz Wesson)
    • SC - System and Communications Protection ( @Vishwas Manral, Reviewer: Christopher Wall)
    • SI - System and Information Integrity (Eric Peeters and @Aradhna Chetal)
    (Based on the Control Categories Table in NIST 800-53.)

    When it's time, please join the meeting from here:

    url: https://zoom.us/j/98681420926

    Meeting ID: 986 8142 0926

    Kind regards,
    Marina


    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------