Serverless

Dear members,

Below you can find the meeting minutes from the group's call on December 1st.

Previous action items:

• Rajiv to review and vote SC-3X, SC-25X and SC-46X,  of the SC category. - Partially DONE
• Rajiv to check Miguel's comment on RA-02, line 107, RA-05 (5) line 111. - Pending
• Rajiv to review and vote on sub-controls from RA-06 to RA-10. - PENDING
• Aradhna to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI- 2 (3), SI-2 (4), SI-2 (6) Out of Scope?, SI-4 (9), SI-4 (14), SI-4 (20) to SI-4 (22), SI-5, SI-6, SI-17.  - PENDING
• Eric Peeters to discuss with Aradhna or the working group on SI-3, SI-4 (2), SI-4 (5), SI-4 (7), SI-10 (1) to SI-10 (4), SI-11. SI-4(1), SI-4 (15) Justify 'Why is it Out of Scope for FaaS'. - PENDING
• Robert to update AC-10 (line 15) as it is relevant to FaaS from the tenant's perspective. Update columns G, H, I.- PENDING
• Robert  to update sub-control AC-22 and turn it to Applicable for FaaS. Same for AC-24, line 26.- PENDING
• Robert to update column H- 'Why it is not applicable to FaaS if so, for the N/A sub-controls in the AC category: AC-7 to AC 9 (line 12-14), AC-11 to AC-12 (line 16-17), AC-17 to AC-21 and AC-23 (line 25) and AC-25 (line 27). -Partially Pending
• Robert check the update on SA-4, and SA-10 done by Karthik and Arvin.- PENDING
• Joseph to review and vote on AC-12, line 17.- PENDING
• Karthik and Arvin to check Robert's comments in the SA category and update accordingly or discuss further in the slack channel. SA-9 to Out of Scope as discussed on the previous call. SA-9 (4): Please specify the geographical considerations so that to support this is in scope, SA-9(7) please check comment from Robert, SA-9(8) justify why it is out of scope. - DONE
  
• Wayne to justify the Out of Scope of SA-02, line 120, column H, as discussed on the call. - DONE
• Group on SA-9 (4), SA-9 (7), SA-10. - PENDING

New action items:

• Vishwas ( @Vishwas Manral): to adjust the 'Relevance to FaaS' of SC-46X to describe both scenarios: when it is tenant's responsibility and when it is providers'.
• Rajiv ( @Rajiv Gunja) to review RA-07, RA-08, RA-09 and vote whether he agrees or not with what Wayne has put in columns G,H,I.
• Wayne ( @Wayne Anderson) to address Rajiv's comment in RA-10, line 118.
• Aradhna ( @Aradhna Chetal) to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI- 2 (3), SI-2 (4), SI-2 (6) Out of Scope?, SI-4 (9), SI-4 (14), SI-4 (20) to SI-4 (22), SI-5, SI-6, SI-17.
• Eric Peeters ( @Eric Peeters) to discuss with Aradhna or the working group on SI-3, SI-4 (2), SI-4 (5), SI-4 (7), SI-10 (1) to SI-10 (4), SI-11. SI-4(1), SI-4 (15) Justify 'Why is it Out of Scope for FaaS'.
• Robert ( @Robert Ficcaglia) to discuss with group update AC-10 (line 15) and its relevance to FaaS from the tenant's perspective.
• Robert ( @Robert Ficcaglia) to update sub-control AC-22 and turn it to Applicable for FaaS. Same for AC-24, line 26. Specify with group.
• Robert ( @Robert Ficcaglia) to update column H- 'Why it is not applicable to FaaS if so, for the N/A sub-controls in the AC category:  AC-12 (specify), AC-17 
• (specify) AC-20 to AC-21 and AC-23 (line 25) and AC-25 (line 27, column I)
• Robert ( @Robert Ficcaglia) to check the update on SA-4, and SA-10 done by Karthik and Arvin.
• Joseph ( @Joseph Arcelo) to review and vote on AC-12, line 17. Group discussion.
• Group on RA-02, line 107 and RA-05 (5) line 111, RA-06 line 114.
• Group to discuss on: SA-9 (4) as before we had said to specify the geographical considerations to support this is in scope, while Robert says it's n/a.

Next working group call:
Thursday, 15th of December, 2022
Time: 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT
URL: https://zoom.us/j/98681420926  (Meeting ID: 986 8142 0926)

Warm regards,

Marina​​​

------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------