Meeting Minutes 26th August 2022

  • 1.  Meeting Minutes 26th August 2022

    Posted Sep 02, 2022 08:49:00 AM
    Edited by Marina Bregkou Sep 02, 2022 08:58:38 AM
    Dear members,

    Below you can find the main topics discussed and the action items from our last working group call:
    • Regarding the 'NIST controls for FaaS focusing in Security and Compliance (Control families based on NIST 800 - 53, rev.5)' document in progress:
      • AT-3 sub-control belonging to AT: Awareness and Training control category with lead author @Robert Ficcaglia, - Only the Application Layer Training is relevant for our work.
        The additional excel document Robert has created, should be an example rather a definitive list.
      • The implementation we are doing is FaaS specific for this first step Second step will be CaaS. Wherever has been written Serverless it should be changed to FaaS.
    • Action items:
      •  Robert ( @Robert Ficcaglia) to narrow down the new list for the AT-3 to specific applications.
      • Vrettos ( @Vrettos Moulos) to work on column I of the CA: Assessment, Authorization, and Monitoring control category.
      • All lead authors to review their respective control categories and wherever they mention Serverless in the implementations details column it should be changed to FaaS. In case the details mentioned are specific to Serverless then they should be made FaaS specific.
      • Joseph ( @Joseph Arcelo) to go through the CM: Configuration Management control category and review so that it focuses on control mapping for FaaS.
      • Vrettos ( @Vrettos Moulos) to review the work from Joseph in the CM category.
      • Marina to contact Vani for the I column in the IA: Identification and Authentication control category.
      • Christopher ( @Christopher Wall) to fill column G for the SC: System and Communications Protection control category.
      • Vishwas ( @Vishwas Manral) to fill column I for the SC: System and Communications Protection control category.
      • Aradhna ( @Aradhna Chetal) to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters.
    Next working group call:
    Friday, September 9, at 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT / 18:00 CET.
    Meeting ID: 986 8142 0926

    Kind regards,

    Marina Bregkou,
    Senior Research Analyst,