Application Containers & Microservices

• CSA Announcements
  • Research Downloads: https://cloudsecurityalliance.org/research/artifacts/
  • Peer Reviews and Surveys: https://cloudsecurityalliance.org/research/contribute/
  • Events: https://cloudsecurityalliance.org/events/
• Discussed Chapter 6 
  • Comment from Mark regarding the sections
    • "The positioning is not enterprise, and not enterprise inheritable (except for QAQC reporting post-pull requests after branch merge but that is deliberately out of scope here). Shift-left control state is a means to control the scope and keep SDLC is as an overlay as long as its DEV scoped with Enterprise plane mentioned.If you can Map the OWASP top 10 API threats to NIST v5 controls, it solves this dilemma. I wager that you will winder up with 3 or 4 control families and about a dozen specific controls for low baseline - the rest is policy as code.  https://owasp.org/www-project-api-security/"
  • Review sections 6.1.5, 6.1.6, 6.1.3.  6.1.3 is a good reference for layout
  • Reminder to reference Chapter 5 when writing Chapter 6 to remain consistent
• New to the working group? Please review the document and the work instructions in the recordings below.
  • Document: https://docs.google.com/document/d/18w6WEzerGo4pwVfUBemDbz3jVP0lx29zo2uZBjz0Ikg/edit#heading=h.w13p4p9revm8
  • Work Instructions: 
    • March 11: https://circle.cloudsecurityalliance.org/community-home1/digestviewer/viewthread?MessageKey=905a3688-69f1-4a0b-a3df-e955dccb08aa&CommunityKey=41b12725-fbf1-4fe3-9448-1f4322bad613&tab=digestviewer#bm905a3688-69f1-4a0b-a3df-e955dccb08aa
    • March 25: https://circle.cloudsecurityalliance.org/community-home1/digestviewer/viewthread?MessageKey=3e883566-47b4-4102-879d-458612c47ade&CommunityKey=41b12725-fbf1-4fe3-9448-1f4322bad613&tab=digestviewer#bm3e883566-47b4-4102-879d-458612c47ade

------------------------------
Hillary Baron CCSK v4
Program Manager, Research
CSA
Seattle WA
------------------------------