The Serverless working group met for the first call of the new circle of actions for 2022.
Different topics were discussed regarding what the next steps should be as
- Identification of common gaps when deploying in serverless
- another deeper approach like the DevOps WG pillars (on IAM techniques e.g. etc.)
- Runtime Detection (threats, vulnerabilities, PureSec, etc.)
It was finally decided that the
next step for the WG will be to
map the
serverless controls to NIST SSDF.
Action items:
- Aradhna to provide a template for mapping the controls in high level categories
- @MADHAV CHABLANI to assist with mapping based on previous experience from CCM mapping
- @Brynna Nery to provide a paragraph describing her suggestion on the DevOps pillars example.
- @Vishwas Manral to provide an update/review of the Serverless charter document for 2022.
- All authors of the 'Serverless for Execs' document to finalize the peer review comments in their respective sections.
Next working group
call:Thursday,
24th
February 2022
Time: 09:00 am. PST / 12:00 p.m. EST / 17:00 GMT / 18:00 CET
URL:
https://zoom.us/j/98681420926 (Meeting ID: 986 8142 0926)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------