Serverless

  • 1.  Meeting Minutes 13th May

    Posted May 16, 2022 06:48:00 AM
    Dear Serverless working group members,

    Below are the minutes from our working group call last Friday, May the 13th.
    • Discussion on the NIST to Serverless Implementation document:
      • Updates on progress of the sub-controls identification
      • We added in the framework an additional column (G) which will specify WHY each control and sub-control included is relevant to serverless.
      • NIST 800-53, rev.5b - Controls baselines, will be later examined.
      • NIST 800-53 rev.5 is used for selecting the controls and the NIST 800-53b may be used for baseline configuration.
    • Action items to be completed by next working group call, this Friday, 20th of May:
      • Madhav to review and assess the chosen control families for our framework by advising the NIST 800-53, rev.5 document ( @MADHAV CHABLANI)
      • Rajiv to review the sub-controls from Joseph's ( @Joseph Arcelo) control family CM: Configuration Management in respect to the NIST 800-53, rev.5 document and if they apply to Serverless. ( @Rajiv Gunja)
      • Vishwas volunteered to work on the identification of sub-controls for the CA: Assessment, Authorization and Monitoring ( @Vishwas Manral)
    • Existing control lead authors until now:
    • Missing leads for the remaining control categories of:
      • AU: Audit and Accountability
      • RA: Risk Assessment
      • SA: System and Services Acquisition
      • SC: System and Communications Protection
      • SI: System and Information Integrity
    *If interested, please communicate with me.

    Next working group call takes place, this Friday, the 20th of May, at 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT / 18:00 CET / 21:30 IST.
    url: https://zoom.us/j/98681420926 (Meeting ID: 986 8142 0926)

    Kind regards,
    Marina

    ​​​​​​

    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------