Dear Serverless working group members,
Below are the minutes from our working group call last Friday, May the 13th.
- Discussion on the NIST to Serverless Implementation document:
- Updates on progress of the sub-controls identification
- We added in the framework an additional column (G) which will specify WHY each control and sub-control included is relevant to serverless.
- NIST 800-53, rev.5b - Controls baselines, will be later examined.
- NIST 800-53 rev.5 is used for selecting the controls and the NIST 800-53b may be used for baseline configuration.
- Action items to be completed by next working group call, this Friday, 20th of May:
- Madhav to review and assess the chosen control families for our framework by advising the NIST 800-53, rev.5 document ( @MADHAV CHABLANI)
- Rajiv to review the sub-controls from Joseph's ( @Joseph Arcelo) control family CM: Configuration Management in respect to the NIST 800-53, rev.5 document and if they apply to Serverless. ( @Rajiv Gunja)
- Vishwas volunteered to work on the identification of sub-controls for the CA: Assessment, Authorization and Monitoring ( @Vishwas Manral)
- Existing control lead authors until now:
- Missing leads for the remaining control categories of:
- AU: Audit and Accountability
- RA: Risk Assessment
- SA: System and Services Acquisition
- SC: System and Communications Protection
- SI: System and Information Integrity
*
If interested, please communicate with me.
Next working
group
call takes place, this
Friday, the
20th of
May, at
09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT / 18:00 CET / 21:30 IST.
url: https://zoom.us/j/98681420926 (Meeting ID: 986 8142 0926)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------