Dear Serverless WG members,
Below are the minutes from our call last week.
- CSA Announcement
- Current Activities
- New action item is 'How to implement NIST controls for Serverless' (see previous relevant post) (This will regard FaaS and later OSCAL)
- Mapping from IaaS controls to NIST 800-53 or from 800-53 to Serverless controls
- Draft document / table and post announcement for members to sign their names to the control they are interested in and the sub-category they will work on
- Goal and scope statement will be on top of the spreadsheet
- Key notes:
- Serverless is a shared responsibility model
- Should consider controls from the hardware which are part of the service provider controls
- What targets should we map to CCM, NIST-800-53?
- What will we do for controls that are partially mapped, fully mapped, not mapped?
- Next working group call:
Thursday, 31st March, 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT / 18:00 EST
url: https://zoom.us/j/98681420926 (Meeting ID: 986 8142 0926)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------