After a lot of hard work from our working group's volunteers, the 'FaaS Serverless Control Framework (Set) based on NIST 800-53 R5 controls' is now public for download.
This spreadsheet provides a cybersecurity control framework for Function-as-a-Service (FaaS)
serverless deployments. The framework is based on the
NIST 800-53 R5 controls and intended to be used by the cloud consumer.
What's Included:
- Descriptions of each control, including the sub controls, implementation details, why it's relevant for FaaS, the deployment location, and who's responsible for it
- The definition of serverless
- A table of NIST security and privacy control families
- Definitions of the control plane components
- An example NIST 800-181 framework.
You can download the FaaS controls document and its explaining slide-deck, from CSA's webpage here.
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------