Dear members,
This is a kind reminder of our Serverless working group call, scheduled for tomorrow, Thursday, 9 of February at 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT.
Agenda:
NIST controls implementation to FaaS:Not finalised control categories:AC - Access ControlIA - Identification and AuthenticationSA - System and Services AcquisitionSC - System and Communications ProtectionSI - System and Information Integrity
New action items:
- Robert ( @Robert Ficcaglia): AC - 10 (columns G, H, I), AC-12.
- Robert ( @Robert Ficcaglia): AC-20, AC-21, column H. For AC-22 please fill in the context for which this sub-control becomes applicable to FaaS, as discussed on the call on the 12th of January. (Columns G, H, I). AC-23, column H: Why it is NOT relevant to FaaS. AC-25 - column H.
- Robert ( @Robert Ficcaglia) to please fill in column J for the SI category and review column I for the same.
- Vani ( @Vani Murthy): IA-Identification and Authentication control category: To include non-relevant controls as well and justify their non-relevance in the H column, as it is done for the other categories too.
- Karthik and Arvin ( @Karthik Kaligotla and @Arvin Reddy Jakkamreddy) to fill in the responsibility part in Column J for the SA category.
- Vishwas ( @Vishwas Manral): SC-18 X, SC-19 X, please fill in column H. Need to Justify why are not relevant to FaaS.
- Aradhna ( @Aradhna Chetal): to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI-4 (20) to SI-4 (22), SI-5, SI-6, SI-17.
- Eric ( @Eric Peeters) to discuss with Aradhna or the working group on SI-10 (1) to SI-10 (4), SI-11. For SI-4(1) please specify 'Why is it Out of Scope for FaaS'.
(Based on the Control Categories Table in NIST 800-53.)
When it's time, please join the meeting from here:
url: https://zoom.us/j/98681420926 (Meeting ID: 986 8142 0926)
Warm regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------