Serverless

Meeting minutes 12th January 2023

  • 1.  Meeting minutes 12th January 2023

    Posted Jan 20, 2023 02:17:00 PM
    Dear members,

    We are close to finalizing the NIST controls implementation to FaaS initiative we have been working on.

    Finalized are control categories:
    AT- Awareness and Training
    AU - Audit and Accountability
    CM - Configuration Management
    CA - Assessment, Authorization and Monitoring
    RA - Risk Assessment

    Pending control categories:
    AC - Access Control
    IA - Identification and Authentication
    SA - System and Services Acquisition
    SC - System and Communications Protection
    SI - System and Information Integrity

    Pending action items for next call are the following:
    • Robert ( @Robert Ficcaglia): AC - 10 (columns G, H, I), AC-12.
    • Robert  ( @Robert Ficcaglia) AC-20, AC-21, column H. For AC-22 please fill in the context for which this sub-control becomes applicable to FaaS, as discussed on the call on the 12th of January. (Columns G, H, I).  AC-23, column H: Why it is NOT relevant to FaaS. AC-25 - column H.
    • Vani ( @Vani Murthy): IA-Identification and Authentication control category: Column I needs to be filled with the deployment components as listed in the 'Deployment Definition' tab in the document. IA-5 (4), please check comment. IA-9 Implementation details, Line 91: what is the sub-control number? Is it still relevant to FaaS? IA-2 (13) comment.
    • Robert  ( @Robert Ficcaglia) to review and vote on SA-4, SA-9 (4), SA-10.
    • Vishwas ( @Vishwas Manral) to check comment in SC-4 X, column H, made by Christopher. SC-18 X, SC-19 X, SC-40 X, SC-41 X, SC-49 X, SC-51 X, please fill in column H. Need to Justify why are not relevant to FaaS.
    • SC-25X needs a reviewer and vote. @Wayne Anderson??
    • Aradhna ( @Aradhna Chetal) to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI- 2 (3), SI-2 (4), SI-2 (6) Out of Scope?, SI-4 (9), SI-4 (14), SI-4 (20) to SI-4 (22), SI-5, SI-6, SI-17.
    • Eric Peeters ( @Eric Peeters) to discuss with Aradhna or the working group on SI-3, SI-4 (2), SI-4 (5), SI-4 (7), SI-10 (1) to SI-10 (4), SI-11. SI-4(1), SI-4 (15) Justify 'Why is it Out of Scope for FaaS'.


    Next working group call: Thursday, 26th of January.
    ​​​​​​Time: 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT / 19:00 EET
    URLhttps://zoom.us/j/98681420926   (Meeting ID: 986 8142 0926)

    Warm regards,

    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------