Dear members,
We are close to finalizing the
NIST controls implementation to FaaS initiative we have been working on.
Finalized are control categories:
AT- Awareness and Training
AU - Audit and Accountability
CM - Configuration Management
CA - Assessment, Authorization and Monitoring
RA - Risk Assessment
Pending control categories:
AC - Access Control
IA - Identification and Authentication
SA - System and Services Acquisition
SC - System and Communications Protection
SI - System and Information Integrity
Pending action items for next call are the following:
- Robert ( @Robert Ficcaglia): AC - 10 (columns G, H, I), AC-12.
- Robert ( @Robert Ficcaglia) AC-20, AC-21, column H. For AC-22 please fill in the context for which this sub-control becomes applicable to FaaS, as discussed on the call on the 12th of January. (Columns G, H, I). AC-23, column H: Why it is NOT relevant to FaaS. AC-25 - column H.
- Vani ( @Vani Murthy): IA-Identification and Authentication control category: Column I needs to be filled with the deployment components as listed in the 'Deployment Definition' tab in the document. IA-5 (4), please check comment. IA-9 Implementation details, Line 91: what is the sub-control number? Is it still relevant to FaaS? IA-2 (13) comment.
- Robert ( @Robert Ficcaglia) to review and vote on SA-4, SA-9 (4), SA-10.
- Vishwas ( @Vishwas Manral) to check comment in SC-4 X, column H, made by Christopher. SC-18 X, SC-19 X, SC-40 X, SC-41 X, SC-49 X, SC-51 X, please fill in column H. Need to Justify why are not relevant to FaaS.
- SC-25X needs a reviewer and vote. @Wayne Anderson??
- Aradhna ( @Aradhna Chetal) to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI- 2 (3), SI-2 (4), SI-2 (6) Out of Scope?, SI-4 (9), SI-4 (14), SI-4 (20) to SI-4 (22), SI-5, SI-6, SI-17.
- Eric Peeters ( @Eric Peeters) to discuss with Aradhna or the working group on SI-3, SI-4 (2), SI-4 (5), SI-4 (7), SI-10 (1) to SI-10 (4), SI-11. SI-4(1), SI-4 (15) Justify 'Why is it Out of Scope for FaaS'.
Next working group call: Thursday, 26th of January.
Time: 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT / 19:00 EET
URL: https://zoom.us/j/98681420926 (Meeting ID: 986 8142 0926)
Warm regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------