Dear members,
Hope you had a wonderful Thanksgiving holiday!
Below you can find the details from our 18th November working group call:
Regarding the '
NIST 800-53 controls implementation to FaaS' document progress:
- We are in the final line for finishing this work.
- The CM-Configuration Management control category has been covered and cross checked. That makes it finalized.
- Same for the AU: Audit and Accountability category.
- 7 more categories to finalize after filling few missing entries and reviewers' voting.
- Working group decide SA-2, line 120 is out of scope.
Previous Action items:
- Joseph to justify why the CM-11 sub-control is not relevant to FaaS. - DONE
- Christopher to review and vote on remaining sub-controls: SC-3X, SC-46X, of the SC category. *Christopher Wall has no more bandwidth so Rajiv is taking over this action item.- PENDING
- Vishwas to review and vote the CM category. Lines 75-88. DONE
- Aradhna to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI- 2 (3), SI-4 (9), SI-4 (11) to SI-4 (13), SI-4 (15) to SI-4 (25), SI-5 (1), SI7, SI-8, SI-10, SI-10 (5), SI-10 (6), SI-12 (1) to SI-14 (3), SI-17, SI-18 (2), SI-18 (4), SI-19, SI-19 (1), SI-19 (5) to SI-23.- Partially Pending
- Eric, to update the SI - 2 (6) sub-control accordingly to Aradhna's comment if he agrees.- DONE
- Eric as above for SI-3, SI-4, SI-4 (1) to SI-4 (3), SI-4 (5), SI-4 (7), SI-4 (10), SI-4 (14), SI-5, SI-6, SI-10 (1) to SI-10 (4), SI-11. Partially Pending
- Brynna to update sub-control AC-10, line 15 and turn it from N/A to FaaS relevant. - PENDING (assigned to Robert Ficcaglia)
- Brynna to update column G, for all N/A sub-controls in the AC category.- PENDING (assigned to Robert Ficcaglia)
- Karthik and Arvin to check Robert's comments in the SA category and update accordingly or discuss further in the slack channel. Please update SA-4 - Implementation details for FaaS, SA-9 to Out of Scope as discussed on the previous call. SA-9 (4): Please specify the geographical considerations so that to support this is in scope, SA-9(7) please check comment from Robert, SA-9(8) justify why it is out of scope. - Partially Pending.
Next Action items:
- Rajiv ( @Rajiv Gunja) to review and vote SC-3X, SC-25X and SC-46X, of the SC category.
- Rajiv ( @Rajiv Gunja) to check Miguel's comment on RA-02, line 107, RA-05 (5) line 111.
- Rajiv ( @Rajiv Gunja) to review and vote on sub-controls from RA-06 to RA-10.
- Aradhna ( @Aradhna Chetal) to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI- 2 (3), SI-2 (4), SI-2 (6) Out of Scope?, SI-4 (9), SI-4 (14), SI-4 (20) to SI-4 (22), SI-5, SI-6, SI-17.
- Eric Peeters ( @Eric Peeters) to discuss with Aradhna or the working group on SI-3, SI-4 (2), SI-4 (5), SI-4 (7), SI-10 (1) to SI-10 (4), SI-11. SI-4(1), SI-4 (15) Justify 'Why is it Out of Scope for FaaS'.
- Robert ( @Robert Ficcaglia) to update AC-10 (line 15) as it is relevant to FaaS from the tenant's perspective. Update columns G, H, I.
- Robert ( @Robert Ficcaglia) to update sub-control AC-22 and turn it to Applicable for FaaS. Same for AC-24, line 26.
- Robert ( @Robert Ficcaglia) to update column H- 'Why it is not applicable to FaaS if so, for the N/A sub-controls in the AC category: AC-7 to AC 9 (line 12-14), AC-11 to AC-12 (line 16-17), AC-17 to AC-21 and AC-23 (line 25) and AC-25 (line 27).
- Robert ( @Robert Ficcaglia) to check the update on SA-4, and SA-10 done by Karthik and Arvin.
- Joseph ( @Joseph Arcelo) to review and vote on AC-12, line 17.
- Karthik ( @Karthik Kaligotla) and Arvin ( @Arvin Reddy Jakkamreddy) to check Robert's comments in the SA category and update accordingly or discuss further in the slack channel. SA-9 to Out of Scope as discussed on the previous call. SA-9 (4): Please specify the geographical considerations so that to support this is in scope, SA-9(7) please check comment from Robert, SA-9(8) justify why it is out of scope.
- Wayne ( @Wayne Anderson) to justify the Out of Scope of SA-02, line 120, column H, as discussed on the call.
- Group on SA-9 (4), SA-9 (7), SA-10.
Next working group
call:
Date: Thursday 1st December
Time: 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT
URL:
https://zoom.us/j/98681420926 (
Meeting ID: 986 8142 0926)
Warm regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------