Dear Serverless working group members,
please find below a short summary of the call our working group had last Friday.
Implementation of the
NIST controls to Serverless document:
-
- We have added another tab which includes the Serverless definition as it was described in the initial 'How to Design a Secure Serverless Architecture' document.
- The RA - Risk Assessment control category has been signed to Rajiv ( @Rajiv Gunja) for the identification of its serverless related sub-controls
- Existing lead authors per control family are:
- AC - Access Control => Brynna Nery ( @Brynna Nery)
- AT - Awareness and Training => Oscar Monge Espana ( @Oscar Monge)
- CA - Assessment, Authorization, and Monitoring => Vishwas Manral ( @Vishwas Manral)
- CM - Configuration Management => Joseph Arcelo ( @Joseph Arcelo)
- IA - Identification and Authentication => Vani Murthy ( @Vani Murthy)
- Missing leads for controls below:
- AU - Audit and Accountabilit
- SA - System and Services Acquisition
- SC - System and Communications Protection
- SI - System and Information Integrity.
- Anyone interested in being the lead (and identifying relevant sub-controls) for a control category, please contact/email: [email protected]
Next working group
call: Friday 27th May,
Time: 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT / 18:00 CET
URL:
https://zoom.us/j/98681420926 (
Meeting ID: 986 8142 0926)
Kind regards,
Marina------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------