Serverless

Back to discussions
Expand all | Collapse all

Meeting minutes 26th January 2023

  • 1.  Meeting minutes 26th January 2023

    Posted Feb 07, 2023 04:03:00 PM
    Dear members,

    Below you can find the meeting minutes from our working group call held on the 26th of January.

    Close to finalizing the NIST controls implementation to FaaS initiative we have been working on.

    Finalized are control categories:
    AT- Awareness and Training
    AU - Audit and Accountability
    CM - Configuration Management
    CA - Assessment, Authorization and Monitoring
    RA - Risk Assessment

    Pending control categories:
    AC - Access Control
    IA - Identification and Authentication
    SA - System and Services Acquisition
    SC - System and Communications Protection
    SI - System and Information Integrity

    Previous action items:
    • Robert: AC - 10 (columns G, H, I), AC-12. - PENDING
    • Robert: AC-20, AC-21, column H. For AC-22 please fill in the context for which this sub-control becomes applicable to FaaS, as discussed on the call on the 12th of January. (Columns G, H, I).  AC-23, column H: Why it is NOT relevant to FaaS. AC-25 - column H. - PENDING
    • Vani: IA-Identification and Authentication control category: Column I needs to be filled with the deployment components as listed in the 'Deployment Definition' tab in the document. IA-5 (4), please check comment. IA-9 Implementation details, Line 91:what is the sub-control number? Is it still relevant to FaaS? IA-2 (13) comment. - DONE
    • Robert: to review and vote on SA-4, SA-9 (4), SA-10. - DONE
    • Vishwas: to check comment in SC-4 X, column H, made by Christopher. SC-18 X, SC-19 X, SC-40 X, SC-41 X, SC-49 X, SC-51 X, please fill in column H. Need to Justify why are not relevant to FaaS. Partially PENDING.
    • SC-25X needs a reviewer and vote. - DONE
    • Aradhna: to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI- 2 (3), SI-2 (4), SI-2 (6) Out of Scope?, SI-4 (9), SI-4 (14), SI-4 (20) to SI-4 (22), SI-5, SI-6, SI-17. - Partially PENDING.
    • Eric Peeters to discuss with Aradhna or the working group on SI-3, SI-4 (2), SI-4 (5), SI-4 (7), SI-10 (1) to SI-10 (4), SI-11. SI-4(1), SI-4 (15) Justify 'Why is it Out of Scope for FaaS'. - Partially PENDING
    New action items:
    • Robert ( @Robert Ficcaglia): AC - 10 (columns G, H, I), AC-12.
    • Robert ( @Robert Ficcaglia): AC-20, AC-21, column H. For AC-22 please fill in the context for which this sub-control becomes applicable to FaaS, as discussed on the call on the 12th of January. (Columns G, H, I).  AC-23, column H: Why it is NOT relevant to FaaS. AC-25 - column H.
    • Robert ( @Robert Ficcaglia) to please fill in column J for the SI category and review column I for the same.
    • Vani ( @Vani Murthy): IA-Identification and Authentication control category: To include non-relevant controls as well and justify their non-relevance in the H column, as it is done for the other categories too.
    • Karthik and Arvin ( @Karthik Kaligotla and @Arvin Reddy Jakkamreddy) to fill in the responsibility part in Column J for the SA category.
    • Vishwas ( @Vishwas Manral): SC-18 X, SC-19 X, please fill in column H. Need to Justify why are not relevant to FaaS.
    • Aradhna ( @Aradhna Chetal): to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI-4 (20) to SI-4 (22), SI-5, SI-6, SI-17.
    • Eric ( @Eric Peeters) to discuss with Aradhna or the working group on SI-10 (1) to SI-10 (4), SI-11. For SI-4(1) please specify 'Why is it Out of Scope for FaaS'.

    Next working group call: Thursday, 9 of February.
    ​​​​​​Time: 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT / 19:00 EET
    URLhttps://zoom.us/j/98681420926   (Meeting ID: 986 8142 0926)

    Warm regards,

    Marina

    ​​​​​​​​​

    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------