Dear members,
Below you can find what was discussed and action items assigned during our previous working group call on the 7th of February.
Regarding work on the NIST controls implementation to FaaS:
We have these already finalised control categories:
AC - Access Control
AT- Awareness and Training
AU - Audit and Accountability
CM - Configuration Management
CA - Assessment, Authorization and Monitoring
RA - Risk Assessment
Control categories that are still to be completed with pending action items:
IA - Identification and Authentication ?
SA - System and Services Acquisition
SC - System and Communications Protection
SI - System and Information Integrity
Previous action items:
- Robert: AC - 10 (columns G, H, I), AC-12. - DONE
- Robert: AC-20, AC-21, column H. For AC-22 please fill in the context for which this sub-control becomes applicable to FaaS, as discussed on the call on the 12th of January. (Columns G, H, I). AC-23, column H: Why it is NOT relevant to FaaS. AC-25 - column H. - DONE
- Robert: to please fill in column J for the SI category and review column I for the same. - PENDING
- Vani: IA-Identification and Authentication control category: To include non-relevant controls as well and justify their non-relevance in the H column, as it is done for the other categories too. - DONE
- Karthik and Arvin to fill in the responsibility part in Column J for the SA category. - PENDING
- Vishwas: SC-18 X, SC-19 X, please fill in column H. Need to Justify why are not relevant to FaaS. - Partially PENDING
- Aradhna: to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI-4 (20) to SI-4 (22), SI-5, SI-6, SI-17. - Partially PENDING
- Eric to discuss with Aradhna or the working group on SI-10 (1) to SI-10 (4), SI-11. For SI-4(1) please specify 'Why is it Out of Scope for FaaS'. - PENDING
New action items:
- Robert ( @Robert Ficcaglia ): to please fill in column J for the SI category and review column I for the same.
- Karthik ( @Karthik Kaligotla ) and Arvin ( @Arvin Reddy Jakkamreddy ) to fill in the responsibility part in Column J for the SA category.
- Vishwas ( @Vishwas Manral ): SC-19 X, please fill in column H. Is justification for why are not relevant to FaaS, enough?
- Aradhna ( @Aradhna Chetal ): to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI-5, SI-6, SI-10 (1) to SI-10 (4), SI-11, SI-17.
- Eric ( @Eric Peeters ) to discuss with Aradhna or the working group on SI-10 (1) to SI-10 (4), SI-11. For SI-4(1) please specify 'Why is it Out of Scope for FaaS'.
Next working group call:
Date: Thursday, 23rd of February
Time: 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT
URL: https://zoom.us/j/98681420926 (Meeting ID: 986 8142 0926)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------