Serverless

Back to discussions
Expand all | Collapse all

Meeting minutes 9th February 2023

  • 1.  Meeting minutes 9th February 2023

    Posted Feb 22, 2023 01:55:00 PM
    Edited by Marina Bregkou Feb 22, 2023 02:01:04 PM

    Dear members,

    Below you can find what was discussed and action items assigned during our previous working group call on the 7th of February.

    Regarding work on the NIST controls implementation to FaaS:

    We have these already finalised control categories:

    AC - Access Control
    AT- Awareness and Training
    AU - Audit and Accountability
    CM - Configuration Management
    CA - Assessment, Authorization and Monitoring
    RA - Risk Assessment
    Control categories that are still to be completed with pending action items:
    IA - Identification and Authentication ?
    SA - System and Services Acquisition
    SC - System and Communications Protection
    SI - System and Information Integrity
    Previous action items:
    • Robert:  AC - 10 (columns G, H, I), AC-12. - DONE
    • Robert: AC-20, AC-21, column H. For AC-22 please fill in the context for which this sub-control becomes applicable to FaaS, as discussed on the call on the 12th of January. (Columns G, H, I).  AC-23, column H: Why it is NOT relevant to FaaS. AC-25 - column H. - DONE
    • Robert: to please fill in column J for the SI category and review column I for the same. - PENDING
    • Vani: IA-Identification and Authentication control category: To include non-relevant controls as well and justify their non-relevance in the H column, as it is done for the other categories too. - DONE
    • Karthik and Arvin to fill in the responsibility part in Column J for the SA category. - PENDING
    • Vishwas: SC-18 X, SC-19 X, please fill in column H. Need to Justify why are not relevant to FaaS. - Partially PENDING
    • Aradhna: to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI-4 (20) to SI-4 (22), SI-5, SI-6, SI-17. - Partially PENDING
    • Eric to discuss with Aradhna or the working group on SI-10 (1) to SI-10 (4), SI-11. For SI-4(1) please specify 'Why is it Out of Scope for FaaS'. - PENDING

    New action items:

    • Robert ( @Robert Ficcaglia ): to please fill in column J for the SI category and review column I for the same.
    • Karthik ( @Karthik Kaligotla ) and Arvin ( @Arvin Reddy Jakkamreddy ) to fill in the responsibility part in Column J for the SA category.
    • Vishwas ( @Vishwas Manral ): SC-19 X, please fill in column H. Is justification for why are not relevant to FaaS, enough?
    • Aradhna ( @Aradhna Chetal ): to review and vote on the details of the SI: System and Information Integrity control category entered by Eric PeetersSI-5, SI-6, SI-10 (1) to SI-10 (4), SI-11, SI-17.
    •  Eric ( @Eric Peeters ) to discuss with Aradhna or the working group on SI-10 (1) to SI-10 (4), SI-11. For SI-4(1) please specify 'Why is it Out of Scope for FaaS'.

    Next working group call:

    Date: Thursday, 23rd of February

    Time: 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT

    URL https://zoom.us/j/98681420926  (Meeting ID: 986 8142 0926)

    Kind regards,

    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------