Dear members,
Meeting minutes form our 9th March call can be found below:
Document: NIST controls implementation to FaaS.
Previous action items:
- Robert to please finish reviewing column I for the SI category. - DONE
- Aradhna to review and vote on the details of the SI: System and Information Integrity control category entered by Eric Peeters. SI-6, SI-10 (1) to SI-10 (4), SI-11, SI-17. - DONE
- Eric to discuss with Aradhna or the working group on SI-10 (1) to SI-10 (4), SI-11. For SI-4(1) please specify 'Why is it Out of Scope for FaaS. - DONE
- Eric to fill in column J of the Shared Responsibility in the AU category. - PENDING
- Vishwas to fill in column J of the Shared Responsibility in the SC category. - PENDING
- Vishwas to fill in column J of the Shared Responsibility in the CA category. - PENDING
- Rajiv to fill in the column J of the Shared Responsibility in the RA category. - PENDING
- Volunteer needed to fill in column J of the Shared Responsibility in the CM and AT categories.- PENDING
- Working group to discuss and decide whether IA-5 (1) is in scope or out of scope since this sub-control is considered Organizational and the policy should be system wide and generic. - PENDING
- Needed reviewer for the new entries of the IA: Identification and Authentication controls category that are marked N/A. - PENDING
Next action items:
- Eric ( @Eric Peeters ) to fill in columns I and J for the SI-10 (3) sub-control. Column J for SI-10 and SI-10 (4)
- Eric ( @Eric Peeters ) to fill in the Implementation detail (column G) for the SI-17 sub-control.
- Eric ( @Eric Peeters ) to fill in column J of the Shared Responsibility in the AU category. Specifically, for sub-control: AU-1 to AU-3 (1) and AU-6, AU-6 (3), AU-6 (7), AU-7, AU11- AU-12.
- Robert ( @Robert Ficcaglia) to please fill in column J (Responsibility) to the AT category.
- Vishwas ( @Vishwas Manral) to fill in column J of the Shared Responsibility in the CA category.
- Joseph ( @Joseph Arcelo) to fill in column J (Responsibility) of the CM category.
- Joseph ( @Joseph Arcelo) to review and comment the N/A sub-controls of the IA category.
- Rajiv ( @Rajiv Gunja) to fill in column J (Responsibility) for the RA category.
- Vishwas ( @Vishwas Manral) to fill in column J (Shared Responsibility) in the SC category. Specifically for sub-controls: SC-1, SC-2, SC-5 to SC-8, SC-10X, SC-12,SC-13, SC-16, SC-17, SC-20(X), SC-21(X), SC-23, SC-25X, SC-28, SC-38, SC-44, SC-46.
- Working group to discuss and decide whether IA-5 (1) is in scope or out of scope since this sub-control is considered Organizational and the policy should be system wide and generic.
Next working group call: Thursday, 23 March.
Time: 09:00 a.m. PST / 12:00 p.m EST / 16:00 GMT / 18:00 EET (**Please note that the call is happening an hour earlier than usual for the Europe based members due to the US daylight saving)
URL: https://zoom.us/j/98681420926 (Meeting ID: 986 8142 0926)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------