Serverless

Back to discussions
Expand all | Collapse all

Meeting Minutes 9th March 2023

  • 1.  Meeting Minutes 9th March 2023

    Posted Mar 20, 2023 12:56:00 PM

    Dear members,

    Meeting minutes form our 9th March call can be found below:

    Document: NIST controls implementation to FaaS.

    Previous action items:

    • Robert to please finish reviewing column I for the SI category. - DONE
    • Aradhna to review and vote on the details of the SI: System and Information Integrity control category entered by Eric PeetersSI-6, SI-10 (1) to SI-10 (4), SI-11, SI-17. - DONE
    • Eric to discuss with Aradhna or the working group on SI-10 (1) to SI-10 (4), SI-11. For SI-4(1) please specify 'Why is it Out of Scope for FaaS. - DONE
    • Eric to fill in column J of the Shared Responsibility in the AU category. - PENDING
    • Vishwas to fill in column J of the Shared Responsibility in the SC category. - PENDING
    • Vishwas to fill in column J of the Shared Responsibility in the CA category. - PENDING
    • Rajiv to fill in the column J of the Shared Responsibility in the RA category. - PENDING
    • Volunteer needed to fill in column J of the Shared Responsibility in the CM and AT categories.- PENDING
    • Working group to discuss and decide whether IA-5 (1) is in scope or out of scope since this sub-control is considered Organizational and the policy should be system wide and generic. - PENDING
    • Needed reviewer for the new entries of the IA: Identification and Authentication controls category that are marked N/A. - PENDING

    Next action items:

    • Eric ( @Eric Peeters ) to fill in columns I and J for the SI-10 (3) sub-control. Column J for SI-10 and SI-10 (4)
    • Eric ( @Eric Peeters ) to fill in the Implementation detail (column G) for the SI-17 sub-control.
    • Eric ( @Eric Peeters ) to fill in column J of the Shared Responsibility in the AU category. Specifically, for sub-control: AU-1 to AU-3 (1) and AU-6, AU-6 (3), AU-6 (7), AU-7, AU11- AU-12.
    • Robert ( @Robert Ficcaglia) to please fill in column J (Responsibility) to the AT category.
    • Vishwas ( @Vishwas Manral) to fill in column J of the Shared Responsibility in the CA category.
    • Joseph ( @Joseph Arcelo) to fill in column J (Responsibility) of the CM category.
    • Joseph ( @Joseph Arcelo) to review and comment the N/A sub-controls of the IA category.
    • Rajiv ( @Rajiv Gunja) to fill in column J (Responsibility) for the RA category.
    • Vishwas ( @Vishwas Manral) to fill in column J (Shared Responsibility) in the SC category. Specifically for sub-controls: SC-1, SC-2, SC-5 to SC-8, SC-10X, SC-12,SC-13, SC-16, SC-17, SC-20(X), SC-21(X), SC-23, SC-25X, SC-28, SC-38, SC-44, SC-46.
    • Working group to discuss and decide whether IA-5 (1) is in scope or out of scope since this sub-control is considered Organizational and the policy should be system wide and generic.

    Next working group call: Thursday, 23 March.
    Time: 09:00 a.m. PST / 12:00 p.m EST / 16:00 GMT / 18:00 EET (**Please note that the call is happening an hour earlier than usual for the Europe based members due to the US daylight saving)
    URL: https://zoom.us/j/98681420926  (Meeting ID: 986 8142 0926)

    Kind regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------