Serverless

Back to discussions
Expand all | Collapse all

Meeting Minutes June 30th, 2023+reminder of tomorrow's WG call!

  • 1.  Meeting Minutes June 30th, 2023+reminder of tomorrow's WG call!

    Posted Jul 13, 2023 07:56:00 AM

    Dear members,

    This is a reminder to our working group call, which is scheduled for tomorrow, Friday 14th of July, at 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT / 19:00 EET.

    Minutes form the previous call on 30 June follow below:

    •  'FaaS Serverless Control Framework (Set) based on NIST 800-53 R5 controls' has now closed its peer review period!
    • Working group went through the charter document and finalized its content to be persistent with 2023 actions.
    • Agreed on the small update of our 'Serverless Architecture' document which seems to have some clarity issues in one of the sections.
    • Wayne Anderson suggested creating a webinar in order to present and launch the  FaaS controls document.
    • Working group agreed to take August off and resume work in September with new action items like updating of the 12th most critical risks for Serverless applications document. (What other top threats to Serverless exist. Existing and known attacks/problems, etc.) 

    Previous action items:

    • Marina to send the template for the accompanying ppt of the FaaS document to be published, to Wayne, Vishwas and Roberto. - DONE
    • Wayne and Vishwas and Roberto to create a max. 10 pages presentation to go with the FaaS excel document. - PENDING
    • Finalize the update of the charter document for 2023 actions. - DONE
    • Start re-shaping chapter 6 from the Serverless Architecture document. Google document version can be found here. - In progress

    New action items:

    • Working group to go through and address/resolve all comments done to the FaaS controls Framework document after peer review period passed on 12th of July.
    • Working group to start updating chapter 6 of the Serverless Architecture document after feedback brought in by a volunteer who noticed the Best Practices mention is not a specific section in the document, rather than spread throughout it. Craig suggested to use the NIST (800-30 and 39) document as a source in creating the new 6.6 Serverless Best Practices section. Google version of document, here.
    • Wayne ( @Wayne Anderson), Vishwas ( @Vishwas Manral) and Robert@Robert Ficcaglia) to create a max. 10 pages presentation (using this template) to go with the FaaS excel document when it is published.
    • Marina will ask Aradhna's help to identify who will work on the OSCAL version of the FaaS controls framework.
    • Marina to ask the volunteer who offered feedback on the Serverless Architecture document if there is any other expectation or feedback he would like to offer.

    To connect on the call tomorrow:
    URL https://zoom.us/j/98681420926  (Meeting ID: 986 8142 0926)

    Warm regards,
    Marina



    ------------------------------
    Marina Bregkou,
    Senior Research Analyst,
    CSA
    ------------------------------