Dear members,
Here you can find the minutes from our Serverless working group call that took place on the 5th of May.
Discussion:
The working group went through the remaining action items of the 'NIST 800-53 controls implementation to Serverless FaaS' document.
Previous action items:
- Shobhit to go through the document and check that all sub-controls that have their responsibility marked as CSP (in column J) are referenced correctly as in-scope (if so) or out of scope. (e.g. For the first CSP responsibility in row 6, we should check the name of the sub-control there (AC-1: Policy and Procedures) and that this sub-controls along with its Implementation detail (column G)+Relevance (column H) is relevant to FaaS (and rightly marked so) and not out of scope since it's only the CSP responsibility.) - DONE
- Vishwas to check all cells marked in yellow and verify their accuracy. Same for IA-5 (1). - Partially PENDING
New action item:
- Working group to go through all the yellow highlighted cells and to vote on their relevance. Namely: IA-3 (line 104), IA-3 (3), IA-3 (4), IA-4 (2), IA-4 (3), IA-4 (5), IA-5 (1), IA-4 (7), IA-5 (3) (row119), IA-5 (6), IA-5 (8) to IA-5 (10), IA-5 (13), IA-5 (14), IA-7 (row132), IA-8 (1), IA-8 (5) (row 138), IA-9 (1), IA-9 (2).
Next working group call: Friday, 19 May.
Time: 09:00 a.m. PST / 12:00 p.m. EST / 17:00 GMT / 19:00 EET.
URL: https://zoom.us/j/98681420926 (Meeting ID: 986 8142 0926)
Kind regards,
Marina
------------------------------
Marina Bregkou,
Senior Research Analyst,
CSA
------------------------------