Hi All,
NIST Publishes IR 8504, Access Control on NoSQL Databases
NIST has published Internal Report (IR) 8504, Access Control on NoSQL Databases. NoSQL (i.e., "not only SQL" or "non-SQL") database systems and data stores often outperform traditional relational database management systems (RDBMSs) in various aspects, such as data analysis efficiency, system performance, ease of deployment, flexibility/scalability of data management, and users' availability. However, with increasing people storing sensitive data in NoSQL databases, access control issues have become a fundamental data protection requirement for database management systems.
This document discusses access control on NoSQL database systems by illustrating the NoSQL database types and their support for access control models. It assumes that the access control system stores and manages access control data (e.g., subjects, objects, and attributes) in the NoSQL database and describes considerations from the perspective of access control in general.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------