NIST Big Data Interoperability Framework V1 - Vol

NISTSpecialPublication1500-4DRAFTNISTBigDataInteroperabilityFramework:Volume4,SecurityandPrivacyNISTBigDataPublicWorkingGroupSecurityandPrivacySubgroupDraftVersion1April6,2015:Volume4,SecurityandPrivacyDraftVersion1NISTBigDataPublicWorkingGroup(NBD-PWG)SecurityandPrivacySubgroupNationalInstituteofStandardsandTechnologyGaithersburg,MD20899April2015U.S.DepartmentofCommercePennyPritzker,SecretaryNationalInstituteofStandardsandTechnologyDr.WillieE.May,UnderSecretaryofCommerceforStandardsandTechnologyandDirectorDRAFTNISTBIGDATAINTEROPERABILITYFRAMEWORK:VOLUME4,SECURITYANDPRIVACYiiNationalInstituteofStandardsandTechnologySpecialPublication1500-471pages(April6,2015)Certaincommercialentities,equipment,ormaterialsmaybeidentifiedinthisdocumentinordertodescribeanexperimentalprocedureorconceptadequately.SuchidentificationisnotintendedtoimplyrecommendationorendorsementbyNIST,norisitintendedtoimplythattheentities,materials,orequipmentarenecessarilythebestavailableforthepurpose.TheremaybereferencesinthispublicationtootherpublicationscurrentlyunderdevelopmentbyNISTinaccordancewithitsassignedstatutoryresponsibilities.Theinformationinthispublication,includingconceptsandmethodologies,maybeusedbyFederalagenciesevenbeforethecompletionofsuchcompanionpublications.Thus,untileachpublicationiscompleted,currentrequirements,guidelines,andprocedures,wheretheyexist,remainoperative.Forplanningandtransitionpurposes,FederalagenciesmaywishtocloselyfollowthedevelopmentofthesenewpublicationsbyNIST.OrganizationsareencouragedtoreviewalldraftpublicationsduringpubliccommentperiodsandprovidefeedbacktoNIST.AllNISTInformationTechnologyLaboratorypublications,otherthantheonesnotedabove,areavailableat:April6,2015throughMay21,2015CommentsonthispublicationmaybesubmittedtoWoChangNationalInstituteofStandardsandTechnologyAttn:WoChang,InformationTechnologyLaboratory100BureauDrive(MailStop8900)Gaithersburg,MD20899-8930Email:SP1500comments@nist.govDRAFTNISTBIGDATAINTEROPERABILITYFRAMEWORK:VOLUME4,SECURITYANDPRIVACYiiiReportsonComputerSystemsTechnologyTheInformationTechnologyLaboratory(ITL)atNISTpromotestheU.S.economyandpublicwelfarebyprovidingtechnicalleadershipfortheNation’smeasurementandstandardsinfrastructure.ITLdevelopstests,testmethods,referencedata,proofofconceptimplementations,andtechnicalanalysestoadvancethedevelopmentandproductiveuseofinformationtechnology.ITL’sresponsibilitiesincludethedevelopmentofmanagement,administrative,technical,andphysicalstandardsandguidelinesforthecost-effectivesecurityandprivacyofotherthannationalsecurity-relatedinformationinFederalinformationsystems.ThisdocumentreportsonITL’sresearch,guidance,andoutreacheffortsinInformationTechnologyanditscollaborativeactivitieswithindustry,government,andacademicorganizations.AbstractBigDataisatermusedtodescribethedelugeofdatainournetworked,digitized,sensor-laden,information-drivenworld.WhilegreatopportunitiesexistwithBigData,itcanoverwhelmtraditionaltechnicalapproachesanditsgrowthisoutpacingscientificandtechnologicaladvancesindataanalytics.ToadvanceprogressinBigData,theNISTBigDataPublicWorkingGroup(NBD-PWG)isworkingtodevelopconsensusonimportant,fundamentalquestionsrelatedtoBigData.TheresultsarereportedintheNISTBigDataInteroperabilityFrameworkseriesofvolumes.Thisvolume,Volume4,containsanexplorationofsecurityandprivacytopicswithrespecttoBigData.ThisvolumeconsidersnewaspectsofsecurityandprivacywithrespecttoBigData,reviewssecurityandprivacyusecases,proposessecurityandprivacytaxonomies,presentsdetailsoftheSecurityandPrivacyFabricoftheNISTBigDataReferenceArchitecture(NBDRA),andbeginsmappingthesecurityandprivacyusecasestotheNBDRA.KeywordsBigDatasecurity,BigDataprivacy,BigDatataxonomy,usecases,BigDatacharacteristics,securityandprivacyfabric,BigDatariskmanagement,cybersecurity,computersecurity,informationassurance,informationsecurityframeworks,encryptionstandards,role-basedaccesscontrols,BigDataforensics,BigDataauditDRAFTNISTBIGDATAINTEROPERABILITYFRAMEWORK:VOLUME4,SECURITYANDPRIVACYivAcknowledgementsThisdocumentreflectsthecontributionsanddiscussionsbythemembershipoftheNBD-PWG,co-chairedbyWoChangoftheNISTITL,RobertMarcusofET-Strategies,andChaitanyaBaru,UniversityofCalifornia,SanDiegoSupercomputerCenter.ThedocumentcontainsinputfrommembersoftheNBD-PWGSecurityandPrivacySubgroup,ledbyArnabRoy(Fujitsu),MarkUnderwood(KryptonBrothers),andAkhilManchanda(GE);andtheReferenceArchitectureSubgroup,ledbyOritLevin(Microsoft),DonKrapohl(AugmentedIntelligence),andJamesKetner(AT&T).NISTSP1500-4,Version1hasbeencollaborativelyauthoredbytheNBD-PWG.Asofthedateofthispublication,thereareoversixhundredNBD-PWGparticipantsfromindustry,academia,andgovernment.FederalagencyparticipantsincludetheNationalArchivesandRecordsAdministration(NARA),NationalAeronauticsandSpaceAdministration(NASA),NationalScienceFoundation(NSF),andtheU.S.D