Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Invites Public Comments on IR 8504, Access Control on NoSQL Databases
January 30, 2024

The initial public draft of NIST Internal Report (IR) 8504, Access Control on NoSQL Databases, **** is now available for public comment. NoSQL (i.e., “not only SQL” or “non-SQL”) database systems and data stores often outperform traditional relational database management systems (RDBMSs) in various aspects, such as data analysis efficiency, system performance, ease of deployment, flexibility/scalability of data management, and users’ availability. However, with an increasing number of people storing sensitive data in NoSQL databases, access control issues have become a fundamental data protection requirement for database management systems.

This document discusses access control on NoSQL database systems by illustrating the NoSQL database types and their support for access control models. It operates under the assumption that the access control system stores and manages access control data (e.g., subjects, objects, and attributes) in the NoSQL database and describes considerations from the perspective of access control in general.

A public comment period is open through March 15, 2024. See the publication details for a copy of the draft and instructions for submitting comments.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy Inclusion of Patents in ITL Publications.

Related Topics

Security and Privacy: access control

Created January 26, 2024, Updated January 30, 2024