Scope | Introduction

1. Scope | Introduction Update from Big Data Security & Privacy Subgroup

2. Introduction • Lay reader tone and content • No explicit introductory reference to “fabric” construct • Introduces: • Variety and Governance, Regulation & Compliance (GRC) • Security & GRC tradeoffs • Access to PII • S&P Beyond Velocity, Variety & Volume • Volatility (“temporality”) • Veracity (or “Validity”, Provenance) • Role-specific literacy • Domain-specific semantics • Other signposts for practitioners

3. Hoped-for Improvements • Better integration of lay and technical concerns • Additional relevant S&P references • Better targeting of V&V&V+ dimensions to distinguish from other NIST and third party S&P documents • Milieu of specialized topics moved to an Appendix • Completed for Appendix 1 (Roles) • Pending for Appendix 2 (Specialized Topics, etc.)

4. Remaining Tasks • Subdocument navigation aids • Direct users to sections that are most relevant to their needs, enabling specialists to skip sections they already understand, and directing lay readers to specific users they may not have considered. • Taxonomy / RA Integration • Appendix 2* • Light work of conceptual structure to match fabric language • Mirror outlines in RA and Taxonomy where it makes sense • Include additional role / role axes *Facilitated by technical writer assistance?

5. Additional Role Content Pending Role Categories in Scope Section • Stakeholders and “Users” • Ratifiers • Attackers & Unwitting Collaborators • Governors

6. Role Framework Axes* • IT Operators • Governance | Regulation | Compliance Officers • Business | Data Consumers Example: Auditors are both stakeholders and ratifiers. *Approach suggested by Roy D’Souza