Subsection Scope: Discuss ISO standard here in one or two paragraphs.
Provenance in Big Data encompasses people and systems.
Subsection Scope: Need text
Subsection Scope: Discuss big data traceability, especially for data sent to data lakes, or with automatically appended metadata. What relation to traditional data warehouse? Forensics (see NIST reference).
Representing a big data
Security/Privacy Reasoning Support
Subsection Scope: Need text
See Oasis STIX. SnP architectures which employ canonical security descriptions enable automated access to published vulnerabilities as well as emerging Security as a Service offerings. These are not defined in this document, but Big Data components from the RA are suggested for inclusion.
13.35.2Possible Roles for SnP Ontologies
Subsection Scope: New section. Insert Obrst discussion. Discuss relevance of continuous security and need for real time automated playbooks in response to insider threat and zero day scenarios.
Subsection Scope: New section. Explain why top conformance level integrates provenance that is mapped to a big data domain model.
Audit and Configuration Management
Auditing fabric topology, including configuration management (CM) changes (taxonomic issues with configuration change data vs. audit data)
Audit and CM across organizational entities is only lightly covered in other standards. Planning for cross-organizational data transport is a big data concern, in particular:
Private enterprise -> government
Government agency -> government agency
Government (e.g., open data resource) -> private enterprise
Subsection Scope: Packet-by-packet dump / restore capability is one approach to developing a Big Data SnP resource. TODO Flesh out
Subsection Scope: Text could be enhanced.
Security Intelligence Event Management (SIEM) applications increasingly rely on extensive log data for analytics. Similarly, log data is essential for many aspects of forensic analysis. Log data itself is increasingly Big Data. In a 2015 presentation, an Amazon Web Services representative stated that its largest application at the time was its self-monitoring data used for management and billing support (insert briefing reference from Amazon ).
In recommendations released in 2006, NIST provided a set of recommendations for managing computer logs in order to preserve their integrity (Kent & Souppaya, 2006). Big Data presents additional challenges. 
In 2006, NIST also provided guidelines for “Integrating Forensic Techniques into Incident Response” (Kent, Chevalier, Grance, & Dang, 2006). Incident response for Big Data .
13.35.6Big Data Audit and Monitoring
Subsection Scope: New section. Discuss suggestions from recent texts on Big Data monitoring in the Apache stack. Design challenges in building big data alert systems that follow good HCI principles and supports visualization where that can be shown to be efficacious.
Section Scope: Describe the workflow models. Opening paragraph to define what a workflow model is, list the workflow models to be discussed, and how they fit into the NBDRA.
Orchestration can encompass policy automation, such as identifying need-to-know defaults within the application domain model.
 Walk through how workflow works in CloudMesh
Subsection Scope: Text needed
In Version 1, no distinction was made between high and low compliance levels.
Facilitate scientific and engineering big data (generally low privacy risk without external data)
See NIST 800-53 Rev 4 (three levels) and/or an approach based on treaties
Standards, Best Practices and Gaps
Section Scope: Discussion of standards related to the topics previously discussed in this document. Either the existing standards or the lack of a standard (i.e., gap) will be will be mentioned for a topic/technology/issue. To show what standards available addressing SnP and what standards NOT available from emerging technologies such as DevOps, etc.
13.37NIST Cybersecurity Framework
Sometime in 2017, NIST plans an “minor” update to the 2014 Cybersecurity Framework (Eric Chabrow, 2016). Since its introduction in 2014, the framework (NIST National Institute of Standards, 2014) has seen considerable de facto adoption and mention across a variety of industries. In addition to its appearance in the DHS Critical Infrastructure Cyber Community C³ Voluntary Program (US Dept of Homeland Security, 2015), NCF appears in numerous published HR position descriptions. Its appearance in cybersecurity hiring actions, as well as adaptation for other standards such as SAFSA SENC (Efrain Gonzalez, 2015) further reflect its importance.