Data Mesh Access Control and Security

Authentication

Authentication will be performed in accordance with the methods described in CMS TRA Network Services, Access Control and Identity Management chapter. Identity and authentication requirements may vary depending on the sensitivity of the data involved.

The Enterprise Data Mesh is built and scaled along a single value stream –

The System-to-EDL-Data-Mesh use cases have authentication and other controls enforced fully at the cloud layer. The end user to data mesh will leverage a runtime access control and governance capability that would interface with any compute that is spun up by an end user. Access controls are built using role- and attribute-based controls and supported by a workflow.

Access to the EUDC is assigned through the CMS Enterprise Portal with a CMS Identify Management (IDM) ID, the Enterprise User Data Catalog Application and the Enterprise User Data Catalog Role.

TRA 2024 Revision 3.0 • General Distribution / Unclassified Information