Trust Center

What can a certain user do and see? This question of authorization, which is crucial to all aspects of data security, is handled with more granular controls than any other data platform. MarkLogic supports Role-based Access Control (RBAC) and other security models to define granular privileges to restrict access to actions, data, and resources.

• Document and Element Level Security to control access to specific XML and JSON documents and the elements/properties/paths within those documents.
• Data Redaction to mask or conceal sensitive data like PII data stored as XML elements or JSON properties for data protection and privacy. Use rule-based redaction policies for data loss prevention to confidently share data with third parties.

What happened, exactly? MarkLogic records every action by default to answer detailed questions about system activities along a timeline. This includes data inserts, reads, and updates, code execution, and authentication changes. MarkLogic provides full access to system logs.

Can someone get access without credentials? Can they modify the files? Can they erase evidence of wrongdoing? MarkLogic has advanced encryption to encrypt data on the wire (in transit) and on disk (encryption at rest).

Encryption is comprehensive (data, configurations, and logs), transparent (no coding required), and fast (negligible performance impact). MarkLogic supports client-owned encryption keys using the public cloud provider’s key management system.

MarkLogic has scalable controls for authentication, ensuring that the system easily integrates into your environment.

MarkLogic has granular access controls to govern what a user can do and see. Each user is associated with any number of roles, and each role is given privileges that determine what they can do. Also, each document has permissions dictating which roles can see and edit it. Security checks verify the necessary credentials before granting the requested action, and security information is stored in a specific security database in MarkLogic.

MarkLogic secures data at the collection level, document level, and even element/property level (like cell-level security in a relational database). This goes beyond what other document databases provide as it’s very hard to engineer on the back-end and maintain performance, but MarkLogic does it.

MarkLogic closely monitors database activity and makes it possible to audit document access and updates, configuration changes, administrative actions, code execution, and changes to access control.

Cutting-edge data encryption protects against unauthorized access of the database by a SysAdmin or Storage Admin. It allows data, configuration, and logs to be encrypted while data is in-flight and at-rest on disk using TLS & AES-256 encryption, and it conforms to FIPS 140 criteria.

In addition to RBAC, MarkLogic can also employ other security models such as Attribute-Based Access Control (ABAC), Policy-Based Access Control (PBAC), or Label-Based Access Control (LBAC). These models further restrict access based on attributes (e.g., social security number, IP address, user’s age, or time of day), policies, or simple labels representing “high” or “low” levels of trust.

Out-of-the-box, MarkLogic provides you with the industry-leading security you need. Your organization may also require the Advanced Security add-on, which includes three additional capabilities.

• Redaction
• External Key Management System (KMS) Support
• Compartment Security

Learn more about Advanced Security

Attestation for compliance with US Food and Drug Administration regulations around handling electronic records.

READ BLOG POST

REQUEST REPORT

The NIST Cybersecurity Framework (CSF) is US-issued guidance for organizations on how to improve their ability to prevent, detect, and respond to cybersecurity risks. NIST 800-53 maps to other standards (e.g., ISO 27001) and underlies other standards like HIPAA and FedRAMP.

Security framework established by the General Services Administration (GSA) in 2012 to protect data confidentiality, integrity, and availability in cloud environments.

Guidelines for complying with the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) related to processing, maintaining, storing, and sharing protected health information (PHI).

MarkLogic is HIPAA-ready.

The Defense Federal Acquisition Regulation Supplement is US DoD-specific rules for procurement within the US public sector.

SELF-ATTESTATION WITH DFARS

International standard (ISO/IEC 15408) for a common set of functional and assurance security requirements, evaluated by licensed labs.

MarkLogic is the only non-relational database to have this.

READ BLOG POST

Documented guidelines for deploying in U.S. DoD/DISA IT systems that provide guidance on how to set up and configure a product.

MarkLogic has been “STIG’d” for multiple US federal projects.

REQUEST MORE INFORMATION

A Voluntary Product Accessibility Template (VPAT®) explains how information and communication technology products meet the accessibility requirements of the U.S. government Section 508 standards.

DOWNLOAD VPAT

General Data Protection Regulation (GDPR) that went into effect in May 2018 with the goal of strengthening personal data protection in Europe.

MarkLogic complies with GDPR, and helps customers comply with GDPR.