These Enterprise Data business rules provided in this topic serve as the CMS standards and conventions for implementing CMS data mesh solutions. They previously appeared with the decommissioned EDM, but apply in general to CMS data mesh solutions.
All production data mesh systems must comply with the CMS TRA.
BR-DM-2: Data storage is to be separated from compute
Separating the data from the application and analytic tools that access it means that the data does not have to be duplicated for organization that wants to use it. Data contributors can focus on managing their data, while users are allowed to work with tools that are native to their understanding. This supports “share-in-place” implementations.
BR-DM-3: Data assets are not to be copied or moved
The Enterprise Data Mesh does not seek to centralize the data. Using a very light footprint, the data mesh works with the contributors to align their existing data to a set of common standards and integration patterns. The data mesh exposes those datasets through a centralized metadata catalog, which makes it accessible and discoverable based on permissions.
BR-DM-4: Shared data assets are to be registered in Snowflake and a user-facing data catalog where available
Rather than moving their data to a central location, data contributors simply publish the information about their metadata to the IDR Snowflake Metadata Layer. The compute metadata catalog allows data sets to be automatically discovered by database tools.
BR-DM-5: The data mesh does not share raw data or unstructured data. All data in the EDM is fully structured and immediately consumable
A data mesh is closer in design to the industry term Data Lakehouse and customizes the design and approach to CMS requirements using Data mesh and Data domain principles.
BR-DM-6: Data sets are to remain within the data owner’s security boundary
Because the data is not moved or copied, the data remains within the data owner’s security boundary and under the data contributor’s control. Only the metadata is exposed to the Data Layer. The data contributor remains in control of who can access their data.
BR-DM-7: Data owners are required to curate their data assets and manage freshness and usability
BR-DM-8: Data consumers bring their own compute resources
“Separation of storage from compute” means that Data Consumers can point their own tools (computes) at different types of storage, accessing the data wherever it lives, rather than having to load it all into one database. Each user is allowed to bring their own skills and explore the data in ways that make sense to them. Our goal is to democratize our data. Democratizing data means making data accessible to the average non-technical user of information systems, without having to require the involvement of IT.
BR-DM-9: The data owner is responsible for determining the users, groups, roles, and policies that govern data access
In the System to System Design Pattern, the consuming system is responsible for implementing the role based security required by the data owner. But in the End User to Data Mesh Design Pattern access roles are applied to the data and maintained by the data owners.
TRA 2025 Release 1 • General Distribution / Unclassified Information