| 发明名称 |
Generating a compliance data model for IT control |
| 摘要 |
Techniques are described herein that are capable of generating a compliance data model for information technology (IT) control. The compliance data model is capable of capturing data from technologies (e.g., software programs, file systems, etc.) and/or developers of those technologies for determining compliance of the technologies with regulations. The compliance data model may be used to automate generation of artifacts. Each artifact is machine-readable code that includes instructions regarding how to implement a control. A control is a software container that is associated with one or more elements, such as a control objective, a control activity, a control activity test, etc. The artifacts are usable by management systems to obtain data regarding installed technologies, settings of the technologies, configurations of the technologies, events that are being utilized by the technologies, etc. The management systems may use the data to generate reports regarding compliance of the technologies with the regulations. |
| 申请公布号 |
US9183528(B2) |
申请公布日期 |
2015.11.10 |
| 申请号 |
US201113268725 |
申请日期 |
2011.10.07 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Gemmell Thomas Pitcairn;Kapila Gaurav;Onalan Bahadir B.;Sanghvi Ashvinkumar J. |
| 分类号 |
G06F9/44;G06Q10/06 |
主分类号 |
G06F9/44 |
| 代理机构 |
|
代理人 |
Haslam Brian;Drakos Kate;Minhas Micky |
| 主权项 |
1. A method comprising:
generating a plurality of controls based on a plurality of regulations, each control corresponding to a respective subset of the plurality of regulations; automatically determining a subset of the plurality of controls that is applicable to a software technology based on a first plurality of answers that corresponds to a first plurality of questions regarding intended use and implementation of the software technology, each control in the subset of the plurality of controls being associated with a control objective that specifies one or more criteria that are to be satisfied for compliance with the respective subset of the plurality of regulations, a control activity that includes instructions that specify a manner in which satisfaction of the one or more criteria that are specified by the corresponding control objective are to be satisfied, and a control activity test that includes instructions that specify a manner in which verification of satisfaction of the one or more criteria that are specified by the corresponding control objective is to be performed; automatically generating a compliance data model regarding the software technology, the compliance data model specifying at least the control objective and the control activity test for each control in the subset of the plurality of controls; and using the compliance data model to generate a plurality of artifacts that define a manner in which the software technology is to be executed for compliance with the plurality of regulations. |
| 地址 |
Redmond WA US |
