Abstract: One or more systems, devices, computer program products and/or computer-implemented methods of use provided herein relate to compliance mapping, and more particularly to aggregated mapping of one or more sets of context-based compliance data with standard compliance data, such as from a target domain and one or more associate domains. A system can comprise a memory that stores computer executable components, and a processor that executes the computer executable components stored in the memory, wherein the computer executable components can comprise a mapping component that can map a compliance control for a target domain based on a model trained by an active learning process that incorporates a plurality of contexts representing relationships between entities and associate domain specific dependencies.

Abstract: An apparatus, a method, and a computer program product are provided that combine policy compliance with vulnerability management to provide a more accurate risk assessment of an environment. The method includes training a policy machine learning model using a first training dataset to generate a policy machine learning model to produce mitigation technique classifications and training a vulnerability machine learning model using a second training dataset to generate a vulnerability machine learning model to produce weakness type classifications. The method also includes mapping the mitigation technique classifications to attack techniques to produce a policy mapping and mapping the weakness type classifications to the attack techniques to produce a vulnerability mapping. The method further includes producing a risk assessment of a vulnerability based on the policy mapping and the vulnerability mapping.

Abstract: Techniques for managing and processing of configuration changes associated with a service container associated with a service mesh are presented. An application management component can determine immutable configuration data (ICD) relating to configuration change processing for the service container based on policies received from an application owner. A message processing component (MMC) of a service proxy associated with the service container can receive, via a control plane, a message associated with an untrusted entity. MMC can determine whether the message comprises a configuration change request relating to interaction between the application and the service mesh, and, if so, can determine whether to allow the service proxy to process the configuration change based on analysis of the configuration change and ICD. If ICD indicates the configuration change is not allowed, service proxy can discard the request.

Abstract: A content generation method includes receiving a control document comprising one or more control clauses, identifying actionable content for the one or more control clauses, generating a programming language template for the one or more control clauses, identifying a closest existing control clause from a database for each of the one or more control clause, identifying a programming language implementation of the closest existing control clause, identifying similarities and differences between the programming language implementation and the generated programming language template, and annotating the programming language implementation for the closest existing control clause based on the identified similarities and differences.

Abstract: A computer system, program code, and a method are provided to leverage an AI model with respect to a target specification for a target standard. The AI model is configured to identify at least one candidate control associated with a corresponding standard. A map is subject to traversal to identify the candidate control in the map. Source and destination controls of the map are leveraged to identify at least one mapped control associated with the target standard. The AI model is selectively subject to training with the mapped control and the target standard.