| CPC H04L 63/20 (2013.01) [H04L 41/22 (2013.01); H04L 63/1433 (2013.01)] | 19 Claims |
|
1. A server system comprising:
a memory resource; and
a processing resource operably intercoupled with the memory resource and configured to instantiate an instance of software configured to:
receive, as input, first information identifying an organization;
receive, as input, second information identifying an information security standard;
query a first data store, with the first information, to retrieve a set of third-party software licensed by and deployed by the organization;
generate a set of structured data representations by:
for each third-party software of the set of third-party software, query a second data store to retrieve a respective structured data representation of a respective configuration of the respective third-party software as deployed by the organization as of receiving the first information;
query a third data store, with the second information, to retrieve a data object comprising attributes corresponding to software configuration requirements imposed by the information security standard;
for each respective attribute of the data object, determine whether the respective software configuration requirement imposed by the information security standard is satisfied by at least one structured data representation of the set of structured data representations and:
in response to determining that the respective software configuration requirement is not satisfied by any structured data representation of the set of structured data representations, provide a first output asserting that the organization fails to comply with the information security standard; and
in response to determining that the respective software configuration requirement is satisfied by at least one structured data representation of the set of structured data representations, provide a second output asserting that the organization at least partially complies with the information security standard; and
in response to determining that each software configuration of each respective attribute of the data object is satisfied by at least one structured data representation of the set of structured data representations, provide a third output asserting that the organization fully complies with the information security standard.
|