| CPC H04L 63/1425 (2013.01) [H04L 63/20 (2013.01)] | 20 Claims |
|
1. A method for managing computing infrastructure, the method comprising:
obtaining a compliance information element for an infrastructure component of the computing infrastructure;
dynamically processing the compliance information element to update a cross-standard compliance coverage model to obtain an updated cross-standard compliance coverage model;
obtaining, using the updated cross-standard compliance coverage model, standard compliance data for a security standard enforced on the infrastructure;
making a determination, based on the standard compliance data obtained using the updated cross-standard compliance coverage model, a confidentiality-integrity-availability classifications for the infrastructure, and a rating system, whether the infrastructure has undergone a change in compliance with the security standard; and
in an instance of the determination made based on the standard compliance data obtained using the updated cross-standard compliance coverage model where the infrastructure has undergone a change in compliance with the security standard resulting in a compliance failure specified by the standard compliance data:
obtaining logs for the infrastructure component;
identifying a chain of actions that lead to the compliance failure and that caused the change in compliance with the security standard; and
performing an action set to manage an impact of the change in compliance with the security standard, the action set being based at least in part of the chain of actions that was identified.
|