PulseAugur
实时 09:42:00
English(EN) From Legacy Documentation to OSCAL: An MCP-Based Agent Pipeline for Threat-Informed Continuous Compliance in Critical Infrastructure

AI管道将基础设施文档转换为合规性制品

本文介绍了一种新颖的多代理管道,旨在通过将自然语言系统描述转换为可验证的知识图谱和NIST OSCAL格式的制品来增强关键基础设施的合规性管理。该系统旨在通过将LLM推理与确定性威胁情报检索分离来减少虚构的漏洞和幻觉攻击路径。在一个合成水务场景中,该管道在CVE和D3FEND方面表现出高召回率,成功生成了OSCAL系统安全计划和安全评估报告,尽管它指出错误可能会转移到初始资产提取阶段。 AI

影响 这项研究可以通过自动化将非结构化文档转换为结构化、可审计的格式,从而简化关键基础设施的合规性和风险评估。

排序理由 该集群包含一篇详细介绍新颖AI管道的研究论文。

在 arXiv cs.AI 阅读 →

AI 生成摘要 · Google Gemini · 来自 2 个来源。 我们如何撰写摘要 →

AI管道将基础设施文档转换为合规性制品

报道来源 [2]

  1. arXiv cs.AI TIER_1 English(EN) · Lea Roxanne Muth, Marian Margraf ·

    From Legacy Documentation to OSCAL: An MCP-Based Agent Pipeline for Threat-Informed Continuous Compliance in Critical Infrastructure

    arXiv:2607.08288v1 Announce Type: cross Abstract: In critical infrastructure, operational technology environments often cannot be actively scanned, and yet active system feedback is needed for risk assessment and compliance. This paper presents a non-invasive, MCP-grounded multi-…

  2. arXiv cs.AI TIER_1 English(EN) · Marian Margraf ·

    From Legacy Documentation to OSCAL: An MCP-Based Agent Pipeline for Threat-Informed Continuous Compliance in Critical Infrastructure

    In critical infrastructure, operational technology environments often cannot be actively scanned, and yet active system feedback is needed for risk assessment and compliance. This paper presents a non-invasive, MCP-grounded multi-agent pipeline that converts natural-language syst…