Automated compliance exception approval

US 9,773,122 B2
Filed: 11/27/2015
Issued: 09/26/2017
Est. Priority Date: 11/27/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for automated approval of a non-compliance of a modified configuration of a first computer system with one or more compliance rules,the method comprising:

receiving by a first package management system a pre-approved modification pattern in form of a software package comprising a modification pattern specifying one or more modifications to be applied to a first configuration of the first computer system and one or more compliance exception pre-approvals assigned to the respective modification pattern, each of the respective pre-approvals specifying a pre-approved non-compliance of one or more of the respective modifications with the one or more compliance rules,deploying the respective pre-approved modification pattern by modifying the first configuration according to the modification pattern and providing the one or more compliance exception pre-approvals to a first compliance management system,performing a compliance check of the resulting modified configuration of the first computer system by the respective first compliance management system,in response to detecting a non-compliance with the one or more compliance rules, comparing the detected non-compliance with the one or more pre-approved non-compliances by the compliance management system,in response to a matching of the detected non-compliance with one or more of the respective pre-approved non-compliances, automatically approving the detected non-compliance by the first compliance management system.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a computer-implemented method for automated approval of a non-compliance of a modified configuration of a computer system with one or more compliance rules, the method comprising: receiving by a package management system a pre-approved modification pattern in form of a software package, deploying a modification pattern of the software package and providing compliance exception pre-approvals of the software package to a compliance management system, performing a compliance check of the resulting modified configuration of the computer system, in response to detecting a non-compliance with a compliance rule, comparing the detected non-compliance with the one or more pre-approved non-compliances, in response to a matching of the detected non-compliance with one or more of the respective pre-approved non-compliances, automatically approving the detected non-compliance by the compliance management system.

20 Citations

View as Search Results

20 Claims

1. A computer-implemented method for automated approval of a non-compliance of a modified configuration of a first computer system with one or more compliance rules,the method comprising:
- receiving by a first package management system a pre-approved modification pattern in form of a software package comprising a modification pattern specifying one or more modifications to be applied to a first configuration of the first computer system and one or more compliance exception pre-approvals assigned to the respective modification pattern, each of the respective pre-approvals specifying a pre-approved non-compliance of one or more of the respective modifications with the one or more compliance rules,deploying the respective pre-approved modification pattern by modifying the first configuration according to the modification pattern and providing the one or more compliance exception pre-approvals to a first compliance management system,performing a compliance check of the resulting modified configuration of the first computer system by the respective first compliance management system,in response to detecting a non-compliance with the one or more compliance rules, comparing the detected non-compliance with the one or more pre-approved non-compliances by the compliance management system,in response to a matching of the detected non-compliance with one or more of the respective pre-approved non-compliances, automatically approving the detected non-compliance by the first compliance management system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The computer-implemented method of claim 1, the method further comprising:
    - recording the automatic approval of the detected non-compliance to a logfile.
  - 3. The computer-implemented method of claim 1, the method further comprising:
    - in response to determining that the detected non-compliance is not matching with any of the pre-approved non-compliances, requesting by the compliance management system a compliance exception approval for the detected non-compliance,approving the detected non-compliance by the compliance management system upon receiving a compliance exception approval for the detected non-compliance.
  - 4. The computer-implemented method of claim 3, the method further comprising:
    - cancelling non-compliant modifications of the first configuration of the first computer system for which no compliance exception approvals are received.
  - 5. The computer-implemented method of claim 1, each non-compliance comprised by the first configuration of the first computer system being approved by a compliance exception approval.
  - 6. The computer-implemented method of claim 1, the first computer system being a virtual machine and modifying the first configuration of the first computer system comprises modifying software installed on the respective virtual machine.
  - 7. The computer-implemented method of claim 1, the method further comprising for generating the pre-approved modification pattern:
    - receiving by a second package management system the modification pattern,deploying the modification pattern by modifying a second configuration of a second computer system according to the modification pattern,performing a compliance check of the modified second configuration by a second compliance management system,in response to detecting one or more non-compliances with the one or more compliance rules, requesting one or more compliance exception approvals for the detected non-compliances,receiving one or more compliance exception pre-approvals assigned to the detected non-compliances,generating by the second package management system the software package comprising the modification pattern and the one or more compliance exception pre-approvals.
  - 8. The computer-implemented method of claim 7, the method comprising:
    - in response to generating the software package, storing the software package in a software package repository,receiving the software package of the pre-approved modification pattern from the software package repository in response to sending a request to the respective repository.
  - 9. The computer-implemented method of claim 7, the first and second compliance management system being the same compliance management system.
  - 10. The computer-implemented method of claim 1, the compliance exception pre-approval being assigned with a first digital signature and an ID identifying an approving authority, the method further comprising:
    - upon receipt of the compliance exception pre-approval, verifying by the first compliance management system the first signature and the authorization of the approving authority identified by the ID.
  - 11. The computer-implemented method of claim 1, the pre-approved modification pattern being assigned with a second digital signature, the method further comprising:
    - upon receipt of the pre-approved modification pattern, verifying the second signature.
  - 12. The computer-implemented method of claim 1, the modification pattern further comprising machine-readable installation instructions specifying an installation procedure to be applied and machine-readable configuration instructions specifying post-installation configuration adjustments to be applied, the modifying of the first configuration of the first computer system comprising:
    - executing the respective installation instructions,executing the respective configuration instructions.
  - 13. The computer-implemented method of claim 12, the pre-approved modification pattern further comprising installable payload, the method further comprising:
    - upon execution of the installation instructions installing the installable payload.
  - 14. The computer-implemented method of claim 12, the pre-approved modification pattern further comprising one or more references to one or more installable files, the method further comprising:
    - upon execution of the installation instructions requesting, receiving and installing the respective installable files.
  - 15. The computer-implemented method of claim 1, the pre-approved modification pattern further comprising machine-readable mitigation instructions specifying adjustments to be applied to the modifications of the first configuration specified by the modification pattern for mitigating non-compliances of the respective modifications, the method further comprising:
    - executing the respective mitigation instructions.
  - 16. The computer-implemented method of claim 1, the pre-approved modification pattern further comprising control instructions specifying requirements to be met when controlling the first computer system for deploying the respective pre-approved modification pattern, the method further comprising:
    - controlling the first computer system according to the control requirements when deploying the respective pre-approved modification pattern.
  - 17. The computer-implemented method of claim 1, the pre-approved modification pattern further comprising pre-conditions specifying requirements to be satisfied by the first configuration of the first computer system for deploying the respective pre-approved modification pattern, the method further comprising:
    - checking whether the first configuration meets the requirements specified by the pre-conditions,in response to detecting a requirement specified by the pre-conditions which is not met by the first configuration, initiating an initial modification of the first configuration such that the first configuration meets the respective requirement.

18. A computer-implemented method for automated approval of a non-compliance of a modified configuration of a computer system with one or more compliance rules by a compliance management system,the method comprising:
- performing a compliance check of the modified configuration of the computer system by the compliance management system, the modified configuration of the computer system resulting from deploying a pre-approved modification pattern by a package management system modifying an initial configuration of the computer system according to a modification pattern, the modification pattern being provided by a pre-approved modification pattern in form of a software package comprising the modification pattern specifying one or more modifications to be applied to the initial configuration of the computer system and one or more compliance exception pre-approvals assigned to the respective modification pattern, each of the respective pre-approvals specifying a pre-approved non-compliance of one or more of the respective modifications with the one or more compliance rules,in response to detecting a non-compliance with the one or more compliance rules, comparing the detected non-compliance with the one or more pre-approved non-compliances from the software package provided to the compliance management system by the package management system,in response to a matching of the detected non-compliance with one or more of the respective pre-approved non-compliances, automatically approving the detected non-compliance by the compliance management system.

19. A computer program product for automated approval of a non-compliance of a modified configuration of a first computer system with one or more compliance rules, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor being configured to cause the processor to control a computer system to execute a method comprising:
- receiving by a package management system a pre-approved modification pattern in form of a software package comprising a modification pattern specifying one or more modifications to be applied to a configuration of the computer system and one or more compliance exception pre-approvals assigned to the respective modification pattern, each of the respective pre-approvals specifying a pre-approved non-compliance of one or more of the respective modifications with the one or more compliance rules,deploying the respective pre-approved modification pattern by modifying the configuration according to the modification pattern and providing the one or more compliance exception pre-approvals to a compliance management system,performing a compliance check of the resulting modified configuration of the computer system by the respective compliance management system,in response to detecting a non-compliance with the one or more compliance rules, comparing the detected non-compliance with the one or more pre-approved non-compliances by the compliance management system,in response to a matching of the detected non-compliance with one or more of the respective pre-approved non-compliances, automatically approving the detected non-compliance by the compliance management system.

20. A computer system for automated approval of a non-compliance of a modified configuration of a first computer system with one or more compliance rules, the computer system comprising a memory for storing machine executable instructions and a processor for executing the machine executable instructions, execution of the machine executable instructions by the processor causing the processor to control the computer system to execute a method comprising:
- receiving by a package management system a pre-approved modification pattern in form of a software package comprising a modification pattern specifying one or more modifications to be applied to a configuration of the computer system and one or more compliance exception pre-approvals assigned to the respective modification pattern, each of the respective pre-approvals specifying a pre-approved non-compliance of one or more of the respective modifications with the one or more compliance rules,deploying the respective pre-approved modification pattern by modifying the configuration according to the modification pattern and providing the one or more compliance exception pre-approvals to a compliance management system,performing a compliance check of the resulting modified configuration of the computer system by the respective compliance management system,in response to detecting a non-compliance with the one or more compliance rules, comparing the detected non-compliance with the one or more pre-approved non-compliances by the compliance management system,in response to a matching of the detected non-compliance with one or more of the respective pre-approved non-compliances, automatically approving the detected non-compliance by the compliance management system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Edison Vault, LLC
Original Assignee
International Business Machines Corporation
Inventors
Betzler, Boas, Kuehmichel, Andreas, Nachtwey, Volker, Schleicher, Klaus-Thomas
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US14/953,260
Publication Number

US 20170154189A1
Time in Patent Office

669 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45562   Creating, deleting, cloning...

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06F 8/61   Installation

G06F 9/45558   Hypervisor-specific managem...

Automated compliance exception approval

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Automated compliance exception approval

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links