Automated production of certification controls by translating framework controls

US 9,942,218 B2
Filed: 12/08/2015
Issued: 04/10/2018
Est. Priority Date: 09/03/2013
Status: Active Grant

First Claim

Patent Images

1. A method to automate production of certification controls by translating framework controls, the method comprising:

receiving, at a compliance application that is being executed on a first server computing device, a request to view a compliance certification of a service from a device that is executing the service, wherein the request includes one or more attributes of the compliance certification;

selecting, by the compliance application, the framework controls from a framework data store by matching metadata of the framework controls to the one or more attributes of the compliance certification;

retrieving, by the compliance application, certification parity data associated with the metadata from a parity data store;

producing, by the compliance application, the certification controls based on the framework controls and the certification parity data through a translation layer of the compliance application;

enabling, by the compliance application, an automation component that is being executed on a second server computing device to establish a connection with the translation layer to execute a compliance test on the framework controls; and

providing, by the compliance application, a view of the compliance certification including the certification controls to the device that is executing the service for display through a user interface of the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A compliance application automatically produces certification controls by translating framework controls. The framework controls are common certification controls used in production of the certification. The application retrieves framework controls including metadata from a compliance framework data store. Metadata of the framework controls map the framework controls to the certification. In addition, the application retrieves certification parity data associated with the metadata. Certification controls are produced based on the framework controls and the certification parity data. A view of the certification including the certification controls is provided to a customer requesting the certification.

59 Citations

20 Claims

1. A method to automate production of certification controls by translating framework controls, the method comprising:
- receiving, at a compliance application that is being executed on a first server computing device, a request to view a compliance certification of a service from a device that is executing the service, wherein the request includes one or more attributes of the compliance certification;
  
  selecting, by the compliance application, the framework controls from a framework data store by matching metadata of the framework controls to the one or more attributes of the compliance certification;
  
  retrieving, by the compliance application, certification parity data associated with the metadata from a parity data store;
  
  producing, by the compliance application, the certification controls based on the framework controls and the certification parity data through a translation layer of the compliance application;
  
  enabling, by the compliance application, an automation component that is being executed on a second server computing device to establish a connection with the translation layer to execute a compliance test on the framework controls; and
  
  providing, by the compliance application, a view of the compliance certification including the certification controls to the device that is executing the service for display through a user interface of the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - automating, by the compliance application, the compliance certification by translating a report using the certification parity data, wherein the report is produced by at least one from a set of;
      
      monitoring and reporting the service.
  - 3. The method of claim 1, further comprising:
    - updating, by the compliance application, the certification parity data based on a result of the compliance test executed by the automation component.
  - 4. The method of claim 1, further comprising:
    - detecting evidence associated with dependency information of the framework controls within the certification parity data, wherein the evidence is data obtained from the certification parity data.
  - 5. The method of claim 4, further comprising:
    - utilizing the evidence obtained from the certification parity data to comply with the compliance test, wherein the compliance test validates the dependency information.
  - 6. The method of claim 5, further comprising:
    - updating the certification parity data with a result of the compliance test to produce the certification controls in compliance with a certification authority.
  - 7. The method of claim 4, further comprising:
    - utilizing the evidence obtained from the certification parity data, the compliance test, the framework controls, and the certification parity data to produce the compliance certification within a common audit.
  - 8. The method of claim 7, further comprising:
    - certifying the service to a certification authority during the common audit.
  - 9. The method of claim 4, further comprising:
    - utilizing, by the compliance application, the evidence obtained from the certification parity data, the compliance test, the framework controls, and the certification parity data to produce additional compliance certifications within a multi audit.
  - 10. The method of claim 9, further comprising:
    - certifying, by the compliance application, additional services associated with the additional compliance certifications to a certification authority perceptive of mapping techniques used in the framework controls, during the multi audit.

11. A hardware-implemented server computing device to automate production of certification controls by translating framework controls, the server computing device comprising:
- a communication interface configured to facilitate communication between at least the server computing device, another server computing device, and a device that is executing a service;
  
  a memory configured to store instructions; and
  
  one or more hardware-implemented processing units coupled to the memory, the one or more processing units configured to execute a compliance application in conjunction with the instructions, wherein the compliance application is configured to;
  
  receive a request to view a compliance certification of the service from the device that is executing the service, wherein the request includes one or more attributes of the compliance certification;
  
  select the framework controls from a framework data store by matching metadata of the framework controls to the one or more attributes of the compliance certification;
  
  retrieve certification parity data associated with the metadata from a parity data store;
  
  produce the certification controls based on the framework controls and the certification parity data through a translation layer of the compliance application;
  
  enable an automation component that is being executed on the other server computing device to establish a connection with the translation layer to execute a compliance test on the framework controls; and
  
  provide a view of the compliance certification including the certification controls to the device that is executing the service for display through a user interface.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The server computing device of claim 11, wherein the device that is executing the service is associated with one or more of an external auditor, a potential customer, and a certification authority.
  - 13. The server computing device of claim 11, wherein the compliance application is further configured to enable a team to update the framework controls.
  - 14. The server computing device of claim 13, wherein the compliance application is further configured to transmit an alert to the team to prompt the team to update the framework controls, wherein the team includes at least one from a set of:
    - an engineering team, a management team, an operation team, and a compliance team.
  - 15. The server computing device of claim 14, wherein the compliance application is further configured to determine a frequency at which to transmit the alert based on a volume of additional requests for compliance certifications.
  - 16. The server computing device of claim 11, wherein the one or more attributes of the compliance certification include one or more of:
    - a service identifier, a security description, and an expiration date to the metadata.
  - 17. The server computing device of claim 11, wherein the compliance certification defines one or more security rules for the service.

18. A computer-readable memory device with instructions stored thereon to automate production of certification controls by translating framework controls, the instructions comprising:
- receiving, at a compliance application that is being executed on a first server computing device, a request to view a compliance certification of a service from a device that is executing the service, wherein the request includes one or more attributes of the compliance certification;
  
  selecting, by the compliance application, the framework controls from a framework data store by matching metadata of the framework controls to the one or more attributes of the compliance certification;
  
  retrieving, by the compliance application, certification parity data associated with the metadata from a parity data store;
  
  producing, by the compliance application, the certification controls based on the framework controls and the certification parity data through a translation layer of the compliance application;
  
  enabling, by the compliance application, an automation component that is being executed on a second server computing device to establish a connection with the translation layer to execute a compliance test on the framework controls; and
  
  providing, by the compliance application, a view of the compliance certification including the certification controls to the device that is executing the service for display through a user interface.
- View Dependent Claims (19, 20)
- - 19. The computer-readable memory device of claim 18, wherein the instructions further comprise:
    - automating, by the compliance application, the compliance certification by monitoring and reporting the service to produce a report.
  - 20. The computer-readable memory device of claim 19, wherein the instructions further comprise:
    - translating the report using the certification parity data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Tejerina, David Nunez, Veney, Shawn, Rodriguez, Melissa, Roberts, Gregory, Schwab, Arthur J.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US14/962,689
Publication Number

US 20160094544A1
Time in Patent Office

854 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 40/106   Display of layout of docume...

G06F 40/186   Templates

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

H04L 9/3268   using certificate validatio...

Automated production of certification controls by translating framework controls

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Automated production of certification controls by translating framework controls

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others