MCP-Grounded Agent Pipeline Converts Legacy Docs to NIST OSCAL for Continuous Compliance
Operational technology environments in critical infrastructure often cannot be actively scanned, yet compliance regimes demand active system feedback for risk assessment. This paper (arXiv 2607.08288, July 9) presents a non-invasive multi-agent pipeline grounded in MCP that converts natural-language system descriptions into a source-verified knowledge graph and audit-ready NIST OSCAL artifacts. The architecture deliberately decouples LLM reasoning from deterministic knowledge operations — a pattern worth stealing for any pipeline where hallucination in the extraction step would be unacceptable. It is one of the first academic papers to treat MCP as compliance infrastructure rather than a developer convenience.
Source
↳ Follow the thread