Research
Dual-Graph Verification Framework Audits Legacy IT Security Concepts for NIS-2 / OSCAL Migration
The NIS-2 Directive pushes organizations from document-based compliance toward machine-readable artifacts like OSCAL (with Germany's BSI adapting it as Grundschutz++), but migrating extensive legacy IT security concepts without verification risks translation errors. This paper proposes a dual-graph verification framework to reverse-engineer and audit those legacy concepts during migration. Complements the concurrent MCP-based OSCAL pipeline work as the verification half of continuous-compliance tooling.
Source
↳ Follow the thread