A security control recommender approach with human in the loop for cybersecurity compliance auditing
摘要
Security compliance auditing is a costly and labor-intensive process because organizations must interpret diverse operational evidence and accurately map it to the appropriate NIST SP 800-53 controls. This paper seeks to reduce auditor workload by automating three core tasks: identifying the most relevant control for each artifact, predicting how many controls should be recommended, and calibrating model confidence to support trustworthy human-in-the-loop review.
MethodsWe design a security control recommendation framework that processes short operational artifacts such as logs, configuration updates, and ticket notes. The framework performs control ranking, control cardinality prediction, and probability calibration to enhance interpretability and provide reliable recommendations for compliance analysts.
ResultsExperiments conducted on 354 synthetic artifacts, constructed to reflect realistic compliance evidence, show that the model ranks the correct control first for 84.18% of artifacts, identifies at least one correct control among the top three recommendations for 94.2% of cases, and achieves a set-level F1 score of 79.79%.
ConclusionThe results indicate that calibrated AI-assisted control mapping can substantially simplify compliance auditing while preserving essential human oversight. The proposed framework improves efficiency, strengthens trust in automated recommendations, and represents a practical step toward more effective security compliance assessment.