Introduction
Key Takeaways
Determining what steps your organization or client must take to become compliant with any number of industry-recognized frameworks often proves a painstaking endeavor that requires an abundance of time, resources, and expertise for which most don’t have the luxury.
But world-class cybersecurity compliance shouldn’t be a luxury.
So in keeping with our mission to make cybersecurity easy for all, today we announced ApptegaGPT, an in-app virtual CISO service that leverages generative AI to produce recommendations for how organizations can meet their compliance obligations.
Typically, in order to navigate an increasingly complex web of legal and regulatory requirements, organizations must conduct an initial assessment of their cybersecurity posture, mapping processes, technology, and policies to the controls in one or multiple frameworks, like SOC 2, HIPAA, or CMMC. These frameworks generally include dozens or sometimes hundreds of “subcontrols” that must be fulfilled to prove compliance. As anybody who’s had to do it knows, it’s an arduous affair, not just due to the manual nature of the work, but also because framework controls are larded with confusing lingo that makes determining how to meet them tricky to discern.
With ApptegaGPT, which builds upon Open AI’s GPT-3.5-Turbo, Apptega users now have at their fingertips a virtual consultant that instantly tailors organization-specific remediation recommendations to unmet controls, delineating specific steps that must be taken to become compliant. From there, recommendations can be modified as needed.
“There are many thousands of organizations that must meet increasingly strict compliance protocols and who face mounting threats to their most sensitive information, but that don’t have the internal resources or expertise to handle the onerous requirements robust cybersecurity demands,” said Harvey Scholl, Apptega Chief Technology Officer, in a press release. “We realized an opportunity to leverage generative AI to bridge those knowledge, ability and resource gaps, bringing to market an automated service that helps democratize cybersecurity compliance for all.”
The launch follows months of development during which our product team used the OpenAI Chat API to create a powerful bot that delivers guidance around thousands of security controls and subcontrols connected to a library of more than 30 industry-standard compliance frameworks. We also conducted rigorous testing to ensure no identifiable information from our users or partners is shared.
Until now, the Apptega platform allowed you to manually add recommendations for each question of an assessment that describe the steps that must be taken to become compliant with a control or subcontrol. Now you can autogenerate expert recommendations for any assessment question answered “no,” “partially” or “I don’t know.” Additionally, you can set the audience – for instance, a general business user versus a cybersecurity professional – to whom you want the recommendation to be tailored, as well as the level of detail (e.g. brief, detailed, extensive).
Though we’re still gathering usage information, Apptega projects that the feature may reduce the amount of time it takes to complete a framework assessment – usually a 6-8 week endeavor – by at least 20 percent.
To learn more about ApptegaGPT or to arrange a free trial, check out apptega.com/ai.