DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was by Sterlon Mason (Reg. No. 41,179) on July 14, 2021.

The application has been amended as follows: 

Claims

Claim 1: (Currently Amended) A method performed by a system comprising a hardware processor, comprising:
analyzing event data of events related to information technology (IT) components;
identifying, based on the event data, compliance rules for the IT components;
generating, based on the identifying of compliance rules for the IT components, a compliance policy that comprises the compliance rules;

determining whether a compliance scan is to be performed on the IT components according to the generated compliance policy, based on the analyzing of the past compliance scans,
wherein real time events including the generated compliance policy are weighted more than previous events including the past compliance scans when determining whether a compliance scan is to be performed on the IT components; and
in response to determining that the compliance scan is to be performed on the IT components according to the generated compliance policy:
determining a time period for initiating the compliance scan on the IT components according to the generated compliance policy, wherein the determining the time period is based on use of a predictive algorithm to recommend the time period, and
initiating, at the determined time period, scanning of the IT components according to the generated compliance policy,
wherein the compliance rules are based on validation on the IT components and
wherein the event data includes events executed on the IT components.


	
Claim 6: (Currently Amended) A system comprising:
a processor; and
a non-transitory storage medium storing instructions executable on the processor to:

generate, based on the identifying of the compliance rules, a compliance policy comprising the compliance rules;
analyze previous compliance scans performed on the IT components according to the generated compliance policy; and
determine whether the IT components are to be scanned for compliance with the generated compliance policy, based on the analysis of the previous compliance scans performed on the IT components according to the generated compliance policy,
wherein real time events including the generated compliance policy are weighted more than previous events including the previous compliance scans when determining whether the IT components are to be scanned for compliance; and
in response to determine that the IT components are to be scanned according to the generated compliance policy:
determine a time period for performing the scanning of the IT components, wherein determine the time period is based on use of a predictive algorithm to recommend the time period, and
initiate, at the determined time period, scan of the IT components according to the generated compliance policy,
wherein the compliance rules are based on validation on the IT components and
wherein the event data includes events executed on the IT components. 

Claim 22: (Currently Amended) A non-transitory machine-readable storage medium comprising instructions that upon execution cause a system to:
analyze event data of events of a plurality of information technology (IT) components;
identify, based on the event data, compliance rules for the plurality of IT components;
identify, based on the compliance rules, a compliance policy that comprises the compliance rules;
analyze previous compliance scans performed on the plurality of IT components according to the identified compliance policy;
based on the analysis of the previous compliance scans performed on the plurality of IT components according to the identified compliance policy, determine whether a compliance scan is to be performed on the plurality of IT components according to the identified compliance policy,
wherein real time events including the identified compliance policy are weighted more than previous events including the previous compliance scans when determining whether a compliance scan is to be performed on the plurality of IT components; and
in response to determining that the compliance scan is to be performed on the plurality of IT components according to the identified compliance policy:
determine a time period to initiate the compliance scan on the plurality of IT components according to the identified compliance policy and based on the analysis of the previous compliance scans and use of a predictive algorithm to recommend the time period, and
,
wherein the compliance rules are based on validation on the IT components and
wherein the event data includes events executed on the IT components. 

Claims 35-36: (Currently Cancelled)


Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
Claims 1, 5-6, 8, 15-17, 19, 22-34 and 37 are considered allowable.

The Prior Art Yehuda et al. US Patent No. 8499331 teaches a network compliance application performs a method of coalescing violation data based on rule and policy violations by retrieving network event data indicative of compliance with a set of policies, in which each of the policies has a set of rules. Policy definition includes a template of rules, definition of rule severity, and a compliance threshold specifying a number of rules of a severity that render the policy noncompliant. The compliance application computes, for each of the policies, violations, each violation indicative of a deviation from a particular rule, and displays a series of views indicative of a plurality of policies in the set of policies, each of the views indicative of violations attributable to each of the policies. From the 

The Prior Art Baikalov et al. US Patent Application Publication No. 2013/0091569 teaches systems, methods, and computer program products for login initiated remote scanning of computer devices. The present invention detects login to the network via access management systems. The login data provides information that identifies the device so that the device can be checked against a scan database to determine if and when a previous scan occurred. Based on the findings in the scan database determinations are made as to whether to perform a scan. Additionally, the level of scanning can be determined based on previous scan dates and previous scan results, which may dictate customized scanning. In addition, the priority of the impending scan may be dictated by previous scan dates and results. Further embodiments provide for assessing risk, such as risk scoring or the like, concurrently or in near-real-time with the completion of the scan so that alerts may be communicated.

The Prior Art Rasumov US Patent Application Publication No. 2017 /0236078 teaches techniques for calculating an entity's cybersecurity risk based on identified relationships between the entity and one or more vendors. Customer/vendor relationships may impact the cybersecurity risk for each of the parties involved because a security compromise of a downstream or upstream provider can lead to a compromise of multiple other companies. For example, if organization A uses B (e.g., a cloud service provider) to store files, and B is compromised, this may lead to organization A being compromised 

The instant application is allowable over Yehuda et al., Baikalov et al. and Rasumov described above, either singularly or in combination, due to the instant application teaching a different and detailed method and apparatus relate to scanning an IT component for compliance. In an example, events related to an IT component and past compliance scans performed on the IT component may be analyzed. Based on an analysis of the events related to the IT component and the past compliance scans performed on the IT component, a determination may be made whether a compliance scan is to be performed on the IT component.

The prior art of record does not disclose, teach, or suggest neither singly nor in combination the claimed limitations of “generating, based on the identifying of compliance rules for the IT components, a compliance policy that comprises the compliance rules; determining whether a compliance scan is to be performed on the IT components according to the generated compliance policy, based on the analyzing of the past compliance scans, wherein real time events including the generated compliance policy are weighted more than previous events including the past compliance scans when determining whether a compliance scan is to be performed on the IT components; wherein the determining the time period is based on use of a predictive 

Therefore the claims of the instant application are allowable over the cited prior art.
[AltContent: textbox ()]
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857.  The examiner can normally be reached on Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/FAHIMEH MOHAMMADI/   Examiner, Art Unit 2439                      



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439