Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

DETAILED ACTION
           This action is in response to the communication filed on 7/23/2021. 
Claims 1-4, 6-8, 20-32 are allowed. 
Claims 5, 9-19 are cancelled. 
                       
    Allowable Subject Matter
Claims 1-4, 6-8, 20-32 are allowed. 

Terminal Disclaimer
The terminal disclaimer filed on 11/3/2021 disclaiming the terminal portion of any patent granted on this application has been reviewed and is accepted.  
The terminal disclaimer has been recorded.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  
the applicant’s representative, Mr. Mark Wilson on 11/3/2021. 

CLAIM LISTING

This listing of claims will replace all prior versions, and listings, of claims in the application:

1.	(Currently Amended)  A computer-implemented method, comprising:
by computing hardware:
inputting compliance data indicating a compliance status of one or more nodes in an information technology (“IT”) network relative to one or more compliance policies;
inputting historical compliance data, the historical compliance data indicating the compliance status of the one or more nodes in the IT network at an earlier time;
computing a change to a compliance score between the compliance data and the historical compliance data for one or more nodes;
computing compliance change data from the compliance data and the historical compliance data based on the compliance score, the compliance change data comprising data indicative of the degree of compliance changes between the compliance data and the historical compliance data, wherein the data indicative of the degree of compliance changes between the compliance data and the historical compliance data is selected from a fixed set of available 
generating an output message in a message format adapted for use with a security information and event management (“SIEM”) tool or logging tool, the output message including the compliance change data and the changes to the compliance score for the one or more nodes.

2.	(Original)  The method of claim 1, wherein the message format comprises a single line event.

3.	(Original)  The method of claim 1, wherein the generating the output message comprises loading customizable message format data from a configuration file, the customizable message format data defining the message format.

4.	(Original)  The method of claim 1, wherein the compliance change data comprises data identifying a name of a node that has changed and data identifying a name of a policy that has a detected change.

5.	(Canceled)

6.	(Original)  The method of claim 1, wherein the computing the compliance change data comprises computing a change to a number of nodes that passed or failed 

7.	(Original)  The method of claim 1, wherein the computing the compliance change data comprises computing a number of changes detected at multiple different severity levels, and wherein the output message comprises the number of changes detected at each of the severity levels.

8.	(Original)  The method of claim 1, wherein the inputting comprises receiving the compliance data from a compliance and configuration control tool.

9–19.	(Canceled)  

20.	(Currently Amended)  A computer-implemented method, comprising:
by computing hardware:
inputting compliance data indicating a compliance status of one or more nodes in an information technology (“IT”) network relative to one or more compliance policies at a first time;
computing a change to a compliance score between the compliance data and historical compliance data for one or more nodes, the historical compliance data indicating the compliance status of the one or more nodes in the IT network at a second time earlier than the first time;
the historical compliance data based on the compliance score,
generating an output message only if the compliance trend indicates that the one or more nodes are less compliant than indicated by the historical compliance data but not when the compliance trend indicates that the one or more nodes are more compliant with the one or more compliance policies at the second time when compared to the first time.  

21.	(Currently Amended)  The method of claim 20, wherein the generating further comprises generating  an output message in a message format adapted for the SIEM or logging tool.

22.	(Currently Amended)  One or more non-transitory computer-readable media storing computer-executable instructions which when executed by a computer cause the computer to perform a method, the method comprising:
inputting compliance data indicating a compliance status of one or more nodes in an information technology (“IT”) network relative to one or more compliance policies at a first time;
computing a change to a compliance score between the compliance data and historical compliance data for one or more nodes, the historical compliance data indicating the compliance status of the one or more nodes in the IT network at a second time earlier than the first time;
determining a compliance trend for one or more nodes in the IT network by comparing the compliance data to the historical compliance data based on the compliance score, the compliance trend showing one of whether the one or more nodes are either more compliant at the second time than the first time or less compliant at the second time than the first time; and
generating an output message only if the compliance trend indicates that the one or more nodes are less compliant than indicated by the historical compliance data but not when the compliance trend indicates that the one or more nodes are more compliant with the one or more compliance policies at the second time when compared to the first time.

23. 	(Currently Amended)  One or more non-transitory computer-readable media storing computer-executable instructions which when executed by a computer cause the computer to perform a method, the method comprising:
inputting compliance data indicating a compliance status of one or more nodes in an information technology (“IT”) network relative to one or more compliance policies;

computing a change to a compliance score between the compliance data and the historical compliance data for one or more nodes;
computing compliance change data from the compliance data and the historical compliance data based on the compliance score, the compliance change data including one of the following available states: data indicative that a respective change is an addition of an element at a node in the IT network, data indicative that the respective change is a removal of the element at the node in the IT network, and data indicative that a respective change is a modification of the element at the node in the IT network; and 
generating an output message in a message format adapted for use with a security information and event management (“SIEM”) tool or logging tool, the output message including the compliance change data and the changes to the compliance score for the one or more nodes.  

24.	(Previously Presented)  The one or more non-transitory computer-readable media of claim 23, wherein the message format comprises a single line event.

25.	(Previously Presented)  The one or more non-transitory computer-readable media of claim 23, wherein the generating the output message comprises loading customizable message format data from a configuration file, the customizable message format data defining the message format.

26.	(Previously Presented)  The one or more non-transitory computer-readable media of claim 23, wherein the compliance change data comprises data identifying a name of a node that has changed and data identifying a name of a policy that has a detected change.

27.	(Previously Presented)  The one or more non-transitory computer-readable media of claim 23, wherein the computing the compliance change data comprises computing a change to a compliance score between the compliance data and the historical compliance data for one or more nodes, and wherein the output message comprises the changes to the compliance score for the one or more nodes.

28.	(Previously Presented)  The one or more non-transitory computer-readable media of claim 23, wherein the computing the compliance change data comprises computing a change to a number of nodes that passed or failed a compliance test, and wherein the output message comprises the change to the number of nodes that passed or failed the compliance test.

29.	(Previously Presented)  The one or more non-transitory computer-readable media of claim 23,wherein the computing the compliance change data comprises computing a number of changes detected at multiple different severity levels, and wherein the output message comprises the number of changes detected at each of the severity levels.

30.	(Previously Presented)  The one or more non-transitory computer-readable media of claim 23, wherein the inputting comprises receiving the compliance data from a compliance and configuration control tool.


31.	(New)  A system comprising:
at least one processor in the computer being configured to perform the method; and
the one or more non-transitory computer-readable media of claim 22.

32.	(New)  A system comprising:
at least one processor in the computer being configured to perform the method; and
the one or more non-transitory computer-readable media of claim 23.


Prior Art of Record
         The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Hart et al US Patent 9,069,930 teaches SIEM system with security related events and states in production system, with abstraction layer analysis of security data with workflow specific manner to identify threats and vulnerabilities in system. 
Williams et al US Patent 9,094,434 teaches prevention based auditing system with central compliance server with user interface to schedule and configure a network audit to determine compliance with policy. 

Watson et al US Patent 8,997,091 teaches compliance testing with configuration state information using configuration management system where compliance tests are defined using queries to retrieve configuration state information with compliance rules with specific criteria’s to determine compliance. 

Hollis et al US Patent 8,874,685 teaches system compliance management of large number of computers from central location with system settings checks, asset enumeration, user notification, security assessment, configuration changes, and other software based actions such as patch download, removal / installation, and security assessment. 

LeVine et al US Publication 2013/0226662 teaches analyzing security compliance requirements analyzes a linked database from unified compliance framework with tiered question structure to obtain information about a particular service offering with and query results to provide a list of security compliance requirements. 

Kohli et al US Publication 2012/0102543 teaches managing audit of network layer devices with interface which provides file configuration, configuration commands, audit rules, audit policies and report for compliance policies based on audit. 

REASONS FOR ALLOWANCE
          The following is an examiner’s statement of reasons for allowance:
Examiner finds claims dated 11/3/2021 are persuasive for reason of allowance.  
The prior art of record does not explicitly disclose, in light of other features recited in independent claims 1, 20, 22, 23, 32 and 31 are as follows :
For Claims 1, 22 and 31 ‘ .. inputting compliance data indicating a compliance status of one or more nodes in an information technology (“IT”) network relative to one or more compliance policies;
inputting historical compliance data, the historical compliance data indicating the compliance status of the one or more nodes in the IT network at an earlier time;
computing a change to a compliance score between the compliance data and the historical compliance data for one or more nodes;
computing compliance change data from the compliance data and the historical compliance data based on the compliance score, the compliance change data comprising data indicative of the degree of compliance changes between the compliance data and the historical compliance data, wherein the data indicative of the degree of compliance changes between the compliance data and the historical compliance data is selected from a fixed set of available alerts for use by an IT administrator, the set of available alerts including at least a first alert and a second alert, the first alert indicating a lower severity level than the second alert; and 
generating an output message in a message format adapted for use with a security information and event management (“SIEM”) tool or logging tool, the output message including the compliance change data and the changes to the compliance score for the one or more nodes.’ with additional detailed steps in claim(s) as described in independent claim(s) on  11/3/2021. 

For Claim 20 ‘ .. inputting compliance data indicating a compliance status of one or more nodes in an information technology (“IT”) network relative to one or more compliance policies at a first time;
computing a change to a compliance score between the compliance data and historical compliance data for one or more nodes, the historical compliance data indicating the compliance status of the one or more nodes in the IT network at a second time earlier than the first time;
determining a compliance trend for one or more nodes in the IT network by comparing the compliance data to the historical compliance data based on the compliance score,
generating an output message only if the compliance trend indicates that the one or more nodes are less compliant than indicated by the historical compliance data but not when the compliance trend indicates that the one or more nodes are more compliant with the one or more compliance policies at the second time when compared to the first time.’  

For Claim 23 and 32 ‘ ..  inputting compliance data indicating a compliance status of one or more nodes in an information technology (“IT”) network relative to one or more compliance policies;
inputting historical compliance data, the historical compliance data indicating the compliance status of the one or more nodes in the IT network at an earlier time;
computing a change to a compliance score between the compliance data and the historical compliance data for one or more nodes;
computing compliance change data from the compliance data and the historical compliance data based on the compliance score, the compliance change data including one of the following available states: data indicative that a respective change is an addition of an element at a node in the IT network, data indicative that the respective change is a removal of the element at the node in the IT network, and data indicative that a respective change is a modification of the element at the node in the IT network; and 
generating an output message in a message format adapted for use with a security information and event management (“SIEM”) tool or logging tool, the output message including the compliance change data and the changes to the compliance score for the one or more nodes. ’ 
Along with additional detailed steps in claim(s) as described in all independent claim(s) on  11/3/2021. 
However, each of the cited references or reference from the updated search, at least, fails to teach or suggest in combination with the rest of the limitations recited in the independent claim(s).

None of the previous cited prior art references or reference(s) from the updated search yield any specific references that would reasonably, either singularly or in combination with previous cited reference, result a reasonable and proper rejection for each of the cited feature limitations of the independent claim(s) under 35 U.S.C. 102 or 35 U.S.C. 103 with proper motivation.
Dependent claims depend on allowed independent claims, therefore they are allowed. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VIRAL S LAKHIA whose telephone number is (571)270-3363.  The examiner can normally be reached on 8 am - 6 pm.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VIRAL S LAKHIA/Examiner, Art Unit 2431