Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to an amendment application received on 08/30/2021. In the response, applicant has amended claims 1-5, 8-10, and 13-17. Claims 6-7, 11-12 and 18-19 have been cancelled. No new claims has been added. 
For this Office Action, claims 1-5, 8-10 and 13-17 have been received for consideration and have been examined. 
 Response to Arguments
Claim Rejection under 35 U.S.C. § 112(b)
	Applicant’s amendments to independent claims 1, 8 and 13 have been reviewed by the examiner and appear to overcome the antecedent basis issues. Therefore, claim rejection under 35 U.S.C. § 112(b) has been withdrawn in this Office Action.
Claim Rejection under 35 U.S.C. § 103
Applicant’s arguments, filed 08/30/2021, with respect to the rejections of claims under 35 U.S.C. § 103 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of new amendments to the claims.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	Claims 1-5, 8-10 and 13-17 are rejected under 35 U.S.C. 103 as being unpatentable over Barkovic et al., (US20190104156A1) e.f.d 10/04/2017 in view of Lam et al., (US20180176254A1) e.f.d. 12/19/2016 and further in view of ANIMIREDDYGARI et al., (US20190188380A1) e.f.d 12/15/2017 and hereinafter referred as “ANIM”.
Regarding claim 1, Barkovic discloses:
A computer processor implemented method for processing content in a computing environment, comprising: 
receiving a remediation request for the computing environment ([0102] Further, because the CI 110 information, remediation, etc. are already associated with the test results, the change request may auto-populate the system and action for the change request; [0104] Once a decision is made, enterprises must orchestrate and automate the appropriate remediation and risk treatment actions across business and IT processes; [0105] FIG. 18 is a flowchart, illustrating a cyclical GRC process 1800, in accordance with an embodiment. The GRC process 1800 begins by assessing the compliance posture (block 1802). Next, the non-compliance risk is assessed (block 1804). Issues are then analyzed and prioritized for remediation (blocks 1806 and 1808). The issues are then remediated; [0113] A second widget 2706 may provide an indication of compliant and non-compliant controls for each of the policy statements. Here, all of the controls associated with the policy statements are non-compliant, which indicates that remediation is needed); 
responding to the request by loading both compliance content (See FIG. 1; i.e. compliance data from SCA sources 132) referencing one or more controls (See FIG. 1; i.e. configuration items (CI) 110) in the computing environment and also remediation content (See FIG. 1; i.e. configuration recommendations from Auth Sources 134 for CI 110 security) (See Para [0059] the SCA sources 132 may provide scanning services that scan the CIs 110 for configuration data/settings. The configuration data/settings may be used to assess vulnerabilities of the CIs 110 and/or may provide an indication of suggested remedial measures to decrease these vulnerabilities. Data may be retrieved from the SCA source integrations 132 via one or more application programming interfaces (APIs); [0060] Additionally, authoritative source provider integrations 134 may provide electronic records indicative of certain configuration compliance requirements/recommendations [which is interpreted as loading remediation content], 
the compliance content comprising, for each control referenced (See [0060]; i.e. authoritative source provider integrations 134 may provide electronic records indicative of certain configuration compliance requirements/recommendations), one or more compliance values (See [0060]; i.e. such as NIST password criteria) each defining a current setting of a control in the computing environment for which the control is compliant with a policy (See FIG. 4; i.e. policies 402) enacted on the computing environment ((i.e. authoritative source such as NIST/FISMA; para [0060]; Certain authoritative entities may release configuration recommendations for CI 110 security, which may be transposed into an electronic format, which is received by the platform 104; [0061] NIST and MST 800-53 are just one example of an authoritative source and its security recommendations. Many other authoritative sources and their security recommendations are also available for integration into the platform 104. The authoritative source integrations 134 may receive an electronic indication of the security recommendations for certain security standards; [0072] The process 300 begins by retrieving CI 110 compliance data from SCA source integrations 132 (block 302); [0074] FIG. 4 is a block diagram illustrating a Secure Configuration Assessment (SCA) dashboard 400, in accordance with an embodiment. In the illustrated embodiment, a widget 402 illustrates a number of policies 402, a widget 404 provides a number of configuration tests, a widget 406 provides a number of hosts, and widget 408 provides a number of configuration test results. Policies, as used herein, refers to a set of configuration tests. Configuration tests, as used herein, refer to individual configuration characteristics that are scanned for certain CIs 110), 
the remediation content comprising, for each of the controls (See [0061] i.e. an authoritative source and its security recommendations) in the compliance content (FIG. 3; [0060] Certain authoritative entities may release configuration recommendations for CI 110 security, which may be transposed into an electronic format, which is received by the platform 104; [0061] NIST and MST 800-53 are just one example of an authoritative source and its security recommendations. Many other authoritative sources and their security recommendations are also available for integration into the platform 104. The authoritative source integrations 134 may receive an electronic indication of the security recommendations for certain security standards; [0072] The process 300 begins by retrieving CI 110 compliance data from SCA source integrations 132 (block 302); [0074] Configuration tests, as used herein, refer to individual configuration characteristics that are scanned for certain CIs 110. For example, one configuration test may be a particular configuration setting for a password expiration requirement, password complexity requirement, etc. Hosts, as used herein, relates to CIs 110 that the configuration tests apply to (e.g., the CIs 110 that are scanned)),
both a remediation value defining a new setting of the control in the computing environment for which the current setting of the control is changed to (FIG. 27; [0116] As mentioned above, non-compliance and/or issue reporting via the widgets 2701, 2706, 2708, 2716, and 2718 may indicate that remedial measures should be taken. Accordingly, operations personnel may perform remedial measures (e.g., adjusting the password complexity requirements on the non-compliant CIs 110)), and 
also an ignore switch (See FIG. 29; i.e. policy exceptions) indicating whether the current setting of the control is ignored ([0118] FIG. 29 is an illustration of the Policy Exceptions tab 2900 of the GUI 2200 of FIG. 22, illustrating implementation of a policy exception for a policy statement … the short description indicates that an exception for the non-compliant CI 110 is needed, because it has an obsolete OS (e.g., that does not support complex passwords). The justification 3020 indicates that this remediation effort will take some time and, thus, an exception duration is needed); 
scanning the computing environment to determine all controls in the computing environment and also to capture information including a current setting for each control ([0059] the SCA sources 132 may provide scanning services that scan the CIs 110 for configuration data/settings. The configuration data/settings may be used to assess vulnerabilities of the CIs 110 … the SCA source integrations 132 may scan the CIs 110 for configuration information, such as password requirements (e.g., age, complexity, etc.) and provide an indication of these settings to the platform 104);
remediating each of the out-of-compliance ones of the controls (See [0086] i.e. non-compliant values received from the scanner that are not in the set of expected values) in the filtered subset with the remediation value set forth in the compliance content ([0086] the remediation tab 720 may provide a detailed list of remediation steps broken down by the different technologies. For example, the description 717 provides descriptions for Debian GNU/Linux 7.x, Debian GNU/Linux 8.x, and HPUX 11. The expected values tab 718 may provide values that are expected when systems with these technologies are scanned. Further, the remediation tab may provide a list of remediation steps for these technologies, when the configuration test results indicate non-compliance (e.g., when the scanner receives values that are not in the set of expected values); [0105] FIG. 18 is a flowchart, illustrating a cyclical GRC process 1800, in accordance with an embodiment. The GRC process 1800 begins by assessing the compliance posture (block 1802). Next, the non-compliance risk is assessed (block 1804). Issues are then analyzed and prioritized for remediation (blocks 1806 and 1808). The issues are then remediated and compliance is validated (blocks 1810 and 1812)).
Barkovic fails to disclose: 3Application No. 15/854,992 Filed: December 27, 2017
determining a subset of out-of-compliance ones of the controls from all of the controls, and filtering the subset of the out-of-compliance ones of the controls to only those of the out of compliance ones of the controls having in the compliance content both the ignore switch indicating that an out of compliance state is not to be ignored, and also a corresponding remediation value, creating a synchronous rollback file and moving current state information for the filtered subset of the out-of-compliance ones of the controls into the rollback file along with corresponding remediation values for respective ones of the controls in the filtered subset. 4Application No. 15/854,992 
However, Lam discloses:
determining a subset of out-of-compliance ones of the controls from all of the controls, and filtering the subset of the out-of-compliance ones of the controls to only those of the out of compliance ones of the controls having in the compliance content both the ignore switch indicating that an out of compliance state is not to be ignored [i.e. when the compliance level is below threshold, the act of remediation cannot be overlooked and remediation step must take place for the device in order to stay compliant], and also a corresponding remediation value ((Lam: See FIG. 2; Step 240 “Trigger or Attempt Remediation”; [0041] It is appreciated that the actions taken for devices having a compliance level greater than the first threshold may be more informational and less restrictive or less remedial in nature while informational actions and actions of a more restrictive or remedial nature (e.g., limited network access) may be taken for devices with a compliance level less than the first threshold. Informational actions and actions with an increased restrictive or remedial nature (e.g., denying network access) may be taken for the devices that have compliance levels below the second threshold; [0042] If the compliance level is not above the first threshold, block 240 is performed; [0048] At block 240, remediation actions are triggered or attempted. The actions may include the actions described herein (e.g., described with respect to block 224). In some embodiments, the device that has a compliance level below the first and second thresholds is not granted network access or relatively restricted network access. Block 242 may be performed after one or more attempts at remediation have been performed; [0049] At block 242, network access is restricted)).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Barkovic and include automated compliance scanning device, as disclosed by Lam.
The motivation to include automated compliance scanning and monitoring device is to scan and remediate end user devices to ensure compliance is maintained based on different levels of thresholds (See Lam: [0042-0044]).
The combination of Barkovic and Lam discloses out-of-compliance values and remediation values (See Barkovic [0086]).
The combination of Barkovic and Lam fails to disclose:
	creating a synchronous rollback file and moving current state information into the rollback file along with corresponding remediation values.  
However, ANIM discloses:
	creating a synchronous rollback file (See FIG. 3; i.e. create a restore copy of one or more files that is about to be changed) and moving current state information (See FIG. 3; i.e. file modification information before the file modified) into the rollback file along with corresponding remediation values ([0044] In particular, at 302, the computing device, which includes at least one processor and a system cache (e.g., the cache 202 shown in FIG. 2) is configured to store file modification information and intercept I/O requests to write to one or more files. For example, if a file to be written to is on a malware protect list (e.g., configuration files, browser setting files, executable files, shortcut files, or initialization files), the computing device stores a copy of the file in the cache before the file is modified. Thus, a previous version of the file is stored in cache immediately before the system writes to the file. As should be appreciated, this version of the file includes pre-modification data, as well as user data (e.g., user defined settings)).  
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Barkovic and Lam references and include a method for file recovery and operating system remediation, as disclosed by ANIM.
	The motivation to include a method for the file recovery and operating system remediation is to be able to automatically create a recovery point before the file is modified by the system (See ANIM: [0042]).
Regarding claim 2, the combination of Barkovic, Lam and ANIM discloses:
Barkovic: [0123] FIG. 35 is a flowchart, illustrating a process 3500 for defining compliance status and risk, in accordance with an embodiment. The process 3500 begins by determining if the controls indicate non-compliance (decision block 3502)).
Regarding claim 3, the combination of Barkovic, Lam and ANIM discloses:
The method of claim 1, further comprising generating a report based upon the captured information for each control in the subset of out-of-compliance ones of the controls (Barkovic: [0106] FIG. 19 is a flowchart, illustrating a process 1900 for identifying/reporting a compliance status and risk, using SCA source integrations 132 and/or authoritative source integrations 134, in accordance with an embodiment).
Regarding claim 4, the combination of Barkovic, Lam and ANIM discloses:
The method of claim 1, wherein determining the subset of out-of-compliance ones of the controls from all controls comprises determining whether each control in the subset of out-of-compliance ones of the controls is out of compliance by comparing the current setting of one of the all controls with the compliance value corresponding to the one of the all controls in the loaded content and on condition that the current setting and the compliance value do not match, determining that the one control is out of compliance (Barkovic: FIG. 19; [0110] Returning to process, 1900, using the mapped CI compliance data and policy data, policy compliance status may be determined (block 1908). FIG, 25 is an illustration of the Controls tab 2500 of the GUI of FIG. 22, illustrating the compliance status of controls (e.g., the compliance status 2502), which is determined by the configuration test results from the scanner (e.g. the CI compliance data from the SCA source integrations 132), in accordance with an embodiment. As illustrated, for the particularly selected policy statement, each of the four controls indicates non-compliance).
Regarding claim 5, the combination of Barkovic, Lam and ANIM discloses:
The method of claim 1, wherein determining the subset of out-of-compliance ones of the controls from all controls comprises determining that the out of compliance state is not to be ignored further comprises parsing the loaded content and determining that a corresponding ignore switch indicating the out of compliance state is not be ignored is present (Barkovic: [0110] Returning to process, 1900, using the mapped CI compliance data and policy data, policy compliance status may be determined (block 1908). FIG, 25 is an illustration of the Controls tab 2500 of the GUI of FIG. 22, illustrating the compliance status of controls (e.g., the compliance status 2502), which is determined by the configuration test results from the scanner (e.g. the CI compliance data from the SCA source integrations 132), in accordance with an embodiment. As illustrated, for the particularly selected policy statement, each of the four controls indicates non-compliance).
Regarding claim 8, Barkovic discloses:
A compliance system, comprising: at least one computer with at least one processor and memory coupled to a computing environment; 
See FIG. 1; i.e. databases 108, 132, 134; [0052] The databases 108 may contain a series of tables containing information about assets and enterprise services controlled by a client 102 and the configurations of these assets and services; [0059] as illustrated, one or more Secure Configuration Assessment (SCA) source integrations 132 may provide information related to configuration assessment of the CIs 110. For example, the SCA sources 132 may provide scanning services that scan the CIs 110 for configuration data/settings; [0060] authoritative source provider integrations 134 may provide electronic records indicative of certain configuration compliance requirements/recommendations); 
a compliance module executing in memory of the at least one computer, the compliance module comprising program code that when executed by the at least one processor causes the at least one computer to:
receive a remediation request for the computing environment ([0102] Further, because the CI 110 information, remediation, etc. are already associated with the test results, the change request may auto-populate the system and action for the change request; [0104] Once a decision is made, enterprises must orchestrate and automate the appropriate remediation and risk treatment actions across business and IT processes; [0105] FIG. 18 is a flowchart, illustrating a cyclical GRC process 1800, in accordance with an embodiment. The GRC process 1800 begins by assessing the compliance posture (block 1802). Next, the non-compliance risk is assessed (block 1804). Issues are then analyzed and prioritized for remediation (blocks 1806 and 1808). The issues are then remediated; [0113] A second widget 2706 may provide an indication of compliant and non-compliant controls for each of the policy statements. Here, all of the controls associated with the policy statements are non-compliant, which indicates that remediation is needed); 
respond to the request by loading both compliance content (See FIG. 1; i.e. compliance data from SCA sources 132) referencing one or more controls (See FIG. 1; i.e. configuration items (CI) 110) in the computing environment and also remediation content (See FIG. 1; i.e. configuration recommendations from Auth Sources 134 for CI 110 security) (See Para [0059] the SCA sources 132 may provide scanning services that scan the CIs 110 for configuration data/settings. The configuration data/settings may be used to assess vulnerabilities of the CIs 110 and/or may provide an indication of suggested remedial measures to decrease these vulnerabilities. Data may be retrieved from the SCA source integrations 132 via one or more application programming interfaces (APIs); [0060] Additionally, authoritative source provider integrations 134 may provide electronic records indicative of certain configuration compliance requirements/recommendations [which is interpreted as loading remediation content], 
the compliance content comprising, for each control referenced (See [0060]; i.e. authoritative source provider integrations 134 may provide electronic records indicative of certain configuration compliance requirements/recommendations), one or more compliance values (See [0060]; i.e. such as NIST password criteria) each defining a current setting of a control in the computing environment for which the control is compliant with a policy (See FIG. 4; i.e. policies 402) enacted on the computing environment ((i.e. authoritative source such as NIST/FISMA; para [0060]; Certain authoritative entities may release configuration recommendations for CI 110 security, which may be transposed into an electronic format, which is received by the platform 104; [0061] NIST and MST 800-53 are just one example of an authoritative source and its security recommendations. Many other authoritative sources and their security recommendations are also available for integration into the platform 104. The authoritative source integrations 134 may receive an electronic indication of the security recommendations for certain security standards; [0072] The process 300 begins by retrieving CI 110 compliance data from SCA source integrations 132 (block 302); [0074] FIG. 4 is a block diagram illustrating a Secure Configuration Assessment (SCA) dashboard 400, in accordance with an embodiment. In the illustrated embodiment, a widget 402 illustrates a number of policies 402, a widget 404 provides a number of configuration tests, a widget 406 provides a number of hosts, and widget 408 provides a number of configuration test results. Policies, as used herein, refers to a set of configuration tests. Configuration tests, as used herein, refer to individual configuration characteristics that are scanned for certain CIs 110), 
the remediation content comprising, for each of the controls (See [0061] i.e. an authoritative source and its security recommendations) in the compliance content (FIG. 3; [0060] Certain authoritative entities may release configuration recommendations for CI 110 security, which may be transposed into an electronic format, which is received by the platform 104; [0061] NIST and MST 800-53 are just one example of an authoritative source and its security recommendations. Many other authoritative sources and their security recommendations are also available for integration into the platform 104. The authoritative source integrations 134 may receive an electronic indication of the security recommendations for certain security standards; [0072] The process 300 begins by retrieving CI 110 compliance data from SCA source integrations 132 (block 302); [0074] Configuration tests, as used herein, refer to individual configuration characteristics that are scanned for certain CIs 110. For example, one configuration test may be a particular configuration setting for a password expiration requirement, password complexity requirement, etc. Hosts, as used herein, relates to CIs 110 that the configuration tests apply to (e.g., the CIs 110 that are scanned)),
both a remediation value defining a new setting of the control in the computing environment for which the current setting of the control is changed to (FIG. 27; [0116] As mentioned above, non-compliance and/or issue reporting via the widgets 2701, 2706, 2708, 2716, and 2718 may indicate that remedial measures should be taken. Accordingly, operations personnel may perform remedial measures (e.g., adjusting the password complexity requirements on the non-compliant CIs 110)), and 
also an ignore switch (See FIG. 29; i.e. policy exceptions) indicating whether the current setting of the control is ignored ([0118] FIG. 29 is an illustration of the Policy Exceptions tab 2900 of the GUI 2200 of FIG. 22, illustrating implementation of a policy exception for a policy statement … the short description indicates that an exception for the non-compliant CI 110 is needed, because it has an obsolete OS (e.g., that does not support complex passwords). The justification 3020 indicates that this remediation effort will take some time and, thus, an exception duration is needed); 
scan the computing environment to determine all controls in the computing environment and also to capture information including a current setting for each control ([0059] the SCA sources 132 may provide scanning services that scan the CIs 110 for configuration data/settings. The configuration data/settings may be used to assess vulnerabilities of the CIs 110 … the SCA source integrations 132 may scan the CIs 110 for configuration information, such as password requirements (e.g., age, complexity, etc.) and provide an indication of these settings to the platform 104);
remediate each of the out-of-compliance ones of the controls (See [0086] i.e. non-compliant values received from the scanner that are not in the set of expected values) in the filtered subset with the remediation value set forth in the compliance content ([0086] the remediation tab 720 may provide a detailed list of remediation steps broken down by the different technologies. For example, the description 717 provides descriptions for Debian GNU/Linux 7.x, Debian GNU/Linux 8.x, and HPUX 11. The expected values tab 718 may provide values that are expected when systems with these technologies are scanned. Further, the remediation tab may provide a list of remediation steps for these technologies, when the configuration test results indicate non-compliance (e.g., when the scanner receives values that are not in the set of expected values); [0105] FIG. 18 is a flowchart, illustrating a cyclical GRC process 1800, in accordance with an embodiment. The GRC process 1800 begins by assessing the compliance posture (block 1802). Next, the non-compliance risk is assessed (block 1804). Issues are then analyzed and prioritized for remediation (blocks 1806 and 1808). The issues are then remediated and compliance is validated (blocks 1810 and 1812)).
Barkovic fails to disclose: 3Application No. 15/854,992 Filed: December 27, 2017
determine a subset of out-of-compliance ones of the controls from all of the controls, and filtering the subset of the out-of-compliance ones of the controls to only those of the out of compliance ones of the controls having in the compliance content both the ignore switch indicating that an out of compliance state is not to be ignored, and also a corresponding remediation value, creating a synchronous rollback file and moving current state information 
However, Lam discloses:
determine a subset of out-of-compliance ones of the controls from all of the controls, and filtering the subset of the out-of-compliance ones of the controls to only those of the out of compliance ones of the controls having in the compliance content both the ignore switch indicating that an out of compliance state is not to be ignored [i.e. when the compliance level is below threshold, the act of remediation cannot be overlooked and remediation step must take place for the device in order to stay compliant], and also a corresponding remediation value ((Lam: See FIG. 2; Step 240 “Trigger or Attempt Remediation”; [0041] It is appreciated that the actions taken for devices having a compliance level greater than the first threshold may be more informational and less restrictive or less remedial in nature while informational actions and actions of a more restrictive or remedial nature (e.g., limited network access) may be taken for devices with a compliance level less than the first threshold. Informational actions and actions with an increased restrictive or remedial nature (e.g., denying network access) may be taken for the devices that have compliance levels below the second threshold; [0042] If the compliance level is not above the first threshold, block 240 is performed; [0048] At block 240, remediation actions are triggered or attempted. The actions may include the actions described herein (e.g., described with respect to block 224). In some embodiments, the device that has a compliance level below the first and second thresholds is not granted network access or relatively restricted network access. Block 242 may be performed after one or more attempts at remediation have been performed; [0049] At block 242, network access is restricted)).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Barkovic and include automated compliance scanning device, as disclosed by Lam.
The motivation to include automated compliance scanning and monitoring device is to scan and remediate end user devices to ensure compliance is maintained based on different levels of thresholds (See Lam: [0042-0044]).
The combination of Barkovic and Lam discloses out-of-compliance values and remediation values (See Barkovic [0086]).
The combination of Barkovic and Lam fails to disclose:
	create a synchronous rollback file and moving current state information into the rollback file along with corresponding remediation values.  
However, ANIM discloses:
	create a synchronous rollback file (See FIG. 3; i.e. create a restore copy of one or more files that is about to be changed) and moving current state information (See FIG. 3; i.e. file modification information before the file modified) into the rollback file along with corresponding remediation values ([0044] In particular, at 302, the computing device, which includes at least one processor and a system cache (e.g., the cache 202 shown in FIG. 2) is configured to store file modification information and intercept I/O requests to write to one or more files. For example, if a file to be written to is on a malware protect list (e.g., configuration files, browser setting files, executable files, shortcut files, or initialization files), the computing device stores a copy of the file in the cache before the file is modified. Thus, a previous version of the file is stored in cache immediately before the system writes to the file. As should be appreciated, this version of the file includes pre-modification data, as well as user data (e.g., user defined settings)).  
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Barkovic and Lam references and include a method for file recovery and operating system remediation, as disclosed by ANIM.
	The motivation to include a method for the file recovery and operating system remediation is to be able to automatically create a recovery point before the file is modified by the system (See ANIM: [0042]).
Regarding claim 9, the combination of Barkovic, Lam and ANIM discloses:
The system of claim 8, wherein the ignore switch includes an accepted non-compliance switch indicating a non-compliant state is acceptable despite a determination that a current setting of a non-compliant one of the out-of-compliance ones of the controls does not match the compliance value for the corresponding control listed in the loaded content (Barkovic: [0123] FIG. 35 is a flowchart, illustrating a process 3500 for defining compliance status and risk, in accordance with an embodiment. The process 3500 begins by determining if the controls indicate non-compliance (decision block 3502)
Regarding claim 10, the combination of Barkovic, Lam and ANIM discloses:
The system of claim 8, wherein the program code of the compliance module that when executed by the at least one processor further causes the at least one computer to generate a report based upon the captured information for each control in the subset of out-of- compliance ones of the controls (Barkovic: [0106] FIG. 19 is a flowchart, illustrating a process 1900 for identifying/reporting a compliance status and risk, using SCA source integrations 132 and/or authoritative source integrations 134, in accordance with an embodiment).
Regarding claim 13, the combination of Barkovic, Lam and ANIM discloses:
A computer program product for processing content in a computing environment, the computer program product comprising: a non-transitory computer readable storage medium having computer readable program code embodied therewith that when executed by a processor of a computer causes the computer to:	
receive a remediation request for the computing environment ([0102] Further, because the CI 110 information, remediation, etc. are already associated with the test results, the change request may auto-populate the system and action for the change request; [0104] Once a decision is made, enterprises must orchestrate and automate the appropriate remediation and risk treatment actions across business and IT processes; [0105] FIG. 18 is a flowchart, illustrating a cyclical GRC process 1800, in accordance with an embodiment. The GRC process 1800 begins by assessing the compliance posture (block 1802). Next, the non-compliance risk is assessed (block 1804). Issues are then analyzed and prioritized for remediation (blocks 1806 and 1808). The issues are then remediated; [0113] A second widget 2706 may provide an indication of compliant and non-compliant controls for each of the policy statements. Here, all of the controls associated with the policy statements are non-compliant, which indicates that remediation is needed); 
respond to the request by loading both compliance content (See FIG. 1; i.e. compliance data from SCA sources 132) referencing one or more controls (See FIG. 1; i.e. configuration items (CI) 110) in the computing environment and also remediation content (See FIG. 1; i.e. configuration recommendations from Auth Sources 134 for CI 110 security) (See Para [0059] the SCA sources 132 may provide scanning services that scan the CIs 110 for configuration data/settings. The configuration data/settings may be used to assess vulnerabilities of the CIs 110 and/or may provide an indication of suggested remedial measures to decrease these vulnerabilities. Data may be retrieved from the SCA source integrations 132 via one or more application programming interfaces (APIs); [0060] Additionally, authoritative source provider integrations 134 may provide electronic records indicative of certain configuration compliance requirements/recommendations [which is interpreted as loading remediation content], 
the compliance content comprising, for each control referenced (See [0060]; i.e. authoritative source provider integrations 134 may provide electronic records indicative of certain configuration compliance requirements/recommendations), one or more compliance values (See [0060]; i.e. such as NIST password criteria) each defining a current setting of a control in the computing environment for which the control is compliant with a policy (See FIG. 4; i.e. policies 402) enacted on the computing environment ((i.e. authoritative source such as NIST/FISMA; para [0060]; Certain authoritative entities may release configuration recommendations for CI 110 security, which may be transposed into an electronic format, which is received by the platform 104; [0061] NIST and MST 800-53 are just one example of an authoritative source and its security recommendations. Many other authoritative sources and their security recommendations are also available for integration into the platform 104. The authoritative source integrations 134 may receive an electronic indication of the security recommendations for certain security standards; [0072] The process 300 begins by retrieving CI 110 compliance data from SCA source integrations 132 (block 302); [0074] FIG. 4 is a block diagram illustrating a Secure Configuration Assessment (SCA) dashboard 400, in accordance with an embodiment. In the illustrated embodiment, a widget 402 illustrates a number of policies 402, a widget 404 provides a number of configuration tests, a widget 406 provides a number of hosts, and widget 408 provides a number of configuration test results. Policies, as used herein, refers to a set of configuration tests. Configuration tests, as used herein, refer to individual configuration characteristics that are scanned for certain CIs 110), 
the remediation content comprising, for each of the controls (See [0061] i.e. an authoritative source and its security recommendations) in the compliance content (FIG. 3; [0060] Certain authoritative entities may release configuration recommendations for CI 110 security, which may be transposed into an electronic format, which is received by the platform 104; [0061] NIST and MST 800-53 are just one example of an authoritative source and its security recommendations. Many other authoritative sources and their security recommendations are also available for integration into the platform 104. The authoritative source integrations 134 may receive an electronic indication of the security recommendations for certain security standards; [0072] The process 300 begins by retrieving CI 110 compliance data from SCA source integrations 132 (block 302); [0074] Configuration tests, as used herein, refer to individual configuration characteristics that are scanned for certain CIs 110. For example, one configuration test may be a particular configuration setting for a password expiration requirement, password complexity requirement, etc. Hosts, as used herein, relates to CIs 110 that the configuration tests apply to (e.g., the CIs 110 that are scanned)),
both a remediation value defining a new setting of the control in the computing environment for which the current setting of the control is changed to (FIG. 27; [0116] As mentioned above, non-compliance and/or issue reporting via the widgets 2701, 2706, 2708, 2716, and 2718 may indicate that remedial measures should be taken. Accordingly, operations personnel may perform remedial measures (e.g., adjusting the password complexity requirements on the non-compliant CIs 110)), and 
also an ignore switch (See FIG. 29; i.e. policy exceptions) indicating whether the current setting of the control is ignored ([0118] FIG. 29 is an illustration of the Policy Exceptions tab 2900 of the GUI 2200 of FIG. 22, illustrating implementation of a policy exception for a policy statement … the short description indicates that an exception for the non-compliant CI 110 is needed, because it has an obsolete OS (e.g., that does not support complex passwords). The justification 3020 indicates that this remediation effort will take some time and, thus, an exception duration is needed); 
scan the computing environment to determine all controls in the computing environment and also to capture information including a current setting for each control ([0059] the SCA sources 132 may provide scanning services that scan the CIs 110 for configuration data/settings. The configuration data/settings may be used to assess vulnerabilities of the CIs 110 … the SCA source integrations 132 may scan the CIs 110 for configuration information, such as password requirements (e.g., age, complexity, etc.) and provide an indication of these settings to the platform 104);
remediate each of the out-of-compliance ones of the controls (See [0086] i.e. non-compliant values received from the scanner that are not in the set of expected values) in the filtered subset with the remediation value set forth in the compliance content ([0086] the remediation tab 720 may provide a detailed list of remediation steps broken down by the different technologies. For example, the description 717 provides descriptions for Debian GNU/Linux 7.x, Debian GNU/Linux 8.x, and HPUX 11. The expected values tab 718 may provide values that are expected when systems with these technologies are scanned. Further, the remediation tab may provide a list of remediation steps for these technologies, when the configuration test results indicate non-compliance (e.g., when the scanner receives values that are not in the set of expected values); [0105] FIG. 18 is a flowchart, illustrating a cyclical GRC process 1800, in accordance with an embodiment. The GRC process 1800 begins by assessing the compliance posture (block 1802). Next, the non-compliance risk is assessed (block 1804). Issues are then analyzed and prioritized for remediation (blocks 1806 and 1808). The issues are then remediated and compliance is validated (blocks 1810 and 1812)).
Barkovic fails to disclose: 3Application No. 15/854,992 Filed: December 27, 2017

However, Lam discloses:
determine a subset of out-of-compliance ones of the controls from all of the controls, and filtering the subset of the out-of-compliance ones of the controls to only those of the out of compliance ones of the controls having in the compliance content both the ignore switch indicating that an out of compliance state is not to be ignored [i.e. when the compliance level is below threshold, the act of remediation cannot be overlooked and remediation step must take place for the device in order to stay compliant], and also a corresponding remediation value ((Lam: See FIG. 2; Step 240 “Trigger or Attempt Remediation”; [0041] It is appreciated that the actions taken for devices having a compliance level greater than the first threshold may be more informational and less restrictive or less remedial in nature while informational actions and actions of a more restrictive or remedial nature (e.g., limited network access) may be taken for devices with a compliance level less than the first threshold. Informational actions and actions with an increased restrictive or remedial nature (e.g., denying network access) may be taken for the devices that have compliance levels below the second threshold; [0042] If the compliance level is not above the first threshold, block 240 is performed; [0048] At block 240, remediation actions are triggered or attempted. The actions may include the actions described herein (e.g., described with respect to block 224). In some embodiments, the device that has a compliance level below the first and second thresholds is not granted network access or relatively restricted network access. Block 242 may be performed after one or more attempts at remediation have been performed; [0049] At block 242, network access is restricted)).
It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the reference of Barkovic and include automated compliance scanning device, as disclosed by Lam.
The motivation to include automated compliance scanning and monitoring device is to scan and remediate end user devices to ensure compliance is maintained based on different levels of thresholds (See Lam: [0042-0044]).
The combination of Barkovic and Lam discloses out-of-compliance values and remediation values (See Barkovic [0086]).
The combination of Barkovic and Lam fails to disclose:
	create a synchronous rollback file and moving current state information into the rollback file along with corresponding remediation values.  
However, ANIM discloses:
See FIG. 3; i.e. create a restore copy of one or more files that is about to be changed) and moving current state information (See FIG. 3; i.e. file modification information before the file modified) into the rollback file along with corresponding remediation values ([0044] In particular, at 302, the computing device, which includes at least one processor and a system cache (e.g., the cache 202 shown in FIG. 2) is configured to store file modification information and intercept I/O requests to write to one or more files. For example, if a file to be written to is on a malware protect list (e.g., configuration files, browser setting files, executable files, shortcut files, or initialization files), the computing device stores a copy of the file in the cache before the file is modified. Thus, a previous version of the file is stored in cache immediately before the system writes to the file. As should be appreciated, this version of the file includes pre-modification data, as well as user data (e.g., user defined settings)).  
	It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Barkovic and Lam references and include a method for file recovery and operating system remediation, as disclosed by ANIM.
	The motivation to include a method for the file recovery and operating system remediation is to be able to automatically create a recovery point before the file is modified by the system (See ANIM: [0042]).
Regarding claim 14, the combination of Barkovic, Lam and ANIM discloses:
The computer program product of claim 13, wherein the ignore switch includes an accepted non-compliance switch indicating a non-compliant state is acceptable despite a determination Barkovic: [0123] FIG. 35 is a flowchart, illustrating a process 3500 for defining compliance status and risk, in accordance with an embodiment. The process 3500 begins by determining if the controls indicate non-compliance (decision block 3502)).
Regarding claim 15, the combination of Barkovic, Lam and ANIM discloses:
The computer program product of claim 13, wherein the computer readable program code embodied therewith that when executed by the processor of the computer further causes the computer to generate a report based upon the captured information for each control in the subset of out-of-compliance ones of the controls (Barkovic: [0106] FIG. 19 is a flowchart, illustrating a process 1900 for identifying/reporting a compliance status and risk, using SCA source integrations 132 and/or authoritative source integrations 134, in accordance with an embodiment).
Regarding claim 16, the combination of Barkovic, Lam and ANIM discloses:
The computer program product of claim 13, wherein determining the subset of out-of-compliance ones of the controls from all controls comprises determining whether each control in the subset of out-of-compliance ones of the controls is out of compliance by comparing the current setting of one of the all controls with the compliance value corresponding to the one of the all controls in the loaded content and on condition that the current setting and the compliance value do not match, determining that the one control is out of compliance (Barkovic: FIG. 19; [110] Returning to process, 1900, using the mapped CI compliance data and policy data, policy compliance status may be determined (block 1908). FIG, 25 is an illustration of the Controls tab 2500 of the GUI of FIG. 22, illustrating the compliance status of controls (e.g., the compliance status 2502), which is determined by the configuration test results from the scanner (e.g. the CI compliance data from the SCA source integrations 132), in accordance with an embodiment. As illustrated, for the particularly selected policy statement, each of the four controls indicates non-compliance).
Regarding claim 17, the combination of Barkovic, Lam and ANIM discloses:
The computer program product of claim 13, wherein determining the subset of out-of-compliance ones of the controls from all controls comprises determining that the out of compliance state is not to be ignored further comprises parsing the loaded content and determining that a corresponding ignore switch indicating the out of compliance state is not be ignored is present (Barkovic: [0110] Returning to process, 1900, using the mapped CI compliance data and policy data, policy compliance status may be determined (block 1908). FIG, 25 is an illustration of the Controls tab 2500 of the GUI of FIG. 22, illustrating the compliance status of controls (e.g., the compliance status 2502), which is determined by the configuration test results from the scanner (e.g. the CI compliance data from the SCA source integrations 132), in accordance with an embodiment. As illustrated, for the particularly selected policy statement, each of the four controls indicates non-compliance).


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/S.M.A./Patent Examiner, Art Unit 2432                                                                                                                                                                                                        
/SYED A ZAIDI/Primary Examiner, Art Unit 2432