Detailed Action:
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims:
Claims 1, 2, 6, 8, 9, 10, 11, 13, 15, and 17-19 are amended.
Claim 4 is canceled.
Claim 21 is added.

Response to Remarks:

Regarding 101:
Amended Claims Examined
The Applicant argues that the claim limitations, as amended, overcome the rejection of 101. However, as shown below through a new examination, the Examiner has maintained the rejection. 
Signal Per Se:
The Applicant asserts that per the Specification, the claims do not encompass signal per se.  The Examiner has maintained the rejection since the Specification is silent to non-transitory computer readable storage medium as proper interpretation of the claims. 

Regarding 103:
The Applicant argues that the claim limitations, as amended, over the rejection of 103.  However, as shown below through a new examination and at certain claims, new rejections, the Examiner has maintained the rejection. 
 


Claim Rejections - 35 USC § 101:
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-3 and 5-21 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. Claims 1-3 and 5-21 are directed to a judicial exception (i.e., a law of nature, natural phenomenon, or abstract idea) without significantly more. Claim 1, 9, and 15 are directed to the abstract idea of a mental process.
 

Part I.  2A-prong one (Identify the Abstract Ideas)
The Alice framework, step 2A-Prong One (part 1 of Mayo test), here, the claims are analyzed to determine if the claims are directed to a judicial exception. MPEP §2106.04(a). In determining, whether the claims are directed to a judicial exception, the claims are analyzed to evaluate whether the claims recite a judicial exception (Prong One of Step 2A), and whether the claims recite additional elements that integrate the judicial exception into a practical application (Prong Two of Step 2A). See 2019 Revised Patent Subject Matter Eligibility Guidance (“PEG” 2019 Revised Patent Subject Matter Eligibility Guidance, 84 Fed. Reg. 50-57 (Jan. 7, 2019)).

Independent claims 1, 9, and 15 when “taken as a whole,” are directed to the abstract idea of a mental process. 

Under step 2A-Prong One (part 1 of Mayo test), here, the claimed invention in claims 1, 9, and 15 are directed to non-statutory subject matter because the claim(s) as a whole, considering all claim elements both individually and in combination, do not amount to significantly more than an abstract idea.  The above claim falls within a mental process and thus, the claims are directed to an abstract idea under the first prong of Step 2A.)

Part II.  2A-prong two (additional elements that integrate the judicial exception into a practical application) 
Under step 2A-Prong two (part 1 of Mayo test), this judicial exception is not integrated into a practical application under the second prong of Step 2A. In particular, the claims recite the additional elements beyond the recited abstract idea.  Such as, “…computing device…workload node…computer readable storage media…processor…computer readable memory…cloud network…software platforms…”

The courts have recognized the following computer functions as well‐understood, routine, and conventional functions when they are claimed in a merely generic manner (e.g., at a high level of generality) as well-understood, routine, conventional. (MPEP 2106.05(d))

Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claims are directed to an abstract idea with no significantly more elements.

As a result, Examiner asserts that claims 2-8, 10-14, and 16-20 are similarly directed to the abstract idea.  Since these claims are directed to an abstract idea, the Office must determine whether the remaining limitations “do significantly more” than describe the abstract idea. 

Part III.  Determine whether any Element, or Combination, Amounts to“Significantly More” than the Abstract Idea itself
The Alice framework, we turn to step 2B (Part 2 of Mayo) to determine if the claim is sufficient to ensure that the claim amounts to “significantly more" than the abstract idea itself. These additional elements recite conventional computer components and conventional functions of:

Claims 1, 9, and 15 do not include any limitations amounting to significantly more than the abstract idea, alone. Claims 1, 9, and 15 do include various elements that are not directed to the “…computing device…workload node…computer readable storage media…processor…computer readable memory…cloud network…software platforms…” these amounts to generic computing elements performing generic computing functions and a high level of generality.

In addition, Fig. 1-2 of the Applicant’s specifications detail any combination of a generic computer system program to perform the system.  Generically recited computer elements do not add a meaningful limitation to the abstract idea because the Alice decision noted that generic structures that merely apply abstract ideas are not significantly more than the abstract ideas.

The dependent claims further limit the abstract idea without adding significantly more.  Accordingly, the Examiner concludes that there are no meaningful limitations in the claims that transform the judicial exception into a patent eligible application such that the claim amounts to significantly more than the judicial exception itself.

Further, Examiner notes that the additional limitations, when considered as an ordered combination, add nothing that is not already present when looking at the additional elements individually.

Claims 2-8, 10-14, and 16-20 are rejected as ineligible subject matter under 35 U.S.C. 101 based on a rationale similar to independent claims 1, 9, and 15.

Claim 9-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claim is to a computer storage medium.  Where the specification provides support for the claimed element in paragraphs 51-53.  The Subject Matter Eligibility of Computer Readable Media memorandum (01/26/2010) states “The broadest reasonable interpretation of a claim drawn to a computer readable medium . . . typically covers forms of non-transitory tangible media and transitory propagating signal per se . . . particularly when the specification is silent”, also see MPEP 2106.03(I).  It is suggested that Applicant add “non-transitory” to the claimed limitation to overcome the rejection. 



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 6, 10, 13, 15-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Gill et al. (US Pub. No. 20150281287) (hereinafter, Gill) in view of Jayanti et al. (US Pub. No. 20160088021) (hereinafter, Jayanti).

As per claim 1,
Gill teaches, 
A method, comprising:
Accessing, by a computing device, a compliance profile, wherein the compliance profile includes compliance data regarding rules for an enterprise;
(Paragraph 105, noting “…In the embodiment, common services platform 604 contains a risk engine 622, a policy and rules engine…”)

Accessing, by the computing device, a remediation profile, wherein the remediation profile includes remediation data regarding remediation actions that address non-compliance with one or more of the rules;
(Paragraph 105 noting, “…remedial action scripts 630…”) 

utilizing metadata in the compliance profile to map software platforms, services and rules in the compliance data to matching software platforms, services, and rules in remediation data in the remediation profile;
(Paragraph 132-133 noting “…Built-in repository of common controls to support multiple regulations and frameworks. Controls mapped to risks and vulnerabilities to prioritize and help in risk mitigation…” ; see also, paragraph 484)

Receiving, by the computing device, real-time non-compliance event data from one of a plurality of remote workload nodes…wherein real-time non-compliance event data is associated with an event at the one of the pluralities of remote workload nodes where an action was non-compliant with one or more of the rules;
(Paragraph 127-128, noting on 128 “…his module provides the inside view of what exactly is happening at the site where the risk is detected. In an embodiment, such subsystem is actively used in the subsystem, Alert Action, which may be specifically designed for drilling down the location where risk is reported…”; paragraph 94, noting “…Real-time monitoring and correlation of IT and physical access events for timely detection, alerting and response to security violations…”

Gill does not explicitly teach; however, Jayanti does teach,
… in communication with the computing device in a cloud network…
(paragraph 174, noting “…cloud infrastructure system…”)
Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement.  Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system.  Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to incorporate the 

Extracting, by the computing device, information from the non-compliance event data including information identifying the one of the pluralities of remote workload nodes associated with the event and a cause of the event;
(Paragraphs 127-128 with paragraph 370, noting on 127-128 the above notations and further noting on 370, “…root because analysis can be performed for highlighted risk…”) 

Mapping, by the computing device, the one of the pluralities of workload nodes and the cause of the event to a remediation action based on the mapped data to determine the remediation action for the event
(Paragraph 484 wherein the geospatial  information is functioning as the workload node )


Gill does not teach; however, Jayanti does teach,
Invoking, by the computing device, automatic performance of the remediation action at the one of a plurality of remote workload nodes based on the determined remediation action, wherein the invoking the performance of the remediation action is performed iteratively for different remediation actions until the computing device receives an indication that compliance with the one or more of the rules has been met at the one of the pluralities of remote workload nodes. 
(Paragraph 34 and 35, noting “…A device access management system may be implemented to automate remediation of non-compliances of remote devices accessing an enterprise system…”)

Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement.  Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of 

As per claim 15,
Claim 15 discloses similar limitations to claim 1, but in a system form.  Gill discloses the prior art invention in a system form. Therefore, claim 15 is rejected under similar rationale as claim 1.

As per claim 2,
Gill teaches,
the method of claim 1, wherein the generating the mapped data comprises creating relationships between the remediation actions in the remediation profile and software platforms, computing systems, and software applications associated with the rules in the compliance profile
(paragraphs 162-163, Examiner noting: paragraph 162 disclosing how the remediation and alert enterprise system are intertwined and paragraph 163 teaching how the alert enterprise system has relationships with software platforms, software applications, and computing systems).

As per claim 10,
Claim 10 teaches similar limitations to claim 2, however, in a computer program product form.  Gill teaches the prior art in a computer program product form.  Therefore, claim 10 is rejected under similar limitations as claim 2.

As per claim 17,
Claim 17 discloses similar limitation as claim 2, however, in a system form.  Gill discloses the prior art invention in a system form.  Therefore, claim 17 is rejected under similar rationale as claim 2.


As per claim 6,
Gill teaches,

Parsing the non-compliance event data using natural language processing, thereby generated parsed data; extracting the one of a plurality of  workload nodes associated with the event from the parsed data; 
And extracting the cause of the non-compliance from the parsed data.
(Paragraph 197, noting “…An embodiment provides a three-tier architecture, which may be based on JAVA technology…”)

As per claim 13,
Claim 13 teaches similar limitations as claim 6, however in a computer program product.  Gill teaches the prior art in computer program product. Therefore, claim 13 is rejected under similar rationale as claim 6.   

As per claim 19,
Claim 19 teaches similar limitations as claim 6, however, in a system form. Gill teaches the prior art in a system form. Therefore, claim 19 is rejected under similar rationale as claim 19.





Claims 8 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Gill in view of Jayanti as applied to claim 1 above, and further in view of Lee et al. (US Pub. No. 2015/0128250) (hereinafter, Lee)

As per claim 8,
Gill does not teach; however, Jayanti does teach,
The method of claim 1, wherein the computing device includes software provided as a service in a cloud environment… 


Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement.  Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system.  Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to incorporate the teachings of Jayanti within the invention of Gill with the motivation of efficiently addressing remediation at workload nodes. 
Gill/Jayanti do not explicitly teach; however, Lee does teach,
… and wherein the computing device retrieves the real-time non-compliance event data from the one of a plurality of remote workload nodes via a secure shell (SSH) network protocol.
(paragraphs 62-63)

Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement.  Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. Lee teaches enhancing security and safety of an embedded system by monitoring and blocking unauthorized execution of a shell command in the embedded system. Therefore, it would have been obvious to one of 

As per claim 21,
Gill/Jayanti do not teach; however, Lee teaches,
the method of claim 1, wherein the one of the pluralities of remote workload nodes is a web server, wherein the cause of event is a password problem.


Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement.  Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. Lee teaches enhancing security and safety of an embedded system by monitoring and blocking unauthorized execution of a shell command in the embedded system. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to incorporate the teachings of Lee within the invention of Gill/Jayanti with the motivation of  guaranteeing safety of an embedded system through the access control of commands provided by a shell. 


9 is rejected under 35 U.S.C. 103 as being unpatentable over Gill in view of Jayanti as applied to claim 1 above, and further in view of Nguyen (US Pub. No. 20100082803) (hereinafter, Nguyen).

As per claim 9,
Claim 9 discloses similar limitations to claim 1, however, in a computer program product and in addition to the limitation of:
Receive a status notification indicating whether the remediation action successfully addressed the non-compliance

Nguyen teaches this limitation on 
(Paragraph 41, noting “…In block 415, the system generates a certificate (e.g., a statement of health) that indicates the health of the client system. The flexible compliance system may store the certificate to keep a historical log of compliance or for other purposes. The certificate may include attributes, such as a pass/fail value that indicates whether the flexible compliance system will allow the client system to access the network and an end time value that indicates the time the scan was completed (e.g., for distinguishing the current scan from subsequent scans)…”)

Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement.  Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. Nguyen teaches a deployable meta-agent and automated remediation of computer system compliance failures based on configurable compliance rules. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to incorporate the teachings of Nguyen within the invention of Gill/Jayanti with the motivation of efficiently addressing remediation at workload nodes. 



16 is rejected under 35 U.S.C. 103 as being unpatentable over Gill in view of Jayanti as applied to claim 15 above, and further in view of NPL Du. 

As per claim 16,
Gill/Jayanti do not teach, however, NPL Du does teach,
The system of claim 15, wherein the program instructions are further executable to: automatically generate the compliance profile and the remediation profile utilizing natural language processing of human-readable compliance documents; automatically update the compliance profile and the remediation profile based on updates to the human-readable compliance documents thereby generating an updated compliance profile and an updated remediation profile; and automatically update the mapped data by mapping compliance data in the updated compliance profile to remediation data in the updated remediation profile
(Section 4 (all))


Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement.  Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. Du teaches a data-driven approach for anomaly detection that leverages the large volumes of system logs.  Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to incorporate the teachings of Du within the invention of Gill/Jayanti with the motivation of automatically generating a learning model of log patterns from normal execution and tag deviations from normal system execution as anomalies.

3 is rejected under 35 U.S.C. 103 as being unpatentable over Gill in view of Jayanti as applied to claim 1 above, and further in view of DiMaggio et. Al.  (US Pub. No. 20170249644) (hereinafter, DiMaggio)

As per claim 3,
Gill/Jayanti do not teach; however, DiMaggio does teach, 
the method of claim 1, further comprising receiving, by the computing device, a status notification of non-compliance or compliance of the one or more of the rules subsequent to invoking the automatic performance of the determined remediation action.
(Paragraphs 61 and 62, wherein paragraph 61 teaching notification of compliance/non-compliance and paragraph 62 teaching the continual update of the notification after the remediation action)

Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement.  Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system.  DiMaggio teaches generating visual representations of data associated with client compliance plans and compliance remediation plans.  Therefore, it would have been obvious to one of ordinary skill in the art at the time of invention to incorporate the teachings of DiMaggio within the invention of Gill/Jayanti with the motivation of alerting the user to the status of the remediation plans.


s 5, 11-12, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Gill in view of Jayanti in further view of DiMaggio and in further view of Nguyen.

As per claim 5,
Gill/Jayanti/DiMaggio do not teach; however, Nguyen does teach,
the method of claim 3, further comprising saving, by the computing device, the non- compliance event data in a data store with the status notification, thereby generating an event tracking log.
(Paragraph 41, noting “…The flexible compliance system may store the certificate to keep a historical log of compliance or for other purposes. The certificate may include attributes, such as a pass/fail value that indicates whether the flexible compliance system will allow the client system to access...”)

Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement.  Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. DiMaggio teaches generating visual representations of data associated with client compliance plans and compliance remediation plans. Nguyen teaches a deployable meta-agent and automated remediation of computer system compliance failures based on configurable compliance rules.   Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to incorporate the teachings of Nguyen within the invention of Gill/Jayanti/DiMaggio with the motivation of efficiently addressing remediation at workload nodes. 

As per claim 12,
Claim 12 discloses similar limitations to claim 5, however, in a computer product form.  Gill teaches the prior art in such a limitation. Therefore, claim 5 is rejected under similar rationale. 


Gill/Jayanti do not teach; however, DiMaggio does teach, 
The computer program product of claim 9, wherein the program instructions are further executable to invoke automatic performance of a subsequent remediation action at the one of the pluralities of remote workload nodes based on the status notification to address the non-compliance, wherein the invoking the performance of the remediation action is performed iteratively…
(Paragraph 62, noting “... visual depiction... compliance data, remediation data, etc.) which can be continuously updated and changed in a dynamic manner. Thus, the visualizations of the data points are dynamic and can accommodate the incorporation of updates and changes in status of the items...”)

Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement.  Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. DiMaggio teaches generating visual representations of data associated with client compliance plans and compliance remediation plans. Nguyen teaches a deployable meta-agent and automated remediation of computer system compliance failures based on configurable compliance rules.   Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to incorporate the teachings of Nguyen within the invention of Gill/Jayanti/DiMaggio with the motivation of efficiently addressing remediation at workload nodes. 

Gill/Jayanti/DiMaggio do not teach; however, Nguyen does teach,

((paragraph 41, noting “...In block 415, the system generates a certificate (e.g., a statement of health) that indicates the health of the client system. The flexible compliance system may store the certificate to keep a historical log of compliance or for other purposes. The certificate may include attributes, such as a pass/fail value that indicates whether the flexible compliance system will allow the client system to access the network and an end time value that indicates the time the scan was completed (e.g., for distinguishing the current scan from subsequent scans).”) 

Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement. Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. DiMaggio teaches generating visual representations of data associated with client compliance plans and compliance remediation plans. Nguyen teaches a deployable meta-agent and automated remediation of computer system compliance failures based on configurable compliance rules. Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to incorporate the teachings of Nguyen within the invention of Gill/Jayanti/DiMaggio with the motivation of efficiently addressing remediation at workload nodes.

As per claim 18,
Claim 18 teaches similar limitations to claim 11, however, in a system form. Gill teaches the prior art in such a form. Therefore, claim 18 is rejected under similar rational as claim 11.

s 7, 14, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Gill in view of Jayanti in further view of DiMaggio and in further view of Carpenter et al. (US Pub. No. 20070101432) (hereinafter, Carpenter).


As per claim 7, 
Gill/Jayanti/DiMaggio do not teach; however, Carpenter does teach,
the method of claim 1, further comprising storing, by the computing device, the non- compliance event data for the event in a queue with other non-compliance event data from other events, 
(paragraph 33, noting “…On a day-to-day basis, administrators may want to simply be notified of machines that do not meet security requirements on their network, but in times of high risk, it may be desirable to completely isolate these same machines from the rest of the network to limit the exposure to identified threats…”)
Wherein the event and the other events are prioritized based on predetermined rules, and wherein the extracting the information is performed according to the prioritization of the events in the queue
(Paragraphs 37-53 discussing/teaching how the risk levels are associated with specific non-compliance events and the remediation is done according to a prioritization of remediation rules)

Gill teaches techniques addressing blended risk assessment and security across logical systems, IT applications, databases, physical systems, and operational technology systems in the context of threat and fraud detection, risk analysis and remediation, active policy enforcement and continuous monitoring. Further, techniques provide out of the box workflow rules that give the ability to add, modify, or delete the applicability parameters for policy enforcement.  Jayanti teaches managing compliance of remote devices that access an enterprise system. More particularly, techniques are disclosed for using a compliance policy to manage remediation of non-compliances of remote devices that access an enterprise system. DiMaggio teaches generating visual representations of data associated with client compliance plans and compliance remediation plans.  Carpenter teaches a dynamic, user-tailorable, actions to detect network compliance and/or to remediate via manual and/or automatic means to bring the network into compliance given the risk level. The risk levels can be based on a combination of business, 



As per claim 14,
Claim 14 discloses similar limitations to claim 7, however, in a computer product form.  Gill teaches the prior art in a computer product form.  Therefore, claim 14 is rejected under similar rationale as claim 7.

As per claim 20,
Claim 20 discloses similar limitation to claim 7, however, in a system form.  Gill teaches the prior art in a system form. Therefore, claim 20 is rejected under similar rationale as claim 7.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZAHRA ELKASSABGI whose telephone number is (571)270-7943. The examiner can normally be reached Monday through Friday 11:30 to 8:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rob Wu can be reached on 571.272.6045. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

ZAHRA . ELKASSABGI

Art Unit 3623



/HAFIZ A KASSIM/            Primary Examiner, Art Unit 3623